Skip to main content
All guides
Serious KVKK m.5 · m.9 · GDPR Art. 6 · Chapter V · Analytics

Yandex Metrica: consent + a cross-border transfer to Russia

Yandex Metrica is analytics (and, with Webvisor, session recording) that sends data to Russia. It raises both a pre-consent problem and a cross-border transfer problem at once.

Why it matters

As non-essential analytics it needs prior consent (KVKK Art. 5 / GDPR Art. 6). And because data flows to Russia — a country without an EU adequacy decision — it also needs a transfer mechanism under KVKK Art. 9 / GDPR Chapter V. Firing on load fails both tests.

How to fix it

Load ym() only after opt-in, disable Webvisor unless you have a specific need and explicit consent, and document the transfer basis. If you cannot justify the transfer, prefer a self-hosted, cookieless analytics tool instead.

// Only after consent, and without Webvisor by default:
function onConsentAccepted() {
  ym(YOUR_ID, 'init', {
    webvisor: false,
    clickmap: false,
    trackLinks: true
  });
}

Does your site have this issue?

Run a free scan to find out in seconds.

Official sources

Links to primary legislation for reference. PrivaScan is not affiliated with these bodies; this is information, not legal advice.

Related guides

These guides cover automated checks for trackers, cookies and data flows. A full privacy review also needs legal input.