[simonw]

You log the IP address, referrer, user agent and the requested page URL but you don't set a unique cookie to identify the user.

This still gets you plenty of actionable analytics information: where geographically people are located (via GeoIP), what pages are most popular, what platforms (including desktop vs mobile) people are using.

I've been using https://plausible.io for analytics on a bunch of my sites for a couple of years now and I honestly don't miss the extra level of detail I got from cookie-based analytics I've used in the past.

[jacobsimon]

Let’s say I want to know the conversion rate of my payment page. I need to know how many unique visitors viewed a page, and how many of them went on to complete a payment. I’m pretty sure this is not possible without a unique identifier. And if you are using (ip address, user agent) as a proxy for such an identifier, is that any better or legal than using a cookie in the first place?

[IanCal]

You need to make sure you're happy with how you're using peoples data and that it falls within the legitimate interest justification (https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-re...) IP addresses can be considered personal data.

edit - make sure you've actively made this decision and documented the assessment.