Delete personally identifiable information (PII) from Matomo
For data protection reasons, the collection of personal data in a web tracking tool such as Matomo or Google Analytics is not permitted. To avoid the risk of being sued or fined, you should periodically check to see if personal information is being collected through tracking.
If this is the case, you can delete this data from Matomo relatively easily.
How to do that, I explain in this post.
The best way to remove PII is to not capture it in the first place.
It is advisable to take care to mask IPs, not to enrich page titles and URL paths with personal data, or to store user data that allows unique identification of an individual via Custom Dimension.
They have no place in events either.
Recognition of personal data (PII)
What is PII data and how do I find it?
In
this article from Matomo
you will find a good explanation of what is defined as personal data and why it is relevant to know them.
Google
also offers a guide
how to avoid sending personally identifiable information. Also, the post contains information on how you can avoid sending them.
Ergo:
It is possible to collect sensitive data with all common web tracking tools or server-side tracking and it is also possible to prevent it.
User data can show up here:
- User ID
- Content settings (pages and page titles)
- Event / Event Tracking
- E-commerce settings (credit card, customer name, shipping and billing address, phone number)
- Campaign dimensions (source, medium, campaign, ad content, concept fields)
- Internal search (search term or category)
- Benutzerdefinierte Dimensionen / Custom Dimensions
The following screenshot contains exemplary PII data in the marked areas.
In the campaign parameters are user data and the page path contains an email address.
The picture shows data that I recorded for demo purposes.
Search specifically for PII
With a weekly report you can get a targeted overview of found PII. One possibility is to send this automatically by email.
Custom reports are suitable for this purpose.
Of course, these reports should not return any results, but if they do, you can quickly take action and determine the cause, delete the records.
Deletion of PII in the DSGVO Tools from Matomo
Matomo provides a process for removing PII. To do so, navigate to Admin > Privacy > GDPR Tools.
There you can have your data searched specifically and identify critical data.
The result is then listed and you have the option to delete these entries.
Determine the affected users with custom reports
You can use a custom report to quickly and easily check dimensions that need to be controlled. If you need help creating a report, I’d be happy to provide support and advice.
Note: If you create a custom report, it is recommended to create all entries with the “Invalidate reports” plugin.
In the following image you can see how to display the page URL and the corresponding visitor ID.
In the aforementioned GDPR tools, you can now search specifically for the Visitor ID and delete it. All data collected in connection with this ID will then be deleted.
This also works with campaigns and custom dimensions.
The deletion is immediate and cannot be reversed.
Conclusion on deleting sensitive data in Matomo
You can remove entries relatively quickly and easily with Matomo. It is not necessary to do this through the database and SQL, it can be done directly through the backend.
From my perspective, it’s a good idea to take regular spot checks or use an automated report to look for PII.
Notice:
To be able to perform all steps as described, Matomo should be on-premise / self-hosted.
Since the cloud version does not offer the “Invalidate reports” or the customer support must be contacted for this.
In addition, the following plugins are necessary.