ePrivacy document WP224 ("Opinion 9/2014 on the application of Directive 2002/58/EC to device fingerprinting") specifically discusses the use of fingerprinting and IP addresses for first-party analytics and states:
"However, the Opinion also stated that currently there is no exemption to consent for cookies that are strictly limited to first party anonymised and aggregated statistical purposes. Therefore, first-party website analytics through device fingerprinting do not fall under the exemption defined in CRITERION A or B and consent of the user is required."
This seems quite clear that consent is required for any form of analytics where you can identify individual users.
Another commenter here mentioned that GitHub is only tracking individuals for 24 hours before the fingerprint changes. I would think that would probably qualify as being in the spirit of the ePrivacy directive, if not the letter of it.
Would be great if someone from GitHub could comment on the above? How are you handling this - do you maybe get consent as part of the terms you agree to when you signup? (which would mean not tracking anonymous users).
"However, the Opinion also stated that currently there is no exemption to consent for cookies that are strictly limited to first party anonymised and aggregated statistical purposes. Therefore, first-party website analytics through device fingerprinting do not fall under the exemption defined in CRITERION A or B and consent of the user is required."
This seems quite clear that consent is required for any form of analytics where you can identify individual users.
Another commenter here mentioned that GitHub is only tracking individuals for 24 hours before the fingerprint changes. I would think that would probably qualify as being in the spirit of the ePrivacy directive, if not the letter of it.
Would be great if someone from GitHub could comment on the above? How are you handling this - do you maybe get consent as part of the terms you agree to when you signup? (which would mean not tracking anonymous users).