There’s a whole host of analytics tools for WordPress out there with a bewildering array of options to choose from. Google Analytics is the most popular platform for measuring your wesbite usage, and Facebook pixel is often connected as well if you Facebook for advertising – but both of these options have some major drawback with regards to privacy.
Google Analytics has been effectively declared illegal in the EU, and Facebook has similar issues, although it’s analytics function has now been withdrawn. I’m a developer not a lawyer so don’t quote me on the information below – it’s my best effort after a lot of research and reading the GDPR.
One of the major issues with Google Analytics is that the analytics data is sent from your website to Google as a third party (usually located in the US), which is where they fall foul of GDPR, before we even start to consider they access your anlaytics data and use it for their own purposes. Even loading resources from other domains, such as a CDN, can be problematic when it comes to GPDR, so even loading your client side analytics script should be done from your own domain. GDPR rules also mean that you need a signed agreement in place between any third party data processor.
Self hosting
Self-hosting your analytics software is one way to overcome some of these issues. It also means you are fully in control of all your data – which usually means that you have access to it long term, unlike some cloud based solutions which have varying lengths of data retention depending on the price you pay. Of course, there is the cost of your own server and time to maintain it as well to consider.
Full Featured Analytics
Although there are a number of analytics offerings that only collect anonymous data, such as plausible.io or umami.is, they only show basic analytics. The analytics solutions reviewed below are fully featured in that they have the option to track vistors and collect personally identifiable information (PII) in a GDPR compliant way. This is especially useful for WordPress if you would like to see analytics about your logged in users. Collecting PII usually requires consent from the user to be compliant with GDPR, and so some kind of popup (or ‘cookie banner’) needs to be used. I’ve described the details of how to setup both options for each of the solutions below.
1. Matomo
Matomo prides itself on being a “Google Analytics alternative that protects your data and your customers’ privacy”, and it has a full set of features to track all kinds of details, including visits, referrers and ecommerce aspects. It has a self hosted version that is open source and free, but there are also (paid for) plugins for additional features such as media, funnels, heatmap recording etc.
The interface design is a bit outdated and can feel a bit overwhelming, but you can customise it to show exactly what you want. If you install directly via the WordPress plugin, you can access the analytics straight from your dashboard without logging in to another site.
WordPress installation – EASY
Matomo have a WordPress plugin (https://wordpress.org/plugins/matomo/). Not only can you use this to connect to your self hosted analytics server, it can also run its own server right from your WordPress install, which I think makes it the best is terms of ease of installation and use.
Server installation – HARD – but you don’t even need it!
To run Matomo on a seperate server you’ll need to setup the server yourself and install a MySQL database etc, but full instructions are provided for installing Matomo itself. You’ll need to maintain the VPS yourself.
GDPR compliance setup – Anonymous – EASY; PII – OK
Matomo has been designed to be GDPR compliant, and they have some helpful resources (e. g. https://matomo.org/blog/2018/04/how-to-make-matomo-gdpr-compliant-in-12-steps/), however there is some configuration that you need to do, depending what data you are collecting:
- Personally Identifiable Information usually needs explicit consent from the user. Matomo provides a way to opt in and opt out of tracking, but you’ll need to install another plugin to manage the consent through a user popup (https://wordpress.org/plugins/complianz-gdpr/).
- Anonymous Information. You’ll need to change a few settings (full guide here), such as anonymising the IP address, adding an opt-out page, and disabling certain features. It’s just a few clicks in the Matomo dashboard, and you can run you analytics anonymously with no consent popup.
GDPR Data removal – EASY
Matomo provides a tool in the dashboard to allow you to delete any data about a specific user who has requested deletion under GDPR.
2. Countly
Countly is an enterpise level analytics platform that can can track data from mobile apps, desktop apps and IoT devices as well as websites. Like Matomo, it has a free self-hosted open source version which has a more limited feature set but still provides a lot of information. It has a good looking interface but also takes some time to learn all the possibilities. It’s used by some huge companies.
WordPress installation – EASY
You can install the Countly WordPress Plugin, and you can link this to your server with an app key and server URL (note: I wrote this plugin!)
Server installation – MEDIUM
To install a countly server read the full instructions – there is a one line installer but you’ll have to provision, setup and maintain the server yourself.
GDPR compliance setup – Anonymous – EASY; PII – EASY
With the Countly WordPress plugin, it’s easy to choose either anonymous tracking without a popup, or track PII with a user consent popup based on Osano cookie consent manager.
GDPR Data removal – EASY
Countly provides a ‘Compliance hub’ section which allows you to easily delete or export a user’s data as requested.
3. Offen
Offen is a newer and less well known analytics solution, but it has some excellent privacy features built in.
WordPress installation – OK
The main drawback is that there is no WordPress plugin so you’ll have to add the tracking code yourself. This is fairly easy to do in WordPress if you know what you are doing.
Server installation – FLEXIBLE
Offen describes itself as being lightweight, and can run on a basic single core VPS – or according to them as Raspberry Pi! It can be installed very easily using it’s 1-click installers for Heroku, but there are a number of steps if you want to install on a Ubuntu server. Full instructions are provided in any case. It can use MySQL as a database but by default uses SQLite which is easier to mangage for small websites.
GDPR compliance setup – Anonymous – NOT POSSIBLE ; PII – EASY
Offen integrates there own consent popup and will only track users who opt-in. This may be what you want, but there is no option to gather analytics anonymously, so you’ll likely be missing some datapoints.
GDPR Data removal – EASY
Offen has by far the best data removal option, as they provide ‘Auditorium’ a page on your site that allows the user to see what data you have about them, to opt-out and to delete all their data, without requiring any work on your part as the web host.
4.Others?
I couldn’t actually find any other self-hosted analytics solutions that could track PII whilst remaining GDPR compliant. There’s Open Web Analytics but it does not have any consent management or data removal options built in. If you know of any, please let me know!
Leave a Reply