Ensuring the privacy of your customers’ personal data is now a key component of your digital-business success. Dynatrace provides numerous privacy enhancements that make it easy for you to configure appropriate settings that protect your customers personal data and ensure your organization’s compliance with GDPR.
Note: For details on privacy settings that are configured globally, environment-wide, please see How do I configure global privacy settings?
Data privacy settings for web applications
Data privacy settings available for web applications make it easy to implement data-privacy standards at the application level.
To access application-level data privacy settings
- Select Applications from the navigation menu.
- Select the web application you want to configure.
- Click the Browse (…) button and select Edit.
- Select the Data privacy tab.
To provide you with an easy overview of all applicable privacy settings, the Global settings section at the top of the settings page reflects the same environment-wide privacy settings that are configurable at Settings > Preferences > Data privacy.
Details of the other privacy settings that are available for web applications are detailed in the following sections.
This setting allows you to enable or disable the use of persistent cookies that detect and track returning users. When enabled, Dynatrace Real User Monitoring sets a persistent cookie in end-user browsers that detects if the browser has been used previously to access your application. When disabled, the Returning vs. new users RUM metric no longer works because Dynatrace is no longer able to correlate anonymous user sessions with tagged user sessions.
Note: User tracking is disabled by default for all newly created applications. Settings for existing applications aren’t affected and so must be configured manually.
dtrum.enable(). This allows you to implement an opt-in setting that enables your customers to comply with the data privacy standards of their region.
dtrum.enable() from each of your customers’ browsers to activate monitoring-data capture.
dtrum.enable() call. Using the call
dtrum.disable(), you can implement a dialog that enables your end users to stop sending monitoring data to Dynatrace, even after it’s been explicitly enabled. This API call requires Dynatrace OneAgent v1.145 or above.
Note: Opt-in mode isn’t enabled by default.
Do Not Track
Another technique for protecting end-user privacy that’s supported by all web browsers is the
Do Not Track HTTP header. With this setting enabled, browsers add an additional HTTP request header to all the web requests they send. This header specifies that all user tracking must be disabled.
With the Respect browsers’ “Do Not Track" setting disabled (setting is enabled by default), Dynatrace ignores the browser’s
Do Not Track setting and the
Do Not Track header. With this setting enabled (the default behavior), there are two options:
Capture anonymous user sessions for “Do Not Track” enabled browsers
(Enabled by default) Captures user sessions from the browser, but excludes all personal information that could lead to the identification of the user. The IP address is masked and no user tag information is sent.
Note: With the User tracking setting enabled (see above), Dynatrace still sets a persistent cookie to detect returning browsers.
Turn Real User Monitoring off for “Do Not Track” enabled browsers
(Disabled by default) No data is captured from browsers that have the “Do Not Track” setting enabled.
Note: The Respect browsers’ Do Not Track setting is enabled by default for both new and existing applications.
Data privacy settings for mobile apps
To ensure that your mobile apps are compliant with GDPR (or the Google prominent disclosure requirement) you must secure your end user’s permission to capture their personal data and receive crash reports from their mobile devices. Starting with OneAgent for Mobile 7.1.4, there is a setting called User opt-in mode that allows you to implement such behavior. This allows you to control the monitoring data that are captured and whether or not crash reports should be sent on a per-user basis.
Data collection level
off: No data is captured.
performance: OneAgent only captures anonymous performance data. Monitoring data that can be used to identify individual users (for example, user tags or custom values), aren’t captured.
user behavior: Both performance and user data is collected. In this mode, OneAgent recognizes and reports on users who re-visit your app in future sessions.
disabled: Crash reports aren’t sent to Dynatrace
enabled: Crash reports are sent to Dynatrace
Enable User opt-in mode for your mobile app
User opt-in mode must be enabled at build time and you must have the latest version of OneAgent for Mobile (v7.1.4 or above). In addition, you must implement a privacy settings page that allows each individual user of your app to control their preferences and store them using the new API. The following steps describe the workflow for setting up user opt-in mode.
- Enable user opt-in mode at build time of your app by setting the
- At startup, OneAgent for Mobile checks the enabled settings of the device. By default, the data collection level is set to off and crash reporting is disabled so that, upon the first startup of the app, no data is shared with Dynatrace.
- Once the user has confirmed their settings, you can use the new API calls to store the user’s preferences.
- Upon the following startup of your app, OneAgent for Mobile applies the new settings and reports only as much data as the user has agreed to share with Dynatrace.
Cookie opt-out capability
To provide your end users with a cookie opt-out capability, Dynatrace must be configured appropriately. Usually Dynatrace creates tracking cookies automatically. When using cookie
To activate cookie opt-in mode
- Go to Settings > Monitoring > Monitoring overview and click the Applications tab.
- Select the desired application, click the browse [...] button, and select Edit.
- From the left navigation menu, select Data Privacy and turn on Data-collection & cookie opt-in mode.
Note: If your organization provides an end-user opt-out feature for cookies, you must use the use the