We see more and more project and organisations working on privacy focused apps, services, … great!
But sadly this is more and more just marketing. The most famous line "We value your privacy" is telling almost the exact opposite these days.
So let's do a first step: Everyone who really values privacy, get rid of trackers from your websites. All of them. GA as well as Matomo.
If you want to know how to optimize your websites, analyse your logs or do surveys.
I recommend to create a Table that lists all information you process, the places process those data and the implicates by that as well as the reference to the law that makes those things legal.
@bn4t I guess they usual guide is called lawyer.
There are some generators, that can work for regular websites (but have been proven to be useless for mine, for example).
There are some elements that are required for privacy policies, like the mentioned reference to the laws what legitimated your processing of data using https://gdpr-info.eu/art-6-gdpr/
It also has to be understandable by your users, so keep things low tech or explain it well. (That's why I recommended the table)
@bn4t Might have a look at @infosechandbook's guide: https://infosec-handbook.eu/blog/wss7-policies-contact/#privacy-policy
Thanks, I'll take a look at it👍
@sheogorath I like to joke that "we value your privacy" literally means "we know exactly how much your privacy, and lack thereof, is worth to us".
@sheogorath Matomo can be configured to both respect DNT, as well as anonymize IPs. GA on the other hand...
@raucao Yes, and that's great, but misses the point.
Matomo as well as GA are not opt-in and therefore not privacy by design. It's definitely legally fine, but if you really value privacy why do you need to know who visits your website and where they came from?
Why do you really need all the data you obtain from tracking? And what of the data you need can't be (roughly) produced by simply analysing your logs?
@sheogorath Matomo is nothing more than a better log analyzer. You need this data to improve your web application for your customers as well as optimize sales to new customers. You gave up this data when you created it by visiting their website. That's your choice and entirely opt-in. If you give them your personal data, then that's even more so your choice and opt-in.
@sheogorath Them giving it to Google on the other hand is not something you anticipate when visiting their site.
@raucao No, I wouldn't say so. When I visit a website, then this happens in order to read the content of the website, not in order to improve their offers. Also most users are unaware of "how talkative" their browsers actually are.
I would argue that, given you want to do privacy by design, you shouldn't collect *any* data that are not required to serve my request.
You can enrich the data you provide me with hints to a survey or an opt-in for tracking, but not take that as granted.