Noyb win: First major fine (€ 1M) for using Google Analytics
noyb.euAnyone has a list of good alternatives for Google Analytics that don't break the law, but let me have some insights into who visits my websites?
umami, pirsch analytics both are open source so you can host yourselves or if you don't want to host you can use their services.If you don't want to break the law than "who" is not an option unless you explicitly take permission from the user. All you can have is anonymized data.
I’m using plausible.io for my customers in Europe. I wish there were more options available but GDPR is very limiting.
I am trying to build some good ones, check my profile here on HN.
We use Matomo
Matamo is a great option. Beware that - depending on mode - a cookie notice is still required even if everything is first-party only.
Good. But I fear this will have the opposite effect, with sites adding obfuscated self-hosted APIs (that eventually still pump data back to Google and elsewhere), but now almost impossible for ad-blocking to catch (and definitely not as simple as DNS blocking the whole *.google-analytics.com).
...until someone investigates deep enough and discovers that. Remember that under the GDPR the site has an obligation to tell you who they send the data to and for which purposes. So they would be breaking the law two-fold, hiding the truth and processing your data non-consensually. That would be a death sentence in court, since it proves malicious intent to bypass the law.
Most companies hope to sit it out non-compliantly until the law changes, and seek protection in numbers.
Given the strange situation of repeated, failed attempts at making a cross Atlantic agreement, I wonder how GDPR ever became law.
You don't need an Atlantic agreement to enforce GDPR in Europe, at least not for multinational corporations.
The failed agreements are meant to make it possible to legally use certain SaaS in the EU, at all. That such agreements seem to be impossible under current law, despite being attempted to create by parts of government, is the interesting part. EU governance is very non-homogeneous even w.r.t. desired results.
You can't legalise a U.S surveilance program in the E.U regardless of how you wrap it. I think that's what the ECJ ruling is about.