I Replaced Google Analytics with Self-Hosted Matomo
If you run a website in Germany (or anywhere in the EU), using Google Analytics in 2026 is a legal minefield. After the CJEU rulings on data transfers to the US and the Austrian DSB declaring Google Analytics illegal, I switched all my clients to self-hosted Matomo.
Here's why and how.
The Legal Problem with Google Analytics
Google Analytics transfers personal data (IP addresses, user agents, browsing behavior) to servers in the United States. After Schrems II:
- Austrian DSB (2022): Declared Google Analytics illegal
- Italian Garante (2022): Fined a website €100K for using Google Analytics
- French CNIL (2022): Declared Google Analytics non-compliant
Even with "anonymized" IPs, the data transfer itself violates GDPR Chapter V.
Why Matomo (Self-Hosted)
Matomo is the most mature open-source analytics platform:
- Full data ownership — data stays on your server
- No data transfer to third countries — GDPR compliant by default
- Cookieless tracking — no consent banner needed
- Feature parity — heatmaps, session recordings, A/B testing, e-commerce tracking
- Free — the core is open-source (on-premise version)
Docker Setup (10 Minutes)
# docker-compose.yml
version: '3.8'
services:
matomo:
image: matomo:latest
container_name: matomo
restart: unless-stopped
ports:
- "8080:80"
environment:
MATOMO_DATABASE_HOST: matomo-db
MATOMO_DATABASE_NAME: matomo
MATOMO_DATABASE_USERNAME: matomo
MATOMO_DATABASE_PASSWORD: your-strong-password
volumes:
- matomo_data:/var/www/html
depends_on:
- matomo-db
matomo-db:
image: mariadb:10.11
container_name: matomo-db
restart: unless-stopped
environment:
MYSQL_ROOT_PASSWORD: your-root-password
MYSQL_DATABASE: matomo
MYSQL_USER: matomo
MYSQL_PASSWORD: your-strong-password
volumes:
- matomo_db_data:/var/lib/mysql
volumes:
matomo_data:
matomo_db_data:
docker compose up -d
Visit http://your-server:8080 and follow the setup wizard.
Making It GDPR-Compliant
1. Enable Cookieless Tracking
Settings → Privacy → "Track visitors without cookies"
This means no cookie consent banner needed for analytics.
2. Anonymize IP Addresses (Extra Layer)
Settings → Privacy → "Anonymize IP addresses" → Select "2 bytes" mask
3. Disable User ID Tracking
Unless you have a legitimate reason and consent.
4. Set Data Retention
Settings → Privacy → "Delete old visitor data" → 6 months is reasonable
5. Add to Your Privacy Policy
List Matomo as your analytics provider, hosted on your own server, with cookieless tracking enabled.
Migration Checklist
- [ ] Set up Matomo via Docker
- [ ] Configure cookieless tracking
- [ ] Import historical data from GA (Matomo has a migration plugin)
- [ ] Update your privacy policy
- [ ] Remove Google Analytics script from all pages
- [ ] Remove GA from your cookie consent tool
- [ ] Verify with a DSGVO scanner that GA is fully removed
The Results After Switching
For my clients:
- Legal risk: Eliminated (no data leaves the EU)
- Cookie banner: Simplified (no analytics cookies)
- Data quality: Improved (no ad blockers blocking Matomo when self-hosted)
- Cost: €0 (was paying for GA360 features)
Quick Test: Is Your Site Still Loading Google Analytics?
You might think you removed GA but still have it loading somewhere. Run a free check:
🔍 Free DSGVO Scanner — detects Google Analytics, Tag Manager, and 50+ other GDPR issues in 30 seconds.
Building GDPR-compliant infrastructure is what I do. If you need help migrating from Google Analytics or auditing your website, check out my services.
☁️ Need a Server for Self-Hosting?
I run all my services on Hetzner Cloud — EU-based, from €3.29/mo. Use my link and we both get €20 in credits.
🛡️ Is Your Website GDPR Compliant?
Check in 60 seconds: nevik.de/check — free DSGVO scanner.
💡 Tools I Built: bewertung.nevik.de (Google Reviews) · cv.nevik.de (Free CV Builder)
Follow me on Dev.to for weekly guides on self-hosting, AI tools, and growing your business.
Top comments (0)