Configuring your analytics solution is important.
The GDPR, as well as the control authorities, regulate today the use of personal data, and the conditions of use of trackers on your digital platforms.
A bad configuration can expose you to bad quality data, an impacted brand image and financial penalties.
This "Compliance" category aims to help you choose a configuration that best suits your needs, whether they are business or legal.
Because Piano Analytics is being used over many countries, and many companies, several configurations currently exist.
Here is a global table to see which configuration would suit your needs:
OPT-IN BY DEFAULT
OPT-OUT BY DEFAULT
NO CONSENT BY DEFAULT
|✔||! Only with Data Protection Authority validation||✔|
ImportantPlease refer to your legal/dpo teams or data protection authority to validate the use of the appropriate configuration.
All these configurations are listed from the less privacy compliant to the most privacy compliant approach but here are a bit more details.
No consent is asked, the visitor is by default considered as opt-in and any data can be sent.
Consent is asked, but visitors are considered as opt-out (only visible in Privacy Analysis) before they optin, only then any data can be sent.
Consent is asked but visitors are considered as no-consent (a free option makes them only visible in Privacy analysis) before they optin, only then any data can be sent.
Before consent was expressed, a visitor ID is given and changing from one page to the other preventing visitor identification until opt-in.
When the visitor decides to opt-in, his last visitor ID is reused and fixed for the rest of his visit and later visits.
No consent is asked, visitors are considered as exempt and fill our analysis outside the Privacy analysis.
Since no consent is asked, visitors cannot opt-in therefore, they cannot be identified as users or send any personal data.
Just like CNIL Exemption but with the ability to opt-in.
Consent is asked but visitors are considered as exempt before they opt-in.
Only when they do opt-in their user identification and personal data can be sent.
All of these methods listed above require a clear mention of a way to opt-out, in any country, on any site using analytics.