How Browsers Can Support Site-Specific User Control under the GDPR & e-Privacy Regulations using Do-Not-Track

How Browsers Can Support Site-Specific User Control under the GDPR & e-Privacy Regulations using Do-Not-Track

A proposal for restricting user indentifiers to site-specific contexts. The DNT Tracking Preference Expression document ( TPE ) allows for the registration and communication of site-specific consent, but there is no verifiable or transparent way to implement this using HTTP cookies. Although servers can stop using UID cookies when the ...

Read More
Do-Not-Track: The Key to Compliance with the ePrivacy and General Data Protection Regulations

Do-Not-Track: The Key to Compliance with the ePrivacy and General Data Protection Regulations

The European Commission’s recent proposal for the new ePrivacy Regulation (EPR), like the ePrivacy Directive which it will replace, creates rules on how websites or service providers should process communication data and access to storage in users’ equipment. It requires that users’ “freely given, informed, specific & unambiguous” consent must ...

Read More
The Gemalto Debacle - Fraud, Mass Surveillance and E-Privacy

The Gemalto Debacle - Fraud, Mass Surveillance and E-Privacy

Recent reports reveal that the UK’s GCHQ has hacked into computers belonging to Dutch multinational Gemalto, to gain access to encryption keys used for mobile telecommunications. They did this by targeting particular Gemalto staff that had access to files containing the keys, and scouring their interoffice emails. The keys were ...

Read More
Discovered In The Wild: A New Method Bypassing Safari’s Third-Party Cookie Blocking.

Discovered In The Wild: A New Method Bypassing Safari’s Third-Party Cookie Blocking.

Another method allowing targeted advertisers to avoid Safari third-party cookie blocking has been found on a UK website, implemented by a French AdTech company. I have pointed out before that an early decision by the Tracking Protection Working Group (TPWG) was that servers could take different action on receipt of ...

Read More
Google and the legal requirement for opt-in consent.

Google and the legal requirement for opt-in consent.

Yesterday’s announcement from the CPB, the Dutch DPA, that they were giving Google till the end of February to comply with the Data Protection Act is another sign that European laws on online privacy are now being enforced. European online privacy and data protection law has a long history, developed ...

Read More
The cookie is alive and kicking, not dead, but thankfully in Europe Google, Facebook etc. are still subject to law protecting our fundamental rights.

The cookie is alive and kicking, not dead, but thankfully in Europe Google, Facebook etc. are still subject to law protecting our fundamental rights.

A number of posts have reported on the death of the cookie, like this one in VentureBeat , but, as Mark Twain famously said, "the reports of my death have been greatly exaggerated". SSO (and any log-on) uses cookies. They are usually first-party, but they are still HTTP cookies and ...

Read More
Google, Ghostery and the limits of Ad Blocking.

Google, Ghostery and the limits of Ad Blocking.

On tracking some of the trackers some of the time. Ghostery claims to show you “the invisible web” and block activity that could track your activity, but omits to report tracking by Google. The code is not open source but it is possible to see how it basically operates, which ...

Read More
The E-Privacy Directive and Do Not Track complement each other: both were designed to give individuals control over tracking irrespective of technology.

The E-Privacy Directive and Do Not Track complement each other: both were designed to give individuals control over tracking irrespective of technology.

The e-privacy directive was designed is to give people control over tracking, i.e. you have to be asked for permission before collecting data about your web history. Of course, the technique most often used for tracking is persistent UID cookies, but the language in Article 5 of the Directive is ...

Read More
AddThis no longer using canvas fingerprinting on the White House or the Labour Party websites.

AddThis no longer using canvas fingerprinting on the White House or the Labour Party websites.

The AddThis script is no longer using canvas fingerprinting on any of the sites we have looked at. In July we found many sites that were using this technique, including the White House and the UK Labour Party . Click on one of the links above to see a live ...

Read More
Is the Dutch DPA investigation of YD the beginning of the end for "AdChoices”?

Is the Dutch DPA investigation of YD the beginning of the end for "AdChoices”?

Imagine - you walk into a shoe shop and while you are looking at some trainers someone sneaks up and sticks a notice on your back. Later you are in a café, and you see someone at the next table stare intently at your back and write something in a ...

Read More
End of content
No more pages to load