Statcounter and the GDPR
Statcounter is an anonymous web tracking service. We don't attempt to identify an individual person . Our focus is on what visitors to your website do, not who that visitor is. Therefore most members who use Statcounter won't need to adapt their behaviour of Statcounter to comply with GDPR. However we have identified two areas where there will be a need to modify behaviour.
IP Labels and Custom Tags
We will no longer allow any personal data to be stored in our IP labels or custom tags.
GDPR and IP addresses
The GDPR makes it clear that an ip address and other cookie identifiers may be considered personal data.
(30) Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags.
However, for an IP address and other identifiers to be considered personal information, a user must be able to identify the person behind the IP address. As a regular user of Statcounter is not able to do that, an IP address should not be treated as personal data. There is legal precedent for this in the Irish High Court. They made the eminently sensible ruling that in the hands of an ISP (who controls that ip address range) that should be considered personal data, however in the hands of a record company who can't identify the individual behind the ip address it should not be considered personal data.
Irish High Court Ruling in EMI Records & Ors -v- Eircom Ltd
If an IP address were to be treated as personally identifiable information for all users it would have a number of bad effects.
a) The internet cannot work under GDPR if an ip address is always considered personal data. Under GDPR you can only store personal data with the permission of the user. You can't connect to a website without giving your IP address to the web server. If the web server can't store the IP address without first getting permission, then the initial connection to the website cannot happen.
b) If ip addresses were treated as personal data it would make defending your website and advertising budget from bot networks and click fraud rings extremely difficult. The IP address is the crucial piece of information required to detect, investigate and defend against many kinds of attacks, and a bot network is not going to give you permission to store its IP address.
We would strongly support the argument that in the hands of an ISP who control that ip address range, that is personal data but in the hands of anybody else who cannot relate that IP address back to a person it should not.
Answers to the majority of questions we receive can be found here in the knowledge base.
- How can I track downloads?
- How do I delete my account?
- How do I use Custom Tags?
- What are some Custom Tag use cases?
- StatCounter kodunu değiştirebilir miyim?
- Tutulan kayıtlar maksimum boyuta ulaşırsa ne olur - StatCounter saymayı durdurur mu?
- Benim veya müşterilerimin e-posta adreslerini üçüncü taraflarla paylaşma hakkınız var mı?
- Do you have a secure (HTTPS / SSL) tracking code?
- Bu hizmet neden ücretsiz?
- If a visitor does not have cookies enabled are they still tracked by the system?
- Statcounter and the GDPR
- What is the database error message I'm seeing?
- Does StatCounter work with Craigslist?
- Hesabımı nasıl kapatırım?
- How can I view stats from only certain countries / cities / states?
- Why does the URL say "Unknown"?
- My email report is missing / didn't get delivered.
- In my downloaded log the leading zero (0) in zip codes has been removed - how can I fix this?
- How do I enable async (asynchronously) tracking?