Collect IP address in anonymous tracking

Hi, is it possible to collect IP addresses while using anonymous tracking settings in the JS v3 tracker as follows?

anonymousTracking: {withServerAnonymisation: true}

The end goal is to be GDPR compliant by not collecting any kind of user id while preserving IP addresses so we can get enriched geo country information for analytics.

IP addresses is personal information

Hi @azclub,

We aren’t lawyers so obviously can’t advise on what is or isn’t GDPR compliant - so as always with this topic we recommend making sure your plan achieves compliance.

As for the question of collecting IP addresses but not cookie identifiers - there’s a section in this blog called " Disable cookies but capture IP addresses", which describes exactly that use case.

You also have the option to do that, and use the IP anonymisation enrichment to then remove the IP addresses (it will run after geolocation is done).

Hope that helps!

1 Like

Following up on this thread. Is it possible to have the following setup, and if so, how would we achieve this?

  • For users that consent to tracking, leverage fully identified tracking (all cookies and IP address)
  • For users that don’t consent to tracking, leverage anonymous session tracking (no network_userid or domain_userid) BUT capture the IP address, extract geo, and then anonymise using IP anon enrichment

If I read the article you linked correctly, capturing IP addresses but not setting the network_userid by configuring the collector only works if you are happy not to set the network_userid for all users, i.e. including ones that have consented to tracking?

Following up on this thread :point_up_2: Any suggestions from the Snowplow team?

Hi @cyb,

The withServerAnonymisation feature in the JavaScript tracker does not enable this use case to keep the IP address but remove the network_userid unfortunately.

The only solution for this that I can think of would be to add a custom JavaScript enrichment that would look into the events and remove the network_userid in case the domain_userid is not present (i.e., the anonymousTracking feature is enabled in the tracker).

Thanks for the reply @matus! Have you come across this use case before? Is there any other way we can capture the IP address with events and then still benefit from the geo location enrichment?

We do not want to set the network_userid and then remove it in the pipeline as that would violate certain European countries’ regulations around leveraging cookies / cookie-like technologies without user consent.

There are two main options to do this:

  • Do not rely on IP address and instead pick up the geolocation headers from your load balancer using the header enrichment. Most good loadbalancers (e.g., GCP) provide this as header information.

We do not want to set the network_userid and then remove it in the pipeline as that would violate certain European countries’ regulations around leveraging cookies / cookie-like technologies without user consent.

The second option if you don’t want to collect network_userid is to use the anonymousTracking feature as @matus has mentioned above. Typically most customers will selectively enable or disable this using their consent management platform or tag manager which allows you to selectively disable or enable features depending on what consent / legal basis for processing you are using.

Thanks @mike, we will look into the option of picking up the geolocation headers from your load balancer using the header enrichment!

We are using the anonymous tracking capabilities however we would like finer grained control as outlined in my original question:

  • For users that consent to tracking, leverage fully identified tracking (all cookies and IP address)
  • For users that don’t consent to tracking, leverage anonymous session tracking (no network_userid or domain_userid) BUT capture the IP address, extract geo, and then anonymise using IP anon enrichment