[input_sh]

GDPR is about collecting personally identifiable information, which is distinct from aggregate data that you can't trace back to the individua. Recital 26:

> The principles of data protection should therefore not apply to anonymous information, namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable.

So details definitely matter. Some self-hosted analytics do this by getting rid of the last octet of the IP address, though I doubt that's been tested in courts.

[anonzzzies]

If you can figure how many unique visitors your have, you have a problem. That must somehow fingerprint you.

[input_sh]

I posted a quotation straight from the recital of the GDPR that says anonymised data does not matter. I even gave a reference that you can look up. The recital even ends with this:

> This Regulation does not therefore concern the processing of such anonymous information, including for statistical or research purposes.

There is no ambiguity here, aggregate data is completely fine as long as I can't trace it back to you with a reasonable amount of effort.

[anonzzzies]

A DPO would disagree with you depending on the circumstance; if you know a user is unique then you have a fingerprint; if you keep that fingerprint forever, when the user comes back to the site, it's trivial to know it is that user.

[tonyhart7]

Anonim jwt guest literally did this same thing noo??? I mean if you just track anonim data

what I mean is you can track unique visitor of your app without privacy breach because you use anonim data