User tracking and cookie banner

For website operators, it is usually necessary to know statistically how the pages are used in order to be able to improve the offer.

What user data do you want to know?

Particularly interesting are,

  • how many website visitors were on the individual pages of a website at a certain time,
  • how they move between the individual pages of the website,
  • from which page they came to the website and
  • where they leave the website again. Also of technical interest
  • which end devices (PC, tab, mobile) were used. Sometimes it is also important
  • from approximately where the calls were made.


This information is usually sufficient to quickly recognize which languages should be offered, whether people can cope with the structure (menus and web technology used) and whether a particular page is interesting or should be improved. General statistics are sufficient here; it is not necessary to be able to identify individual users.

Which software do we recommend for statistics?

We are happy to install the MATOMO web analysis software for our customers to collect such statistics.

What about data protection?

In contrast to its competitor Google Analytics, MATOMO is technically and legally clear, simple and reliable to keep under control.

Data is saved locally on your own server and does not end up with the data octopus Google.

We use MATOMO in such a way that it does not store any cookies and anonymizes all user data. This makes the results less accurate because a returning user cannot be reliably identified, but this does not normally play a major role for the purpose of website optimization.

If cookies are switched off, MATOMO uses a makeshift “device fingerprinting” (the comparison of certain browser properties) in order to be able to track a user for a short time as they browse through a website. This raises the question of whether this already constitutes user tracking under the GDPR, for which user consent is required. In theory, device fingerprinting can also be used to more or less track a user across website boundaries. Facebook is apparently experimenting with such rather dubious techniques. But something like this requires huge technical resources. None of our customers have such resources and technical know-how.

However, if there is an obligation under the GDPR for the user to give their prior consent in any case, even if the above-mentioned statistical data is only collected via “device fingerprinting”, such consent would normally be requested via a consent banner when entering the website:

Problem with content banner popups

A cookie/consent banner is placed as a query element over the website content when the website is first visited and blocks its display until the user has selected whether and which data protection-relevant services they wish to allow on the website in question.

However, these banners have disadvantages: not only are they perceived as very annoying, they also train users to click away unread everything that pops up on a website – this makes them careless and, in the worst case, a virus is quickly downloaded by such a click.

In addition, a legal decision is to be made here, although you do not even know whether the website is worth the release of your personal data at all, whether the content behind the banner is “worthwhile” and how reputable the website appears. The website is not normally accessible before this decision.

Are content banner popups mandatory with MATOMO?

While this is clearly the case with the competitor provider Google Analytics, the legal experts are currently not in agreement when it comes to MATOMO, we have researched.

There are very well-founded arguments for not using content banners with MATOMO if MATOMO is configured to be as privacy-friendly as possible. We agree with these arguments:

We are not legal advisors and customers who want to be on the safe side here can of course always install tried and tested cookie consent banners, such as the BORLABS Cookie Manager.

DISCLAIMER: The TBA-Berlin is not a law firm. The content provided here is for general information purposes only and does not constitute legal advice. We recommend that you seek independent legal advice before taking or refraining from taking any action based on the content provided here.

TBA-Berlin makes no representations or warranties, express or implied, as to the accuracy, adequacy, validity, reliability, availability or completeness of the information referenced herein. Your use or reliance on any information contained herein is for your personal use and solely at your own risk.


More news

Domain Renewal Reminder” e-mail

Sometimes domain owners receive reminder emails in English that their domain will expire if they do not respond. You can safely ignore such emails with us: With the German providers we use, domains are renewed automatically (until cancellation).

Continue reading »