Tracking inbound calls with Google Analytics

Interesting tidbit shared on Reddit, tracking inbound calls with Google analytics:

This is a neat idea. This could be a cool little module even.

/me Adds to list of projects that would be cool someday

This is a stupid idea.

Phone numbers are considered personal data and where the GDPR applies, strict rules apply to what can be stored for what reason and how the data can be merged. At least you have to get the caller’s consent beforehand. That should be difficult in practice. The result is quite high fines.

This may not be a problem in the USA (maybe with the exception of CA), but if you officially support something like this, Sangoma products in Europe run the risk of not being too strict about data security and being considered insecure. That would be a competitive disadvantage.

I disagree here.

1. This tutorial does not send caller ID to GA, it only logs the amount of calls against each DID.
2. Even if it would. This does NOT violate any GDPR or any type of privacy laws. Feeding simple call channel information to a private Google Analytics account is essentially like connecting Grafana to your CDR DB.

Just wait and see…

The decisive factor is likely to be that the telephone number is saved without consent. In any case, in Europe you need the prior consent of the owner. In the next step, questions would arise as to how the data will be processed further. Gone are the days when you could say it was just an algorithm.

FROM_DID is probably the callee’s extension and not the caller’s phone number. Technically, everything that is part of the SIP-Headers could be used here. So my objection would rather relate to the entirety of the data that can be transmitted.

I’m afraid that you are misunderstanding what Google Analytics does. It simply builds nice graphs so you can visualize what is happening.

The Data that this guide is describing is data that is already being stored on the PBX. There is literally no law (at least that the common public is aware of) that, at the time of writing this, does not allow you to store CDR data on your PBX.

Incorrect. FROM_DID is the DID that was called.

Having already the data is not the point, imo. The potential problem is forwarding the data. Depending on the nature of data there might even be restrictions on how long one can store them (in Europe, not necessarily in the US).

Let me give you an example from another area. The operators of a hotel naturally know which guests are bed-wetting. The transfer of this personal data to third parties is to be viewed critically under the aspect of data and privacy protection. It does not matter here that this knowledge could significantly expand the diaper market. As far as I know, GA is linked to Google Ads, so any sort of personal data would be “good to know”.

Yes, that’s what I wrote: the callee’s number, i.e. the number that was called.

There are many features in fpbx that are regulated or prohibited in some jurisdictions, but that doesn’t mean the feature gets abandoned. Its up to the system admin to ensure they’re compliant with the local rules.

In the EU, and for the moment, still in the UK, you can only store it for the minimum amount of time necessary for its intended purpose, must treat it as confidential, and must have registered with the appropriate government agency. You would have to provide the data held regarding the number, free of charge, on receiving a subject access request for it. None of this requires that legislation specifically list CDRs as a special case.

Note this only applies to number that represent people, not business numbers.

(In the UK, I believe there are also rules that positively require network operators to capture and keep basic traffic flow data for an extended period, for national security and police purposes.)

I haven’t researched this in depth (I was never involved with operational issues), but I imagine you would need explicit consent for any use beyond what the general public would expect, e.g. profiling private individuals.

This is an independent blog
If I or another community member expands this work in to a module then that would be on the community.

Neither of the above would be "officially supported.

Let’s say sangoma does make this in to a module themselves.

You still have to set it up and configure the module to work. That means it does nothing unless you make it do something. If you are concerned with GDPR compliance don’t use it. That said you shouldn’t store CDR data, voicemails or faxes on your server as they aren’t encrypted and that violates GDPR

Are you using sip without tls? That violates GDPR.

See where this is going?

I don’t think the GDPR is specific as to how you protect personal data, only that you do protect, it and allow individual human subjects to have access to the data on them, with certain exemptions.

I do not think that it is a question of what technical possibilities FPBX or Asterisk offers. The possibility of sending HTTP GETs and POSTs with curl is not in itself worthy of criticism. But if possible data misuse is celebrated as a great idea, then that is questionable.

I think that the responsibility always rests with the management. Most admins are likely to be overwhelmed with a specific legal issue.

No, that’s a tightrope walk, where the details matter. There are legitimate interests in CDRs. However, the connection data may not be resold at will without the consent of the persons concerned. It could even be that they are sometimes not allowed to be sold at all. SIP without TLS usually doesn’t violate the GDPR.

It’s not about encrypting everything, but about transparency about what is done with the personal data and how. There may also be opportunities to object.

In any case any idea good or bad should be evaluated individually by a companies compliance officers, lawyers etc. The GDPR is 261 pages of legalese and I am no lawyer. Honestly I run mostly on bullet points handed down to me by people who read this stuff. Note those people aren’t the ones who passed it I am sure. At the end of the day a good business analyzes all data to make business decisions and this adds a layer of data. While it isn’t ideal to give more data to google, they already know more about us than the NSA so at this point its a wash. Hell the call is likely made on a device they make some component of so…

Actually GDPR only relates to personally identifiable information, so you would need to be recording not only the number but also other information that points to an individual. I’m so fed up with people incorrectly spouting GDPR without actually knowing what it means. Whilst I haven’t looked at the specifics of the tool I don’t think GDPR has anything to do with it.

The number is an identifier in itself. When they called is information associated with that number.

The reason, that at least in the UK, we are continually plagued with cookie permission prompts isn’t because anyone can get from a cookie to name and postal address, but because you can build a profile based on the person using that cookie.

A cookie is completely different from a telephone number, cookies can gather more information than you can potentially get from a number on it’s own. The whole point of tracking cookies is to record beyond what you original went to a website for. GDPR DOES NOT APPLY in this case.

Every private phone number counts as personal data and is therefore fundamentally subject to data protection.

According to data protection, the storage, use, processing and disclosure of a phone number is only permitted if the person concerned agrees to this, if a law legitimizes this or if the data is publicly accessible.

This is an almost literal translation from official websites that I found in France and Germany. As a rule, a layperson has difficulties to analyze the situation because there are sometimes permissible exceptions in.

If Google Analytics is involved, the answer is arguably a little easier. GA is already subject to restrictions in some countries. In Germany GA can only be used under severe restrictions if it is not already prohibited (websites of public administrations in Brandenburg).

Regardless of this, some Google services in the United States are also suspected of violating privacy rights, such as the threatened class action lawsuit in San Jose from May 6, 2021 shows.

If the data from the most diverse sources is brought together (and Google is suspected of doing so), then a person will fundamentally be transparent. It’s not about an algorithm that just prepares this or that nicely, but about microtargeting, where people are only given the information they are receptive to. This requires the most extensive data collection possible. Ultimately, it is about a political dimension that does not belong here. But if false claims are made, or these services are presented as normal or desirable, then one should not be surprised at counter-speech.

You are also wrong in your assessment of the telephone number. If you read the post Calls Hanging UP from last week, then you can easily derive from the thread which company, including telephone number, address data, and more is meant. The writer wasn’t really paying attention. Basically, every interesting element of a SIP header could be passed on to Google for further processing.

For us this means that we have a problem when we offer small telephone systems and the customer believes that the device spies on him. It just doesn’t make sense to offer devices and services here anymore.