Most New Zealanders are concerned about the collection and protection of personal information by online providers.
We know this because every two years, my office (Office of the Privacy Commissioner) undertakes an opinion poll on New Zealanders’ attitudes towards individual privacy. In the last two surveys, 80 per cent expressed concern about the security of personal information on the internet.
A corollary of this high level of awareness about the insecurity of online personal information is concern over how websites and mobile apps collect the information in the first place — information that can be used to hyper-personalise marketing and, in many cases, sold to or shared with third parties.
These third parties are removed from the direct customer-provider relationship from which the information is obtained. Once that information is passed on, the consumer effectively loses any control over the information.
Therefore, as a privacy regulator and watchdog, it is our aim to try and be as exemplary as possible about how we handle the personal information that our website collects.
Hence the dilemma we had last year when we moved to the Government’s Common Web Platform. We wanted to collect information about our web traffic while maintaining control over that information. We also wanted to allow people to opt out of being tracked on our website.
The website data helps us improve the delivery of our services and communications. But we want to collect only what is necessary for that purpose and only with the consent of our website’s visitors.
Google Analytics or Matomo (formerly Piwik)?
The obvious option for web analytics is Google Analytics. It is the most popular tool for companies and governments that want to analyse traffic on their websites. But it doesn’t put users — that would be us — in control of the data.
Google Analytics allows Google to know all visitors to the site and what pages they looked at. But because 60 per cent of all websites use Google Analytics, Google also comes to know many other websites that a person visited in any given time.
Through Google Analytics and Google services like AdSense, Google is therefore able to build a very accurate picture of most websites and their users. Google can then use this data to build custom audiences that it sells via AdWords.
In light of this, governments, companies and individuals are using alternatives such as Matomo, which puts users in control of their own website data and never shares that information.
We did a privacy comparison of Google Analytics and Matomo. We checked out both against our information privacy principles and against the principles of Privacy By Design.
Matomo is an open source web analytics platform created by a New Zealand-based developer. Its point of difference is that website owners can self-host it. Web data can be collected, stored and analysed on the website owner’s server without it needing to be sent to a third party for analysis.
Using the cloud
It all sounded good. But we were not able to self-host Matomo because of our website’s Common Web Platform infrastructure. For us to use Matomo meant we would have to employ a Matomo cloud solution.
We consulted with our overseas privacy colleagues to find out what they used and why. We researched the privacy policies of Google Analytics and Matomo, particularly as to the ownership and control of the data collected, and how they might use the data for their own purposes.
We sought and received written assurances from Matomo that even with a cloud-hosted solution, the data would remain fully in our control, and Matomo would not make any use of it itself or share it with any other parties.
We chose Matomo because we decided it would offer us a higher level of privacy assurance for our users and our data. As it happened, our German and French privacy colleagues had assessed Matomo and likewise found it privacy friendly.
Here then are some of the steps we have taken in implementing Matomo:
- We updated our website privacy statement to explain why we want to collect statistics about our web traffic, while providing an assurance that it is only aggregated, non-personally identifiable metrics.
- We provided users with the ability to opt out of the tracking cookies that Matomo will use to generate the aggregated, non-personally identifiable metrics for us. This opt out option is prominently displayed on our website.
- We are masking users’ IP addresses to make them non-personally identifiable.
- We have configured Matomo to recognise and respect any “Do not track” setting that a user might have implemented in their own web browser.
We think with Matomo we’ve got the balance right. Forresters is predicting this to be the year business begins to make data security and privacy an important competitive advantage. The international business advisory firm says that in the battle to win and retain customers, data security and privacy will become a top business technology priority.
We think the same lesson applies to government agencies because people will have similar levels of privacy expectations across both the private and public sectors.