Table of contents
What is the GDPR?
The General Data Protection Regulation (GDPR) is a legal framework that requires anyone collecting personal data -this could be you with your WordPress site- to comply with certain obligations.
In particular, there is an obligation to obtain your visitors consent before collecting certain types of personal data.
What is Jetpack Stats?
Jetpack Stats is a tool that allows you to obtain traffic statistics for your website—number of visitors, page views, visitor origin.
To compile this data, Jetpack Stats collects personal data from your visitors.
But does Jetpack Stats require user consent to function?
How does Jetpack Stats work?
To collect statistics, Jetpack uses cookies. That is, it places a small « tag » in the visitor’s browser to identify and track them.
However, the GDPR does not always require user consent in every case.
Thus, a statistical cookie may be exempt from requiring visitor consent if:
Le RGPD
It is possible to waive consent for certain statistical cookies.
CNIL, the french regulatory organism responsible for verifying that the RGPD is properly applied said that it is OK to use cookies to get anonymized data for statistics on your website [1].
So is Jetpack Stats compliant?
Jetpack Stats does not allow you to directly identify visitors.
It anonymizes the data and only provides the number of visitors, page views, and visitor origin.
No, it is not compliant
Before anonymizing your visitors’ data, Jetpack Stats still transmits this data to a third party: Automattic.
However, the CNIL is very clear on this matter:
To be exempt from consent, these trackers must not:
- Combine data with other processing or allow non-anonymized data to be transmitted to third parties
Source: CNIL – https://www.cnil.fr/fr/cookies-solutions-pour-les-outils-de-mesure-daudience (as of February 9, 2026)
Jetpack Stats requires user consent to be GDPR-compliant
The confusion comes from the fact that Jetpack Stats is enabled by default when you create your site. This may suggest that everything is GDPR-compliant.
But as we’ve seen above, this is not the case.
WordPress.com support has confirmed to me the need to obtain user consent to use Jetpack Stats.
No need to panic
In practice, if your website has low traffic, the CNIL is not going to come after you just because you don’t have a consent banner.
But it is, of course, something you should implement.
Plugins to help you comply with GDPR
Several plugins allow you to easily create a GDPR-compliant banner, enabling visitors to accept or refuse cookies.
Jetpack has also a feature to display a GDPR banner.
Users systematically refuse cookies
Most users -and very likely you as well-systematically optional cookies.
In the end, implementing a consent banner often simply means giving up access to meaningful statistics.
Displaying a banner that serves little purpose and may annoy or confuse your visitors is not ideal. The simplest solution may be to disable cookies entirely and avoid displaying a banner.
You can find a tutorial to do this here:
[1] Afin de se limiter à ce qui est strictement nécessaire à la fourniture du service et être ainsi exemptés de consentement conformément à l’article 82 de la loi Informatique et Libertés, ces traceurs doivent :
- être utilisés pour une finalité strictement limitée à la seule mesure de l’audience du site ou de l’application (mesure des performances, détection de problèmes de navigation, optimisation des performances techniques ou de son ergonomie, estimation de la puissance des serveurs nécessaires, analyse des contenus consulté), pour le compte exclusif de l’éditeur ;
- servir à produire des données statistiques anonymes uniquement.
Source : CNIL – https://www.cnil.fr/fr/cookies-solutions-pour-les-outils-de-mesure-daudience au 9 février 2026
Laisser un commentaire