[ponyous]

Got a relevant question myself:

What bothers me the most for solo founders with GDPR is that you can't analyse individual user journeys without some kind of consent. I don't care who you are, but I care how you use my product so I can improve it. Aggregated / backend analytics will give me only the most basic insights.

Am I right in that? Is it possible to work around that? I don't track to sell or analyse personal data. I just want to understand how you use my product better.

Even with self hosted stuff you need a consent for tracking if I understand it correctly.

[shafyy]

If you track Personally Identifable Information, such as IP addresses or emails, yes. If you track completely anonymously, then no. Of course, this limits what kind of anylses you can do (e.g. cohort-based analyses will be impossible). But I would also wager that you don't really need that, especially if you're a small startup. You can have a look at my open-source, self-hostable Mixpanel alternative if you are interested: https://github.com/shafy/fugu

[martin_a]

IANAL, but I think you can work around this by running Matomo locally and activate the options to anonymize/scramble IPs directly at the beginning.

If you don't use IP addresses or can't come back from a user profile to an IP address, you should be fine with tracking the user journey. But be careful with tracking actions like "placed an order" and linking to that order then. That link would create an option to identify a specific user and could therefore be a problem.

[Nextgrid]

Anonymizing IP addresses wouldn't do anything it you still collect other data that is unique enough, such as a browser user agent or session ID. The whole thing you're trying to do requires a persistent identifier (to track the user across their browsing session) and since analytics is not functionally-necessary, it will require consent.

The only analytics you can do without consent is effectively a stateless hit counter that increases on every operation. For a lot of features, it's more than enough and saves you from all these headaches.

[lmkg]

You need consent to read or write data from the user's computer except that which is strictly necessary for providing the service provided. This torpedoes analytics which identify users by setting their own pseudonymous identifier.

There's a bit more leeway to take data you already need to use for your service, and using it for a secondary purpose like analytics. So things like analyzing logs, including making use of a user identifier which you had to collect and process for other reasons. There are still restrictions, but much less severe than "strict consent." You can use "Legitimate Interest," legitimately.

Note that reading cookies is covered by the ePrivacy Directive, while processing personal data is covered by GDPR (reading cookies with personal data is covered by both). This is the source of many issues. In this case, it means collection is severely restricted (ePD) but use afterwards is less-restricted (GDPR).

[WhyNotHugo]

What you're asking can't be done without tracking an individual in some way.

Imagine you have a physical store, and want to track which clients come back, what products they look at, and in which aisles they stop.

You could take their photo to recognise them when they come back, that's obviously not privacy-respecting at all.

What Google Analytics does is given them a badge with a unique id the first time they walk in, and expect that person to show that unique id on each subsequent visit. And also expect them to show that same badge on every other store (website) they visit. Even in places where they're registered (e.g.: GMail). It's inevitable that by tracking users like that you can eventually tie it to their real life identity, and also produce a really detailed record of all their activities.

This idea has become pretty common somehow: "I just want to see a single user's journey and don't care about who they are". But imagine how you'd do that on a physical store (including with clients that walk out and in again), and if there's ANY way that it wouldn't be super creepy to customers.

[r_hoods_ghost]

So ask your users for consent. It really is that simple.

[legitster]

A lot of the GDPR tracking stuff is only applicable for anonymous users. Once someone creates an account and accepts the ToS, it's a different relationship. Tracking is fine, GDPR becomes more concerned with data safety.

This is why freemium products are so important. In this future, your marketing should be a sledgehammer with one focus - get people to create accounts. Once people have accounts, then you can do all sorts of analysis to find your product's value prop/customer journey mapping/etc.

[Nextgrid]

Sorry but I don't see how ToS can override GDPR?

GDPR suggests that you can't make non-essential data processing a requirement for using the service, so it seems to me that ToS that force you to accept tracking would still not be compliant.