























Three of the top ten challenges in KPMG’s 2025 Mid-Year Regulatory Report involved data privacy. With growing pressure and regulations, how can businesses balance respecting user privacy and compliance requirements with meeting their customers’ digital experience needs and preferences?
This guide is for product, marketing and compliance teams interested in or in the process of adopting a privacy-first analytics approach. Let’s get into it.
Privacy analytics is the practice of measuring digital behaviour while minimising the collection of personal data and avoiding user identification. Instead of building profiles on individuals, privacy analytics focuses on patterns, trends and behaviour at an aggregate level.
It favours techniques like anonymisation, pseudonymisation, data masking, short-lived session hashes, limited retention and aggregation.
The purpose is to understand how your website or app performs based on patterns that don’t connect back to identifiable profiles. In other words, you learn which pages convert or where a funnel leaks, without exposing who an individual is.
This approach contrasts with traditional toolsets, like Google Analytics, which rely heavily on third-party cookies, cross-site identifiers, granular profiling and broad data sharing. Traditional analytics tools grew up in an ecosystem where more data was always better. Today’s privacy-centric analytics platforms provide better outcomes for both users and businesses.

Platforms built for privacy take a different path. Matomo collects first-party data, does not share it with third parties and gives organisations full data ownership. When configured correctly with a lawful basis, retention rules and consent where required, it supports compliance with data subject rights in the EU/EEA while still providing clear, decision-ready reporting.
For more background, see Matomo’s overview of privacy-friendly analytics.
Before diving deeper into the topic, it’s worth pointing out that the term “privacy analytics” can carry one of two meanings:
One of the biggest misconceptions in the industry is that privacy-first analytics provide less insight.
In reality, you can still measure the core signals that drive product and marketing decisions without personally intrusive tracking.
Start with page views. Record the URL, referrer, timestamp and anonymised device traits. This will show where people arrive, how they navigate between pages and which paths end in a key action.
Events work the same way. Define meaningful interactions, such as button clicks, video plays, outbound link clicks or downloads. Attach simple properties, like category, action, label and value. Because the focus is on behaviour rather than identity, you keep the context you need while masking who performed it.
From there, build funnels. A funnel is a series of steps, each defined by a page view or an event. For example, to purchase a product, the funnel might be:
You can see step-by-step fall-off, run content or UX experiments and compare cohorts over time.
To enforce privacy-friendly tracking, use first-party requests and avoid storing persistent identifiers. Techniques include short-lived session identifiers, IP masking and page- or campaign-level aggregation.
Matomo supports this approach and even provides controls to disable cookies while keeping page view, event and funnel reporting intact. You can also set rules to drop or transform fields before they are stored and follow Matomo’s guidance on enforcing tracking without cookies.
Privacy note:
Website analytics may be governed by both privacy laws (e.g., GDPR) and by ePrivacy rules that protect terminal devices.
In the EU/EEA, ePrivacy is technology‑neutral and can require prior consent for any access to or storage of information on a user’s device, even where no personal data is collected.
For an audit‑ready setup, log and manage consent states through a Consent Management Platform (CMP).
Outside the EU/EEA, cookieless modes with strong anonymisation and minimisation can help to reduce consent requirements, but you must document your legal basis and comply with local rules.
Pseudonymisation and anonymisation techniques play important roles in privacy-focused analytics. Both reduce risk and support compliance efforts, but it’s important to understand their differences.
Pseudonymised data has been stripped of direct identifiers. While this process means the data lacks directly identifying information, it’s still categorised as personal data under the GDPR because it could potentially be linked back to an individual when combined with other information.
Examples of pseudonymisation techniques include:
By reducing the amount of directly identifying information, pseudonymised data helps to mitigate business risks.
Anonymised data cannot reasonably be linked to an identifiable person. Examples include: aggregated page-level reporting, funnel statistics without user-level tracking, country-level or region-level geolocation and interaction heatmaps following privacy guidelines.
Properly anonymised data is generally outside the GDPR’s scope, but pseudonymised data remains personal data and must be treated accordingly; document your anonymisation methods and the rationale for your assessment.
Examples of privacy-preserving analytics include:
Matomo uses pseudonymisation by default and generates anonymised data sets at the reporting level through aggregation.
When configuring privacy-first analytics, consider all identifiers the system may collect.
IP addresses are a common focus point, but they’re just part of the picture. Let’s use the IP address as an example to consider what data minimisation options can be applied here.
Ask a simple question first: Do I need to collect IP addresses?
In most marketing and product use cases, the answer is no.
Using IP anonymisation tools, you can mask part of the address to varying degrees.
This approach still provides enough location detail to identify market demand and compare markets, without the unnecessary risk of individual identification.
If your use case involves fraud prevention or security, document the legal basis, obtain consent where required and limit retention. These scenarios are typically separate from analytics and handled by security or infrastructure teams, not marketing.
Regardless of the identifiers involved (IP, device traits, session data):
Remember that ePrivacy laws in the EU are triggered by data access or storage on a terminal device. It doesn’t matter if personal data is involved or not. In strict ePrivacy regions, you cannot track at all without prior valid consent.
To take a minimalistic approach to data collection:
Matomo offers various tools to support this approach by:
Heatmaps and session recordings have a reputation for being invasive. This is because many tools record everything on a page, including typed fields, user data and internal screens. But heatmaps and session recordings can be privacy-conscious when configured correctly. With Matomo, you can:
Server-side tracking routes analytics hits through your own servers before they reach the analytics platform. Because the requests come from your domain rather than a third party, common ad blockers and tracking protection lists are less likely to stop them. The result is steadier page views and event counts, fewer funnel gaps and more reliable attribution.
Accuracy is only part of the story. With a server in the middle, you decide what leaves your environment. You can:
Consent still matters. In strict ePrivacy regions, do not track without valid consent. A server endpoint helps you apply consent centrally and log the state for audits, but it does not replace the need for a lawful basis.
Matomo supports both client- and server-side approaches, so you can pick the right tool for each job:
Many teams opt for a hybrid model, using client-side development for UX details and server-side tracking for critical conversions and data governance.
To implement privacy-first, server-side tracking in Matomo:
This setup reduces blocking, improves data quality and gives you tighter control over what you collect.
The four platforms below reflect the range of privacy‑first analytics options available, from full‑featured analytics suites to lightweight, simplified dashboards.
Plausible, Fathom and Simple Analytics sit to varying degrees on the simpler side of the privacy-focused web analytics scale.
They’re all cookieless-by-default platforms that are compliant with GDPR, CCPA and PECR. Plausible is open-source, and Simple Analytics has open-source scripts, but Fathom is proprietary in its current version.
Plausible and Fathom both have self-hosted options, but they’re limited compared to their cloud counterparts; Simple Analytics is fully cloud-based.
Matomo, in contrast, has a fuller feature set with equal compliance. It’s just as capable of serving enterprise-level organisations as it is small ones.

While cookieless tracking requires a little configuration, Matomo offers functions the others lack, including heatmaps, session recordings, custom reporting, log analytics and a built-in tag manager. The differences between Matomo Cloud and On-Premise are minor compared to those of Fathom and Plausible, and they largely revolve around tradeoffs in more granular control over self-hosted deployments with greater maintenance and updating responsibilities.
Matomo’s approach centres analytics on:
The result is a workflow that collects only what you need, protects sensitive data and builds lasting user trust.
| Feature | Matomo | Plausible | Fathom | Simple Analytics |
|---|---|---|---|---|
| Open source | ✅ | ✅ | ❌ Only legacy version is open-source | ❌ Only open-source for scripts |
| Self-hosted | ✅ Full-featured | ✅ Limited compared to cloud version | ✅ Only for the lite version | ❌ |
| Cookieless | ✅ Configurable | ✅ By default | ✅ By default | ✅ By default |
| EU data hosting | ✅ Cloud or self-hosted | ✅ EU-only | ✅ EU-option | ✅ EU-only |
| GDPR/CCPA/PECR Compliance | ✅ | ✅ | ✅ | ✅ |
| Heatmaps and session recording | ✅ | ❌ | ❌ | ❌ |
| Custom reports | ✅ | ❌ | ❌ | ❌ |
| Built-in tag manager | ✅ | ❌ | ❌ | ❌ |
| Log analytics | ✅ | ❌ | ❌ | ❌ |
Privacy note: Regardless of the platform chosen, users are still responsible for configuring their legal basis and consent model, especially in regions with strict privacy regulations.
Protecting user privacy doesn’t mean giving up insights into how people use your website. A privacy-first analytics platform can still tell you where people hesitate on checkout pages, which blog posts are most engaging and where site speed may be affecting conversions, all while keeping personal data secure and aligned with GDPR and similar requirements.
If your current analytics tool relies on third-party cookies or shares data with external vendors, it may be time to rethink your setup. Teams need a solution that collects only the data they need and keeps it within their control.
Matomo gives you that control.
Try Matomo free for 21 days to see how privacy-first analytics fits your workflow.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。