I’m trying to avoid the annoying “consent to cookies” thing on my website. There’s no cookies at all except the one when you’re logged in.
I know that GDPR is not only about cookies but more widely about storing and sharing user data.
Currently what I’m about to do is to not insert GA javascript on my website but instead make a post request on the GA API collect endpoint. In this post request I set the aip argument (anonymize IP) and I’m using a totally random and anonymous client-side generated GUID as cid argument.
In order to not create a new GUID each time the same user come to my site, I store their GUID in the browser (localstorage).
I know that localstorage is also under GDPR laws, but since I’m using a totally random GUID and sending the pageview event directly without inserting any JS and using IP anonymization, I wonder if it’s mandatory to ask consent or even alert the user when they come on my website.
I mean actually there is no way for GA to know who’s the user and track them outside of my website, and I have no way to connect GUIDs with my user ids to know which of my users appear in GA reports. Users are totally anonymized.
Am I right or should I put at least a message to warn my users?
Thanks!