Phone icon +45 45 34 44 00
Book meeting

Documentation

16. Analytics Tools

Tools for measuring user behavior are used to collect information about visitors’ navigation on a website or mobile application. They make it possible to understand how users arrive at a site and how they move around. Since these tools often use cookies, they are generally subject to consent requirements – but with one exception. Note that this section concerns the ePrivacy Directive and may be subject to national variations. Contact your national data protection authority to clarify their specific rules.

  • In general, before placing or reading a cookie or a tracker, website or app providers must:

    • inform users about the purpose of the cookie;

    • obtain their consent;

    • give them an option to refuse use.

  • Unless the tracker falls precisely within the exception defined below, this requirement also applies to trackers used for user behavior analysis.

  • Under certain conditions, cookies for user behavior analysis may be exempt from the consent requirement.

  • These conditions are:

    • Users must be informed about the use of cookies;

    • They must have the opportunity to object to the use;

    • The tracker may only be used for the following purposes:

      • Measurement of user behavior;

      • A/B testing;

    • Data must not be cross-referenced with other processing activities (customer databases, statistics on visits to other websites, etc.);

    • The tracker must be limited to a single website or application provider;

    • The last byte of the IP address must be truncated;

    • The lifetime of trackers may be a maximum of 13 months.

  • If these conditions are met, a switch from an opt-in to an opt-out regime is possible.

  • It is also possible for a third party (data processor) to provide comparative analysis of user behavior to multiple publishers, provided that data is collected, processed, and stored separately for each publisher, and that tracker systems are independent of each other.

In Practice

  • Most major analytics tools do not meet the conditions for exemption, regardless of how they are configured.

  • If you wish to use this exception, you should contact your provider or use open source software like Matomo, which you can configure yourself.

Need a penetration test?

Contact us for a no-obligation conversation about your security needs.

Contact us