Drücke „Enter”, um zum Inhalt zu springen.
Hinweis zu diesem Datenschutz-Blog:
Anscheinend verwenden Sie einen Werbeblocker wie uBlock Origin oder Ghostery, oder einen Browser, der bestimmte Dienste blockiert.
Leider wird dadurch auch der Dienst von VG Wort blockiert. Online-Autoren haben einen gesetzlichen Anspruch auf eine Vergütung, wenn ihre Beiträge oft genug aufgerufen wurden. Um dies zu messen, muss vom Autor ein Dienst der VG Wort eingebunden werden. Ohne diesen Dienst geht der gesetzliche Anspruch für den Autor verloren.

Ich wäre Ihnen sehr verbunden, wenn Sie sich bei der VG Wort darüber beschweren, dass deren Dienst anscheinend so ausgeprägt ist, dass er von manchen als blockierungswürdig eingestuft wird. Dies führt ggf. dazu, dass ich Beiträge kostenpflichtig gestalten muss.

Durch Klick auf folgenden Button wird eine Mailvorlage geladen, die Sie inhaltlich gerne anpassen und an die VG Wort abschicken können.

Nachricht an VG WortMailtext anzeigen

Betreff: Datenschutzprobleme mit dem VG Wort Dienst(METIS)
Guten Tag,

als Besucher des Datenschutz-Blogs Dr. DSGVO ist mir aufgefallen, dass der VG Wort Dienst durch datenschutzfreundliche Browser (Brave, Mullvad...) sowie Werbeblocker (uBlock, Ghostery...) blockiert wird.
Damit gehen dem Autor der Online-Texte Einnahmen verloren, die ihm aber gesetzlich zustehen.

Bitte beheben Sie dieses Problem!

Diese Nachricht wurde von mir persönlich abgeschickt und lediglich aus einer Vorlage generiert.
Wenn der Klick auf den Button keine Mail öffnet, schreiben Sie bitte eine Mail an info@vgwort.de und weisen darauf hin, dass der VG Wort Dienst von datenschutzfreundlichen Browser blockiert wird und dass Online Autoren daher die gesetzlich garantierten Einnahmen verloren gehen.
Vielen Dank,

Ihr Klaus Meffert - Dr. DSGVO Datenschutz-Blog.

PS: Wenn Sie meine Beiträge oder meinen Online Website-Check gut finden, freue ich mich auch über Ihre Spende.
Ausprobieren Online Webseiten-Check sofort das Ergebnis sehen

Analytics Tools: Recommendations for GDPR

0
Dr. DSGVO Newsletter detected: Extended functionality available
More articles · Website-Checks · Live Offline-AI

Google Analytics is the most popular analysis tool, but should no longer be used due to the GDPR. Sufficient alternative tools are available.

Analysis tools as an important instrument

Knowing one's clientele allows for their needs to be optimally met. A website can only be successful if one knows the market. This includes evaluating visitors and the pages they call up. Popular tools for this purpose are Google Analytics, Piwik, Webtrekk, and a handful of others. With Google Analytics, even the age structure of visitors and their probable income levels can be determined. This may seem incredible at first glance. However, the benefit for most website operators is questionable. Apart from that, data protection principles prohibit evaluating personal data without the user's consent. Many use analysis tools primarily to measure how often which page of the website what called up. Evaluating a click path, i.e., which pages were called up in sequence, no longer interests as many people as the number of page views.

Issues with Google Analytics

Google is known for its data-hoarding frenzy, which only seems to be matched by Facebook's. Google Analytics what even designed officially to collect data. This has been a problem so far, but it will become much more explosive with the introduction of the General Data Protection Regulation (GDPR). The reasons are: (Note: I translated "GDPR" as "GDPR", which is its English equivalent):

  • Google being a company headquartered outside the EU is, in itself, a critical factor to consider under the GDPR.
  • The data processing activities register under the GDPR requires the listing of data transfers to third countries, along with guarantees that EU data protection principles are adhered to
  • Google Analytics may only be used with anonymized IP addresses, because IP addresses are considered personal data ([1]) ([2])
  • A written and mutually signed contract with Google for data processing agreements must be in place
  • The privacy policy for analytics must be complete
  • Specifically, an opt-out option must be available, both for desktop PCs (via a browser plugin) and for smartphones (via an opt-out cookie)
  • Implementing the opt-out cookie requires technical expertise
  • More data is usually collected than is actually interesting
  • If the user is logged in with their Google Account, Google can directly identify the user

We strongly advise against using Google Analytics due to the GDPR and recommend using good alternatives instead. Using the competitor product Click may not be entirely critical, but it is also not recommended in the context of the GDPR. One reason not to use Clicky is that there is no imprint on their English website. On the website of the provider company, Roxr Software Ltd., there is no mention of a company address at all.

Recommended Analytics Tools

The best-suited analytics tools are those that run locally on your server. There are two categories of tools to distinguish: those with JavaScript libraries and those without any script integration. The former category includes, for example, the popular Piwik, while the latter category comprises WP Statistics for WordPress. Tools in the second category (without script integration) are the least critical. Nevertheless, libraries from the first category can also be recommended. We do not recommend tools that run on servers of third parties.

WP Statistics

Suitable for all websites based on the most popular Content Management System in the world, WordPress. In a separate article to WordPress Plugins, WP Statistics is presented in more detail. The plugin runs entirely locally on the server of the website. A script integration is not required. This ensures that no user data is transmitted directly from the browser to the statistics tool. With one click, you can also set up anonymization of IP addresses. If you want to play it safe, insert the following command in the file functions.php in WordPress (certain technical knowledge required):

Make WP Statistics invisible

Matomo (Piwik)

Also very popular, but usable for any type of website since it is based on a JavaScript code. The privacy policy must contain an Opt-Out possibility, which is not necessary with the previously presented tool.

Matomo (Piwik) is free and can be downloaded from the internet. You should use the locally installed version. The cloud version is at least somewhat questionable in terms of data protection. Furthermore, you have to clarify in which country the Piwik server is located and what guarantees the provider of Piwik offers for data protection. To say it beforehand: Whoever cannot use WP Statistics should take Piwik. All alternatives mentioned below are considered less suitable for the majority of websites.

AWStats

AWStats runs entirely on the web server and analyzes log files. The installation is not quite easy. A prerequisite is the presence of Perl. For this, the analysis tool is free of charge. The evaluation options are extensive. The look and feel could be a bit more modern.

Since no script is embedded in the HTML code, the website visitor doesn't even notice that AWStats is being used. Because most German providers anonymize IP addresses in server logs, there are also no data protection issues.

Webtrekk

The provider is based in Berlin, within the EU. Webtrekk Analytics is a commercial solution. Since the tool is not free, we do not recommend it here, even though it could be recommended from a data protection perspective at first glance. The costs depend on the number of Page Impressions (page views).

etracker

For the same reason as with Webtrekk, a detailed examination of the web analytics tool etracker is omitted because it is a paid service. As of early 2018, the basic version costs at least 19 euros per month.

That's a lot of money for information about how often a page what accessed within a specific period (day, month). Sure, there are other interesting metrics. However, you can evaluate most of these with Piwik as well. I personally didn't like the etracker dashboard when I last took a look at the trial version. After the trial period ended, I kept receiving advertising emails from etracker.

Further Recommendations

Regardless of which tool is used for web analytics, the following aspects should be considered in general:

  • Always anonymize IP addresses
  • Do not collect personal data unnecessarily, such as email addresses (or IP addresses)
  • If you are considering enabling extended tracking, you should carefully consider whether this is compatible with the GDPR. At the very least, it will require more effort and care (see next point)
  • The inventory of processing activities must include a description of which analytics tool is used
  • Make sure the provider of the tool is based in Germany or at least in the European Union
  • Determine whether a data processing agreement is necessary. This should always be checked when using a cloud-based or rental solution
  • A local solution is always preferable to a cloud solution
  • Often, a commercial solution is not necessary, free tools already offer a lot
  • Those who don't conduct analyses don't need to use an analytics tool. Webmasters often install Google Analytics out of habit, even if no one ever creates an analysis
  • The privacy policy must inform about the analytics tool used
  • For non-fully locally running solutions like WP Statistics or AWStats, users must be given the option to deactivate and delete their data. This opt-out must function on a PC just as it does on a smartphone or tablet

Key takeaways of this article

Due to data privacy concerns, Google Analytics is no longer recommended, and good alternatives are available.

It is best to use analytics tools that run directly on your web server and do not send user browser data to an external server.

There are many free web analytics tools that work just as well as expensive programs.

About these key statements
About the author on dr-dsgvo.de
My name is Klaus Meffert. I have a doctorate in computer science and have been working professionally and practically with information technology for over 30 years. I also work as an expert in IT & data protection. I achieve my results by looking at technology and law. This seems absolutely essential to me when it comes to digital data protection. My company, IT Logic GmbH, also offers consulting and development of optimized and secure AI solutions.