I can see why so how many webmasters are gonna quit feeding Google data.
I quit giving Google anything years ago.

Exactly!
This could lead to much bigger issues for webmasters.

engine when I was working our company sold 10 websites I built we had our own visitor count a 3rd party counter and Google Analytics.
One one website Google Analytics was accidentally deleted several months before. They wound not close the deal until we had a month of data from Google.
Wonder how this will effect website sales?

Google Analytics Now Illegal in Austria; Other EU Member States Expected to Follow
[matomo.org...]

[edited by: not2easy at 2:04 pm (utc) on Jan 20, 2022]
[edit reason] split/move/splice crumbs cleanup [/edit]

This isn't getting the attention it deserves, just yet. It has huge implications for anyone in Europe running Google Analytics.

It all stems back to this news in 2015 Data Transfer Pact Between U.S. and Europe Is Ruled Invalid [webmasterworld.com]

Yup, found it in today's Inbox, with link to blog article. All in all, I'm impressed at how well Matomo--which I will forever think of as piwik--managed to suppress the wholly forgivable gloating.

Wonder how this will affect website sales?

Oh, right. Some buyers insist on seeing GA data precisely because it doesn’t live on the site’s own server (apparently oblivious to the fact that this means GA can record visits that never actually took place).

Yup, found it in today's Inbox, with link to blog article. All in all, I'm impressed at how well Matomo--which I will forever think of as piwik--managed to suppress the wholly forgivable gloating.

Lucy24,
and Matomo will not sell your website data arround?
They are special and full of justice?
They are mercifull?

Er. they don’t have my data. I do.

The question I'm not seeing answered is how this affects US-based, US-owned websites. Clearly GA is now illegal for EU-based, EU-owned websites, but what if you're not based in the EU, but have EU traffic?

And how would a self-hosted solution be any better than GA if you're hosting it in the US?

And then there's the issue of non-EU websites that use cloud services that mirror databases around the world.

I mean the core issue here is that for something like web analytics you can't do a summary report if the data is broken up into regionally-specific databases spread all around the world and no one database has all the data needed to do the report. For now you could host all the data in the EU and be compliant, but what if some country like China decides to do an even more stringent privacy policy and doesn't want data stored in the EU?

And how would a self-hosted solution be any better than GA if you're hosting it in the US?

I don’t know about other self-hosted analytics programs, but Matomo has an option of obfuscating the final element of the IP (the fourth segment in IPv4, don’t know how it’s done in IPv6). In fact I kinda think it’s the default. That takes care of the PII issue.

:: idly wondering if Austrian servers are required by law to obfuscate the last part of the IP in raw access logs too, or do they even know there is such a thing ::

Matomo has an option of obfuscating the final element of the IP (the fourth segment in IPv4

Not that you'd use analytics data for server security, but not being able to store the IP address is a major problem if you're trying to detect and block malicious users/bots.

And if you're running a site that's all about personal information (e.g. a dating site), I'm not sure how the EU can say that the user agreement the person agrees to during profile registration is legally different than the privacy alert a non-registered user sees when they first come to the site. Or that their sending the IP address along with the request is any different than filling out a form on the site.

I respect the goals of GDPR. But some of the fine details of implementation make no sense to me.

CNIL decides EU-US data transfer to Google Analytics illegal and orders controller to comply with GDPR

[noyb.eu...]

[cnil.fr...]