Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Dynatrace is an Austrian application performance monitoring and observability platform. Real User Monitoring injects a JavaScript agent that sets cookies and captures session timings, errors and click paths. European customers can pin their tenant to Frankfurt, Dublin or Stockholm, but the RUM identifiers require consent under ePrivacy.
Dynatrace is an application performance monitoring and full stack observability platform founded in 2005 in Linz, Austria. The product family includes APM, infrastructure monitoring, logs, AIOps and Real User Monitoring (RUM). For websites the RUM module injects a JavaScript agent (ruxitagent_*.js) loaded from the customer Dynatrace tenant. The agent captures page timings, JavaScript errors, AJAX calls, click paths and user session metadata, then sends beacons to a Dynatrace OneAgent gateway.
The Dynatrace RUM agent sets dtCookie (visitor identifier, persistent for several years by default), dtPC (browser performance context), rxVisitor (visitor cross session identifier) and rxvt (session identifier with timestamp). These cookies persist beyond the session and link behavioral metrics to a recurring identifier, which qualifies them as analytics cookies requiring consent. The agent also sends RUM beacons that include the URL, timing metrics and a hashed visitor identifier.
The persistent identifiers and behavioral metrics qualify the Dynatrace RUM cookies as non strictly necessary under Article 5(3) of the ePrivacy Directive. Prior opt in consent is required. Article 6(1)(a) GDPR (consent) is the legal basis. Some jurisdictions accept legitimate interest (Article 6(1)(f)) when IP addresses are masked, identifiers are short lived and the RUM data is purely aggregated, but consent remains the safer default. Dynatrace LLC acts as processor under Article 28 GDPR with a DPA available in the customer agreement.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
European customers can pin their Dynatrace SaaS tenant to Frankfurt, Dublin or Stockholm, keeping RUM beacons and APM telemetry inside the EEA. Dynatrace LLC is headquartered in Linz (Austria), fully subject to GDPR. Some corporate support, billing and product analytics tools include US providers, covered by Standard Contractual Clauses. The Dynatrace identity provider also supports SSO via Azure Entra ID and Okta for federated authentication.
Gate the Dynatrace RUM agent behind your consent management platform, with Google Consent Mode v2 or IAB TCF integration. Configure IP address masking and form field masking in the Dynatrace settings. Set the RUM data retention to the minimum required (default 35 days). Pin the tenant to an EU region during onboarding. Sign the DPA. Document Dynatrace as processor in your record of processing activities, with region, retention and masking configuration.
Websites using Dynatrace must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is recommended when Dynatrace Real User Monitoring is enabled because it captures session level behavior, click paths, errors and sometimes user identifiers. Document the EU region selection, the IP masking configuration, the data masking rules for form fields, the retention period for RUM data (default 35 days) and the consent management integration.
Sample consent text
This website uses Dynatrace Real User Monitoring to measure page performance and detect errors. Dynatrace stores cookies (dtCookie, dtPC, rxVisitor, rxvt) that identify your session and your device. These cookies are activated only after you accept them in the consent banner.
Third-party domains contacted
dynatrace.comlive.dynatrace.comapps.dynatrace.comjs-cdn.dynatrace.comrum.dynatrace.comruxitagent.live.dynatrace.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| dtCookie | first-party (Dynatrace RUM) | Up to 5 years (configurable, default 1 year on newer agents) | Persistent visitor identifier used by Dynatrace Real User Monitoring to recognise a returning visitor across sessions. Requires consent under ePrivacy. |
| dtPC | first-party (Dynatrace RUM) | Session | Browser performance context cookie used to correlate page load metrics with the visitor session. Requires consent. |
| rxVisitor | first-party (Dynatrace RUM) | 1 year | Cross session visitor identifier used to link RUM events across visits. Requires consent. |
| rxvt | first-party (Dynatrace RUM) | Session | Session identifier paired with rxVisitor that includes timestamp information for the current visit. Requires consent. |
Dynatrace collects user analytics data — you legally need a consent banner. Try FlowConsent free.
Yes. The RUM agent sets dtCookie (persistent visitor identifier), dtPC (browser performance context), rxVisitor (cross session identifier) and rxvt (session identifier with timestamp). The agent also sends RUM beacons containing URL, timing metrics and a hashed visitor identifier.
Yes for the persistent identifiers used by Real User Monitoring under Article 5(3) ePrivacy. Strictly aggregated, IP masked RUM can sometimes rely on legitimate interest in specific jurisdictions, but opt in consent is the safer default.
Article 6(1)(a) GDPR (consent) for the persistent RUM identifiers and behavioral metrics. Article 6(1)(f) (legitimate interest) only when RUM is configured with IP masking, short identifiers and purely aggregated data. Dynatrace LLC is processor under Article 28 GDPR.
Not when the SaaS tenant is pinned to Frankfurt, Dublin or Stockholm. Some corporate support, billing and product analytics tools at Dynatrace LLC include US providers, covered by Standard Contractual Clauses. Dynatrace is headquartered in Linz, Austria.
A DPIA is recommended when RUM is enabled because it captures session level behavior, click paths and sometimes user identifiers. Document the EU region, the IP masking, the form field masking, the retention period and the consent management integration.
Gate the RUM agent behind your consent management platform with Google Consent Mode v2 or IAB TCF, configure IP masking and form field masking, set RUM retention to the minimum needed, pin the tenant to an EU region, sign the DPA and document the processor in your RoPA.
Other APM and observability platforms include New Relic, Datadog, AppDynamics (Cisco), Splunk Observability, Elastic APM (Elastic), Grafana Cloud (UK), Site24x7, Instana (IBM), Honeycomb and Sentry.
List dtCookie, dtPC, rxVisitor, rxvt and the RUM beacon endpoint in your cookie disclosure with purpose, retention and EU region information. Update the disclosure whenever Dynatrace RUM configuration changes (new domains, beacon endpoints, masking).