Configure data privacy settings for web applications
Ensuring the privacy of your customers' personal data is now a key component of your digital business success. Dynatrace provides numerous privacy enhancements that make it easy for you to configure appropriate settings that protect your customers' personal data and ensure your organization's compliance with GDPR or other data privacy regulations.
For details on the global data privacy settings, see Configure environment-wide data privacy settings.
To access the data privacy settings for your web application
- In the Dynatrace menu, go to Web.
- Select the application that you want to configure.
- In the upper-right corner of the application overview page, select More (…) > Edit.
- From the application settings, select Data privacy > General. The End users' data privacy page opens.
On this page, the following settings are available:
- Mask end-user IP addresses and GPS coordinates
- Mask personal data in URIs
- Mask user actions (web applications only)
- Use persistent cookies for user tracking
- Data-collection and opt-in mode
- Comply with "Do Not Track" browser settings
Mask IPs and GPS coordinatesEnabled by default
Dynatrace captures IP addresses and GPS coordinates of end users to determine the region from which they access your application.
With the Mask end-user IP addresses and GPS coordinates option turned on, Dynatrace masks end user IP addresses and GPS coordinates during Real User Monitoring and server-side monitoring. The last octet of monitored IPv4 addresses and the last 80 bits of IPv6 addresses are replaced with zeroes. GPS coordinates are rounded up to 1 decimal place (~10 km). The masking occurs on the Dynatrace cluster prior to storage, and full IP addresses are never written to disk. Location lookups are made using anonymized IP addresses and GPS coordinates.
The Mask end-user IP addresses and GPS coordinates — Mask all IP addresses option is enabled by default for new environments.
For mobile apps, Dynatrace uses the coordinates from the device by using GPS or Wi-Fi. If the app has the permission to use this geolocation information, Dynatrace uses it to calculate the city that is closest to the reported GPS location. If not, Dynatrace uses MaxMind Geo2 Database.
Mask personal data in URIsDisabled by default
Dynatrace captures full URIs of requests that are sent from desktop and mobile browsers, as well as URIs of requests that are sent and received within monitored server-side processes. URIs may contain personal data, such as a user name, password, or ID.
When Mask personal data in URIs is turned on, Dynatrace detects personal data—IBANs, IP addresses, UUIDs, credit card numbers, and other IDs—in URIs, headers, and exception messages and replaces this data with a string like
[IPv4]. Dynatrace also replaces query parameter values with the string
Mask user actionsDisabled by default
The Mask user actions (web applications only) option affects Real User Monitoring only for web applications. With this option enabled, Dynatrace uses generic values for user action names.
When Dynatrace detects a user action that triggers a page load or an AJAX/XHR action, it constructs a name for the user action based on:
- User event type, for example,
loading of page..., or
- Title, caption, label, value, ID, className, or other available property of the related HTML element, for example, an image, button, checkbox, or text input field
In most instances, the default approach to user action naming works well, resulting in user action names such as:
click on "Search" on page /search.html
keypress on "Feedback" on page /contact.html
touch on "Homescreen" of page /list.jsf
In rare circumstances, email addresses, usernames, or other confidential data may be unintentionally included in user action names. This happens when confidential data is included in an HTML element label, attribute, or other value, resulting in user action names such as
click on "My Account Number: 1231231". If such confidential data appears in your application's user action names, turn on Mask user actions (web applications only) . This setting replaces specific HTML element names and values with generic HTML element names.
With user action name masking enabled, the user action names listed above appear as:
click on INPUT on page /search.html
keypress on TEXTAREA on page /contact.html
touch on DIV of page /list.jsf
User trackingDisabled by default
The Use persistent cookies for user tracking setting allows you to enable or disable the use of persistent cookies that detect and track returning users.
When turned on, Real User Monitoring sets a persistent cookie in end-user browsers that detects if the browser has been used previously to access your application. When turned off, Dynatrace is no longer able to correlate anonymous user sessions with tagged user sessions, so the Returning vs. new users RUM metric no longer works. Learn how we store this cookie.
User tracking is disabled by default for all newly created applications. Settings for existing applications aren't affected, so you must configure them manually.
Opt-in modeDisabled by default
To provide your end users with the ability to decide for themselves if their activities should be tracked or not (this is called "cookie opt-out capability"), enable the opt-in mode.
Dynatrace also provides an API call that can disable monitoring after you've activated it via the
dtrum.enable() API call. Using the
dtrum.disable() API call, you can implement a dialog that allows your end users to stop sending monitoring data to Dynatrace even after they've agreed to it before.
Do Not TrackEnabled by default
Another technique for protecting end-user privacy is the "Do Not Track" feature. When a user enables this feature, their browser adds the
DNT HTTP request header to all outgoing web requests. This header specifies that all user tracking must be disabled.
After you turn on Comply with "Do Not Track" browser settings, you can select between two options:
- Capture anonymous user sessions for "Do Not Track"-enabled browsers: When the
DNTheader is detected, Dynatrace captures RUM data but excludes all personal information that could lead to the identification of the user. The IP address is masked, and no user tag information is sent.
With the User tracking setting enabled, Dynatrace still sets a persistent cookie to detect returning users.
- Turn Real User Monitoring off for "Do Not Track"-enabled browsers: When the
DNTheader is detected, Dynatrace doesn't capture any data from browsers that have the "Do Not Track" setting enabled.
If you turn off Comply with "Do Not Track" browser settings, Dynatrace ignores the browser's "Do Not Track" setting and the
The Comply with "Do Not Track" browser settings — Capture anonymous user sessions for "Do Not Track"-enabled browsers option is enabled by default for all environments and applications.