Application Insights – GDPR considerations

So, application insights can track a users’ session, and if they are a returning user – and it does this with cookies…

So, how do you handle this with App Insights?

Well, you’re probably storing some sort of cookie saying “permission has been granted”, and server-side you could filter upon that that if you’re excluding that user entirely from your analytics. (Which I don’t think you have to – I could be wrong – as App Insights doesn’t store PII by default (that’s why the IP address field on some telemetry records is – but I think you should if the user is being clear that they don’t want to send telemetry).

Client-side, though, you have to tell the JavaScript snippet that you want to disable cookies. There are a few ways of doing that (see disableCookiesUsage and cookieCfg.enabled). Here’s what I chose…

Just render an enabled : true (or not) depending upon if you’ve been allowed to use cookies. And much as I love App Insights, I don’t think it’s a ‘necessary’ cookie; the site will operate without them, so don’t turn them on unless you’ve been granted permissions to use it.

Application Insights – GDPR considerations

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.