[CONFIRMED] When Real-time tracking requires consent
![[CONFIRMED] When Real-time tracking requires consent](/content/images/size/w2000/2025/09/Screenshot-2025-09-26-at-10.27.28.png)
Marketers love real-time dashboards. Seeing how many people are on your site “right now” is exciting. But in Europe, the law is strict: not all “real-time tracking” is legal without consent.
In this article, we break down what the CNIL (France) and the AEPD (Spain) actually say, why reports like “last 30 minutes” may put you at legal risk, and how Sealmetrics solves this by design.
Why consentless analytics matters
Consent banners are killing data. In Spain and France, brands lose 30–60% of visits and conversions when users reject cookies.
Both CNIL and AEPD allow audience measurement without consent, but only if the tool meets strict conditions:
- No cross-site tracking.
- IP anonymization.
- Data retention limits.
- Aggregated, anonymous statistics.
👉 The critical detail: AEPD requires data to be “aggregated daily” (except page load, which can be hourly).
Real-time vs. daily aggregation: the difference that matters
- Allowed without consent:
- “Today you’ve had 500 pageviews.”
- “Right now there are 33 users on the site.”
- These are snapshots or daily accumulations, not logs of individuals.
- Not allowed without consent:
- “Last 30 minutes: 20 visits.”
- Visitor log: this user saw A, then B, then C.
- These are sub-daily buckets or individual journeys → need consent under AEPD.
👉 Snapshot vs. Window:
- Snapshot (33 users now) → ephemeral, aggregated, safe.
- Window (last 30 min) → stored sub-daily aggregation, not exonerated → needs consent.
What CNIL and AEPD actually say
- CNIL (France): Focuses on anonymity and no profiling. Real-time snapshots are fine if data is aggregated.
- AEPD (Spain): Explicitly requires daily aggregation for audience metrics, with one exception (page load times by hour).
📌 Source: AEPD, Guía sobre cookies analíticas de medición de audiencia (2024).
How tools handle this
|
Tool |
Mode |
Real-time |
Last 30 min reports |
Visitor logs |
CNIL/AEPD compliant? |
|---|---|---|---|---|---|
|
Matomo (normal) |
Cookies |
✔ |
✔ |
✔ |
❌ Needs consent |
|
Matomo (cookieless) |
disableCookies |
✔ |
✔ (sub-daily bucket) |
⚠ Still logs visitors |
⚠ Partial |
|
Plausible |
Cookieless by design |
✔ |
✔ (last 30 min) |
❌ |
⚠ Not fully AEPD compliant |
|
Sealmetrics |
Consentless by design |
✔ (daily snapshot) |
❌ |
❌ |
✔ 100% compliant |
Why Sealmetrics is different
Sealmetrics was built from the ground up to comply with both CNIL and AEPD:
- Real-time data, but always aggregated daily.
- No cookies, no fingerprinting, no sub-daily windows.
- No visitor logs.
- EU hosting and contracts as data processor.
👉 This means: you can see your traffic “today so far” in real time, but you’ll never risk exposing an individual user’s navigation.
Bottom line
- Real-time ≠ illegal. You can show snapshots or today’s totals without consent.
- Sub-daily windows (30 min, hourly, logs) = not exonerated. Require consent under AEPD.
- Sealmetrics is the only platform designed to give marketers real-time visibility and 100% compliance with both CNIL and AEPD.
🔒 Sealmetrics: Real-time insights. Always aggregated. Always compliant.