Skip to content

CONCEPT Cited by 1 source

GDPR consent-gated telemetry

Definition

GDPR consent-gated telemetry is the practice of gating every telemetry-export call from a customer's browser on their explicit consent signal, so that no observability data leaves the device until (and unless) the customer agrees.

Under the EU's General Data Protection Regulation, collecting personal data — which can include IP addresses, session IDs, and any data linkable to an identifiable natural person — requires a legal basis, and for observability / analytics that basis is usually consent, which must be explicit, informed, and revocable.

Why it's unique to client-side

Server-side observability operates on data that has already arrived at a server by user action (making the request); the GDPR analysis is different (legitimate interest / contract performance / etc.). Client-side observability generates data from the browser and actively exports it outward — entering personal-data-collection territory much more clearly.

Zalando's browser SDK is explicit on this (Source: sources/2024-07-28-zalando-opentelemetry-for-javascript-observability-at-zalando):

"Collecting data from customers' browsers needs their explicit consent as per GDPR. We had to be mindful while exporting telemetry data — sending the export request only if the user consented."

Implementation shape (inferred)

The post doesn't fully disclose the wiring; the typical shape is:

  1. A page-level consent manager (cookie / banner / consent platform) maintains the current consent state.
  2. The observability SDK subscribes to the consent state — either by reading a well-known signal (a cookie, a global JS object) or via an API the consent manager publishes.
  3. The SDK's exporter is a conditional passthrough: if consent=true, export spans/metrics; if consent=false, drop them (or buffer — implementation-defined).

What Zalando specifically does — buffered vs dropped, cookie-based vs signal-based — is not disclosed; they only state that the gating is implemented.

Trade-offs

  • Coverage gap: users who don't consent produce no telemetry. If your consent rate is 50 %, your observability covers 50 % of page loads — enough to diagnose common issues, but may under-represent specific user segments.
  • Alert-sensitivity shift: a sudden drop in consent (e.g. consent-banner A/B test) looks like a drop in telemetry volume.
Last updated · 501 distilled / 1,218 read