Is using CAOS Pro & Google Analytics compliant with GDPR laws?

Due to current developments in the EU, I can't with 100% confidence say that using CAOS Pro and/or Google Analytics is in compliance with GDPR. I am, however, working with privacy specialists to see what possibilities there are.

Short answer: yes.

Long answer: you might even be required to use Stealth Mode in the near future if your site is visited by EU citizens (which it probably is). Early January, 2022 the Austrian watchdog DSB ruled that using Google Analytics is in breach of GDPR, for one simple reason:

  • Personally identifiable information is shared with and stored on servers in the US. 

This is in breach of Article 44 of the GDPR, because US business can't within reason comply with the GDPR, due to the CLOUD act.

One of Google Analytics' answers to this is the Anonymize IP feature, which is essentially a useless feature if the visitor's browser is still connecting to Google's own servers (and therefore the IP address is still stored in access logs on that server -- in the US)

CAOS Pro fixes this in a few unique ways:

  • It downloads the analytics.js or gtag.js (depending on your configuration) to your server.
Then it uses a modified version of Google Analytics' tracking code, to implement the following features:
  1. Cookieless Analytics makes sure a unique ID is used each time a visitor is visiting your site, and no cookies are stored in the browser. This unique ID is changed for each user every X amount of days as defined in the Expiry period option.
  2. Stealth Mode makes sure all traffic to google-analytics.com or googletagmanager.com is intercepted and your server is used to send the data to Google's server, instead of the user's browser. 
  3. Anonymize IP properly anonymizes the user's IP address, by replacing the last two octets with zero's, before sending it to Google's servers.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.