Recherche avancée

Sur d’autres sites (3501)

• Decrypting fragmented mpeg-dash using ffmpeg

  6 octobre 2022, par Sayem Prodhan Ananta

  I have an mpeg-dash which I want to decrypt. I have the CENC decryption key. But I am unable to get it working. The dash uses segment template. Here is the dash

  


  &lt;?xml version="1.0" ?>&#xA;<mpd mediapresentationduration="PT1H55M53.987S" minbuffertime="PT6.00S" profiles="urn:mpeg:dash:profile:isoff-live:2011" type="static" xmlns="urn:mpeg:dash:schema:mpd:2011">&#xA;  &#xA;  <period>&#xA;    &#xA;    <adaptationset maxheight="720" maxwidth="1280" mimetype="video/mp4" segmentalignment="true" startwithsap="1">&#xA;      <accessibility schemeiduri="urn:scte:dash:cc:cea-608:2015" value="eng"></accessibility>&#xA;      <viewpoint schemeiduri="urn:mpeg:dash:role:2011" value="vp2"></viewpoint>&#xA;      &#xA;      <contentprotection schemeiduri="urn:mpeg:dash:mp4protection:2011" value="cenc"></contentprotection>&#xA;      &#xA;      <contentprotection schemeiduri="urn:uuid:9a04f079-9840-4286-ab92-e65be0885f95">&#xA;        pAIAAAEAAQCaAjwAVwBSAE0ASABFAEEARABFAFIAIAB4AG0AbABuAHMAPQAiAGgAdAB0AHAAOgAvAC8AcwBjAGgAZQBtAGEAcwAuAG0AaQBjAHIAbwBzAG8AZgB0AC4AYwBvAG0ALwBEAFIATQAvADIAMAAwADcALwAwADMALwBQAGwAYQB5AFIAZQBhAGQAeQBIAGUAYQBkAGUAcgAiACAAdgBlAHIAcwBpAG8AbgA9ACIANAAuADAALgAwAC4AMAAiAD4APABEAEEAVABBAD4APABQAFIATwBUAEUAQwBUAEkATgBGAE8APgA8AEsARQBZAEwARQBOAD4AMQA2ADwALwBLAEUAWQBMAEUATgA&#x2B;ADwAQQBMAEcASQBEAD4AQQBFAFMAQwBUAFIAPAAvAEEATABHAEkARAA&#x2B;ADwALwBQAFIATwBUAEUAQwBUAEkATgBGAE8APgA8AEsASQBEAD4AOABoAFcAMwBQAEsAeABPAEkAYwB1AGsAVwBWAHgASwBaAHgAMgA3AEMAZwA9AD0APAAvAEsASQBEAD4APABDAEgARQBDAEsAUwBVAE0APgBBAGQARgAvAFEAcwBzAHEATQBhAEEAPQA8AC8AQwBIAEUAQwBLAFMAVQBNAD4APABMAEEAXwBVAFIATAA&#x2B;AGgAdAB0AHAAOgAvAC8AcAByAC4AcwBlAHIAdgBpAGMAZQAuAGUAeABwAHIAZQBzAHMAcABsAGEAeQAuAGMAbwBtAC8AcABsAGEAeQByAGUAYQBkAHkALwBSAGkAZwBoAHQAcwBNAGEAbgBhAGcAZQByAC4AYQBzAG0AeAA8AC8ATABBAF8AVQBSAEwAPgA8AC8ARABBAFQAQQA&#x2B;ADwALwBXAFIATQBIAEUAQQBEAEUAUgA&#x2B;AA==&#xA;      </contentprotection>&#xA;      &#xA;      <contentprotection schemeiduri="urn:uuid:edef8ba9-79d6-4ace-a3c8-27dcd51d21ed">&#xA;        AAAAQ3Bzc2gAAAAA7e&#x2B;LqXnWSs6jyCfc1R0h7QAAACMIARIQPLcV8k6syyGkWVxKZx27ChoKaW50ZXJ0cnVzdCIBKg==&#xA;      </contentprotection>&#xA;      <segmenttemplate duration="6000" initialization="$RepresentationID$/init.mp4" media="$RepresentationID$/seg-$Number$.m4s" startnumber="1" timescale="1000"></segmenttemplate>&#xA;      <representation bandwidth="634478" codecs="avc1.4D401F" framerate="2997/100" height="288" scantype="progressive" width="512"></representation>&#xA;      <representation bandwidth="789637" codecs="avc1.4D401F" framerate="2997/100" height="360" scantype="progressive" width="640"></representation>&#xA;      <representation bandwidth="1562569" codecs="avc1.4D401F" framerate="2997/100" height="432" scantype="progressive" width="768"></representation>&#xA;      <representation bandwidth="2124583" codecs="avc1.4D401F" framerate="2997/100" height="720" scantype="progressive" width="1280"></representation>&#xA;    </adaptationset>&#xA;    &#xA;    <adaptationset lang="en" mimetype="audio/mp4" segmentalignment="true" startwithsap="1">&#xA;      &#xA;      <contentprotection schemeiduri="urn:mpeg:dash:mp4protection:2011" value="cenc"></contentprotection>&#xA;      &#xA;      <contentprotection schemeiduri="urn:uuid:9a04f079-9840-4286-ab92-e65be0885f95">&#xA;        pAIAAAEAAQCaAjwAVwBSAE0ASABFAEEARABFAFIAIAB4AG0AbABuAHMAPQAiAGgAdAB0AHAAOgAvAC8AcwBjAGgAZQBtAGEAcwAuAG0AaQBjAHIAbwBzAG8AZgB0AC4AYwBvAG0ALwBEAFIATQAvADIAMAAwADcALwAwADMALwBQAGwAYQB5AFIAZQBhAGQAeQBIAGUAYQBkAGUAcgAiACAAdgBlAHIAcwBpAG8AbgA9ACIANAAuADAALgAwAC4AMAAiAD4APABEAEEAVABBAD4APABQAFIATwBUAEUAQwBUAEkATgBGAE8APgA8AEsARQBZAEwARQBOAD4AMQA2ADwALwBLAEUAWQBMAEUATgA&#x2B;ADwAQQBMAEcASQBEAD4AQQBFAFMAQwBUAFIAPAAvAEEATABHAEkARAA&#x2B;ADwALwBQAFIATwBUAEUAQwBUAEkATgBGAE8APgA8AEsASQBEAD4AOABoAFcAMwBQAEsAeABPAEkAYwB1AGsAVwBWAHgASwBaAHgAMgA3AEMAZwA9AD0APAAvAEsASQBEAD4APABDAEgARQBDAEsAUwBVAE0APgBBAGQARgAvAFEAcwBzAHEATQBhAEEAPQA8AC8AQwBIAEUAQwBLAFMAVQBNAD4APABMAEEAXwBVAFIATAA&#x2B;AGgAdAB0AHAAOgAvAC8AcAByAC4AcwBlAHIAdgBpAGMAZQAuAGUAeABwAHIAZQBzAHMAcABsAGEAeQAuAGMAbwBtAC8AcABsAGEAeQByAGUAYQBkAHkALwBSAGkAZwBoAHQAcwBNAGEAbgBhAGcAZQByAC4AYQBzAG0AeAA8AC8ATABBAF8AVQBSAEwAPgA8AC8ARABBAFQAQQA&#x2B;ADwALwBXAFIATQBIAEUAQQBEAEUAUgA&#x2B;AA==&#xA;      </contentprotection>&#xA;      &#xA;      <contentprotection schemeiduri="urn:uuid:edef8ba9-79d6-4ace-a3c8-27dcd51d21ed">&#xA;        AAAAQ3Bzc2gAAAAA7e&#x2B;LqXnWSs6jyCfc1R0h7QAAACMIARIQPLcV8k6syyGkWVxKZx27ChoKaW50ZXJ0cnVzdCIBKg==&#xA;      </contentprotection>&#xA;      <segmenttemplate duration="6000" initialization="$RepresentationID$/init.mp4" media="$RepresentationID$/seg-$Number$.m4s" startnumber="1" timescale="1000"></segmenttemplate>&#xA;      <representation audiosamplingrate="48000" bandwidth="136225" codecs="mp4a.40.2">&#xA;        <audiochannelconfiguration schemeiduri="urn:mpeg:dash:23003:3:audio_channel_configuration:2011" value="2"></audiochannelconfiguration>&#xA;      </representation>&#xA;    </adaptationset>&#xA;  </period>&#xA;</mpd>&#xA;

  


  I have produced an mp4 file by combining all the segments like this

  


  init.mp4+seg-1.m4s+seg-2.m4s+....+seg-1159.m4s


  


  But I end up with following error

  


  ffmpeg version N-99631-g9018257751-anan5a-2020-10-19 Copyright (c) 2000-2020 the FFmpeg developers
  built with gcc 8 (Debian 8.3.0-6)
  configuration: --extra-version=anan5a-2020-10-19 --enable-gpl --enable-version3 --disable-shared --enable-static --enable-small --enable-avisynth --enable-chromaprint --enable-frei0r --enable-gmp --enable-gnutls --enable-ladspa --enable-libaom --enable-libass --enable-libcaca --enable-libcdio --enable-libcodec2 --enable-libfontconfig --enable-libfreetype --enable-libfribidi --enable-libgme --enable-libgsm --enable-libjack --enable-libmodplug --enable-libmp3lame --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libopencore-amrwb --enable-libopenjpeg --enable-libopenmpt --enable-libopus --enable-libpulse --enable-librsvg --enable-librubberband --enable-librtmp --enable-libshine --enable-libsnappy --enable-libsoxr --enable-libspeex --enable-libssh --enable-libtesseract --enable-libtheora --enable-libtwolame --enable-libv4l2 --enable-libvo-amrwbenc --enable-libvorbis --enable-libvpx --enable-libwebp --enable-libx264 --enable-libx265 --enable-libxvid --enable-libxml2 --enable-libzmq --enable-libzvbi --enable-lv2 --enable-openal --enable-opencl --enable-opengl --enable-libdrm --enable-nonfree --enable-libfdk-aac --enable-libbluray --enable-libzimg --enable-libsvtav1
  libavutil      56. 60.100 / 56. 60.100
  libavcodec     58.111.101 / 58.111.101
  libavformat    58. 62.100 / 58. 62.100
  libavdevice    58. 11.102 / 58. 11.102
  libavfilter     7. 87.100 /  7. 87.100
  libswscale      5.  8.100 /  5.  8.100
  libswresample   3.  8.100 /  3.  8.100
  libpostproc    55.  8.100 / 55.  8.100
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x557789b49300] Incorrect number of samples in encryption info
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x557789b49300] Could not find codec parameters for stream 0 (Video: h264 (avc1 / 0x31637661), none, 512x288, 616 kb/s): unspecified pixel format
Consider increasing the value for the 'analyzeduration' (0) and 'probesize' (5000000) options
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from '../videos/enc.0a7bd4e9ec72b6e0-5549.mkv':
  Metadata:
    major_brand     : isom
    minor_version   : 512
    compatible_brands: isomiso2avc1mp41iso5iso6
  Duration: 01:55:47.95, bitrate: 625 kb/s
    Stream #0:0(eng): Video: h264 (avc1 / 0x31637661), none, 512x288, 616 kb/s, SAR 1:1 DAR 16:9, 29.97 fps, 11988 tbr, 11988 tbn, 23976 tbc (default)
    Metadata:
      handler_name    : Bento4 Video Handler
    Side data:
      unknown side data type 24 (779 bytes)
Output #0, matroska, to '../videos/dec.0a7bd4e9ec72b6e0-5549.mkv':
  Metadata:
    major_brand     : isom
    minor_version   : 512
    compatible_brands: isomiso2avc1mp41iso5iso6
    encoder         : Lavf58.62.100
    Stream #0:0(eng): Video: h264 (avc1 / 0x31637661), none, 512x288 [SAR 1:1 DAR 16:9], q=2-31, 616 kb/s, 29.97 fps, 11988 tbr, 1k tbn, 11988 tbc (default)
    Metadata:
      handler_name    : Bento4 Video Handler
    Side data:
      unknown side data type 24 (779 bytes)
Stream mapping:
  Stream #0:0 -> #0:0 (copy)
Press [q] to stop, [?] for help
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x557789b49300] Incorrect number of samples in encryption info
../videos/enc.0a7bd4e9ec72b6e0-5549.mkv: Invalid data found when processing input
frame=    0 fps=0.0 q=-1.0 Lsize=       1kB time=00:00:00.00 bitrate=N/A speed=   0x    
video:0kB audio:0kB subtitle:0kB other streams:0kB global headers:0kB muxing overhead: unknown


  


  How can I achieve the decryption without error ??

  


• How to Choose the Optimal Multi-Touch Attribution Model for Your Organisation

  13 mars 2023, par Erin — Analytics Tips

  If you struggle to connect the dots on your customer journeys, you are researching the correct solution. 

  Multi-channel attribution models allow you to better understand the users’ paths to conversion and identify key channels and marketing assets that assist them.

  That said, each attribution model has inherent limitations, which make the selection process even harder.

  This guide explains how to choose the optimal multi-touch attribution model. We cover the pros and cons of popular attribution models, main evaluation criteria and how-to instructions for model implementation. 

  Pros and Cons of Different Attribution Models 

  

  First Interaction 

  First Interaction attribution model (also known as first touch) assigns full credit to the conversion to the first channel, which brought in a lead. However, it doesn’t report other interactions the visitor had before converting.

  Marketers, who are primarily focused on demand generation and user acquisition, find the first touch attribution model useful to evaluate and optimise top-of-the-funnel (ToFU). 

  Pros 

  • Reflects the start of the customer journey
  • Shows channels that bring in the best-qualified leads 
  • Helps track brand awareness campaigns

  Cons 

  • Ignores the impact of later interactions at the middle and bottom of the funnel 
  • Doesn’t provide a full picture of users’ decision-making process 

  Last Interaction 

  Last Interaction attribution model (also known as last touch) shifts the entire credit allocation to the last channel before conversion. But it doesn’t account for the contribution of all other channels. 

  If your focus is conversion optimization, the last-touch model helps you determine which channels, assets or campaigns seal the deal for the prospect. 

  Pros 

  • Reports bottom-of-the-funnel events
  • Requires minimal data and configurations 
  • Helps estimate cost-per-lead or cost-per-acquisition

  Cons 

  • No visibility into assisted conversions and prior visitor interactions 
  • Overemphasise the importance of the last channel (which can often be direct traffic) 

  Last Non-Direct Interaction 

  Last Non-Direct attribution excludes direct traffic from the calculation and assigns the full conversion credit to the preceding channel. For example, a paid ad will receive 100% of credit for conversion if a visitor goes directly to your website to buy a product. 

  Last Non-Direct attribution provides greater clarity into the bottom-of-the-funnel (BoFU). events. Yet, it still under-reports the role other channels played in conversion. 

  Pros 

  • Improved channel visibility, compared to Last-Touch 
  • Avoids over-valuing direct visits
  • Reports on lead-generation efforts

  Cons 

  • Doesn’t work for account-based marketing (ABM) 
  • Devalues the quality over quantity of leads 

  Linear Model

  Linear attribution model assigns equal credit for a conversion to all tracked touchpoints, regardless of their impact on the visitor’s decision to convert.

  It helps you understand the full conversion path. But this model doesn’t distinguish between the importance of lead generation activities versus nurturing touches.

  Pros 

  • Focuses on all touch points associated with a conversion 
  • Reflects more steps in the customer journey 
  • Helps analyse longer sales cycles

  Cons 

  • Doesn’t accurately reflect the varying roles of each touchpoint 
  • Can dilute the credit if too many touchpoints are involved 

  Time Decay Model 

  Time decay models assumes that the closer a touchpoint is to the conversion, the greater its influence. Pre-conversion touchpoints get the highest credit, while the first ones are ranked lower (5%-5%-10%-15%-25%-30%).

  This model better reflects real-life customer journeys. However, it devalues the impact of brand awareness and demand-generation campaigns. 

  Pros 

  • Helps track longer sales cycles and reports on each touchpoint involved 
  • Allows customising the half-life of decay to improve reporting 
  • Promotes conversion optimization at BoFu stages

  Cons 

  • Can prompt marketers to curtail ToFU spending, which would translate to fewer qualified leads at lower stages
  • Doesn’t reflect highly-influential events at earlier stages (e.g., a product demo request or free account registration, which didn’t immediately lead to conversion)

  Position-Based Model 

  Position-Based attribution model (also known as the U-shaped model) allocates the biggest credit to the first and the last interaction (40% each). Then distributes the remaining 20% across other touches. 

  For many marketers, that’s the preferred multi-touch attribution model as it allows optimising both ToFU and BoFU channels. 

  Pros 

  • Helps establish the main channels for lead generation and conversion
  • Adds extra layers of visibility, compared to first- and last-touch attribution models 
  • Promotes budget allocation toward the most strategic touchpoints

  Cons 

  • Diminishes the importance of lead nurturing activities as more credit gets assigned to demand-gen and conversion-generation channels
  • Limited flexibility since it always assigns a fixed amount of credit to the first and last touchpoints, and the remaining credit is divided evenly among the other touchpoints

  How to Choose the Right Multi-Touch Attribution Model For Your Business 

  If you’re deciding which attribution model is best for your business, prepare for a heated discussion. Each one has its trade-offs as it emphasises or devalues the role of different channels and marketing activities.

  To reach a consensus, the best strategy is to evaluate each model against three criteria : Your marketing objectives, sales cycle length and data availability. 

  Marketing Objectives 

  Businesses generate revenue in many ways : Through direct sales, subscriptions, referral fees, licensing agreements, one-off or retainer services. Or any combination of these activities. 

  In each case, your marketing strategy will look different. For example, SaaS and direct-to-consumer (DTC) eCommerce brands have to maximise both demand generation and conversion rates. In contrast, a B2B cybersecurity consulting firm is more interested in attracting qualified leads (as opposed to any type of traffic) and progressively nurturing them towards a big-ticket purchase. 

  When selecting a multi-touch attribution model, prioritise your objectives first. Create a simple scoreboard, where your team ranks various channels and campaign types you rely on to close sales. 

  Alternatively, you can survey your customers to learn how they first heard about your company and what eventually triggered their conversion. Having data from both sides can help you cross-validate your assumptions and eliminate some biases. 

  Then consider which model would best reflect the role and importance of different channels in your sales cycle. Speaking of which….

  Sales Cycle Length 

  As shoppers, we spend less time deciding on a new toothpaste brand versus contemplating a new IT system purchase. Factors like industry, business model (B2C, DTC, B2B, B2BC), and deal size determine the average cycle length in your industry. 

  Statistically, low-ticket B2C sales can happen within just several interactions. The average B2B decision-making process can have over 15 steps, spread over several months. 

  That’s why not all multi-touch attribution models work equally well for each business. Time-decay suits better B2B companies, while B2C usually go for position-based or linear attribution. 

  Data Availability 

  Businesses struggle with multi-touch attribution model implementation due to incomplete analytics data. 

  Our web analytics tool captures more data than Google Analytics. That’s because we rely on a privacy-focused tracking mechanism, which allows you to collect analytics without showing a cookie consent banner in markets outside of Germany and the UK. 

  Cookie consent banners are mandatory with Google Analytics. Yet, almost 40% of global consumers reject it. This results in gaps in your analytics and subsequent inconsistencies in multi-touch attribution reports. With Matomo, you can compliantly collect more data for accurate reporting. 

  Some companies also struggle to connect collected insights to individual shoppers. With Matomo, you can cross-attribute users across browning sessions, using our visitors’ tracking feature. 

  When you already know a user’s identifier (e.g., full name or email address), you can track their on-site behaviours over time to better understand how they interact with your content and complete their purchases. Quick disclaimer, though, visitors’ tracking may not be considered compliant with certain data privacy laws. Please consult with a local authority if you have doubts. 

  How to Implement Multi-Touch Attribution

  Multi-touch attribution modelling implementation is like a “seek and find” game. You have to identify all significant touchpoints in your customers’ journeys. And sometimes also brainstorm new ways to uncover the missing parts. Then figure out the best way to track users’ actions at those stages (aka do conversion and events tracking). 

  Here’s a step-by-step walkthrough to help you get started. 

  Select a Multi-Touch Attribution Tool 

  The global marketing attribution software is worth $3.1 billion. Meaning there are plenty of tools, differing in terms of accuracy, sophistication and price.

  To make the right call prioritise five factors :

  • Available models : Look for a solution that offers multiple options and allows you to experiment with different modelling techniques or develop custom models. 
  • Implementation complexity : Some providers offer advanced data modelling tools for creating custom multi-touch attribution models, but offer few out-of-the-box modelling options. 
  • Accuracy : Check if the shortlisted tool collects the type of data you need. Prioritise providers who are less dependent on third-party cookies and allow you to identify repeat users. 
  • Your marketing stack : Some marketing attribution tools come with useful add-ons such as tag manager, heatmaps, form analytics, user session recordings and A/B testing tools. This means you can collect more data for multi-channel modelling with them instead of investing in extra software. 
  • Compliance : Ensure that the selected multi-attribution analytics software wouldn’t put you at risk of GDPR non-compliance when it comes to user privacy and consent to tracking/analysis. 

  Finally, evaluate the adoption costs. Free multi-channel analytics tools come with data quality and consistency trade-offs. Premium attribution tools may have “hidden” licensing costs and bill you for extra data integrations. 

  Look for a tool that offers a good price-to-value ratio (i.e., one that offers extra perks for a transparent price). 

  Set Up Proper Data Collection 

  Multi-touch attribution requires ample user data. To collect the right type of insights you need to set up : 

  • Website analytics : Ensure that you have all tracking codes installed (and working correctly !) to capture pageviews, on-site actions, referral sources and other data points around what users do on page. 
  • Tags : Add tracking parameters to monitor different referral channels (e.g., “facebook”), campaign types (e.g., ”final-sale”), and creative assets (e.g., “banner-1”). Tags help you get a clearer picture of different touchpoints. 
  • Integrations : To better identify on-site users and track their actions, you can also populate your attribution tool with data from your other tools – CRM system, A/B testing app, etc. 

  Finally, think about the ideal lookback window — a bounded time frame you’ll use to calculate conversions. For example, Matomo has a default windows of 7, 30 or 90 days. But you can configure a custom period to better reflect your average sales cycle. For instance, if you’re selling makeup, a shorter window could yield better results. But if you’re selling CRM software for the manufacturing industry, consider extending it.

  Configure Goals and Events 

  Goals indicate your main marketing objectives — more traffic, conversions and sales. In web analytics tools, you can measure these by tracking specific user behaviours. 

  For example : If your goal is lead generation, you can track :

  • Newsletter sign ups 
  • Product demo requests 
  • Gated content downloads 
  • Free trial account registration 
  • Contact form submission 
  • On-site call bookings 

  In each case, you can set up a unique tag to monitor these types of requests. Then analyse conversion rates — the percentage of users who have successfully completed the action. 

  To collect sufficient data for multi-channel attribution modelling, set up Goal Tracking for different types of touchpoints (MoFU & BoFU) and asset types (contact forms, downloadable assets, etc). 

  Your next task is to figure out how users interact with different on-site assets. That’s when Event Tracking comes in handy. 

  Event Tracking reports notify you about specific actions users take on your website. With Matomo Event Tracking, you can monitor where people click on your website, on which pages they click newsletter subscription links, or when they try to interact with static content elements (e.g., a non-clickable banner). 

  Using in-depth user behavioural reports, you can better understand which assets play a key role in the average customer journey. Using this data, you can localise “leaks” in your sales funnel and fix them to increase conversion rates.

  Test and Validated the Selected Model 

  A common challenge of multi-channel attribution modelling is determining the correct correlation and causality between exposure to touchpoints and purchases. 

  For example, a user who bought a discounted product from a Facebook ad would act differently than someone who purchased a full-priced product via a newsletter link. Their rate of pre- and post-sales exposure will also differ a lot — and your attribution model may not always accurately capture that. 

  That’s why you have to continuously test and tweak the selected model type. The best approach for that is lift analysis. 

  Lift analysis means comparing how your key metrics (e.g., revenue or conversion rates) change among users who were exposed to a certain campaign versus a control group. 

  In the case of multi-touch attribution modelling, you have to monitor how your metrics change after you’ve acted on the model recommendations (e.g., invested more in a well-performing referral channel or tried a new brand awareness Twitter ad). Compare the before and after ROI. If you see a positive dynamic, your model works great. 

  The downside of this approach is that you have to invest a lot upfront. But if your goal is to create a trustworthy attribution model, the best way to validate is to act on its suggestions and then test them against past results. 

  Conclusion

  A multi-touch attribution model helps you measure the impact of different channels, campaign types, and marketing assets on metrics that matter — conversion rate, sales volumes and ROI. 

  Using this data, you can invest budgets into the best-performing channels and confidently experiment with new campaign types. 

  As a Matomo user, you also get to do so without breaching customers’ privacy or compromising on analytics accuracy.

  Start using accurate multi-channel attribution in Matomo. Get your free 21-day trial now. No credit card required.

• Understanding Data Processing Agreements and How They Affect GDPR Compliance

  9 octobre 2023, par Erin — GDPR

  The General Data Protection Regulation (GDPR) impacts international organisations that conduct business or handle personal data in the European Union (EU), and they must know how to stay compliant.

  One way of ensuring GDPR compliance is through implementing a data processing agreement (DPA). Most businesses overlook DPAs when considering ways of maintaining user data security. So, what exactly is a DPA’s role in ensuring GDPR compliance ?

  In this article, we’ll discuss DPAs, their advantages, which data protection laws require them and the clauses that make up a DPA. We’ll also discuss the consequences of non-compliance and how you can maintain GDPR compliance using Matomo.

  What is a data processing agreement ?

  A data processing agreement, data protection agreement or data processing addendum is a contractual agreement between a data controller (a company) and a data processor (a third-party service provider.) It defines each party’s rights and obligations regarding data protection.

  A DPA also defines the responsibilities of the controller and the processor and sets out the terms they’ll use for data processing. For instance, when MHP/Team SI sought the services of Matomo (a data processor) to get reliable and compliant web analytics, a DPA helped to outline their responsibilities and liabilities.

  A DPA is one of the basic requirements for GDPR compliance. The GDPR is an EU regulation concerning personal data protection and security. The GDPR is binding on any company that actively collects data from EU residents or citizens, regardless of their location.

  As a business, you need to know what goes into a DPA to identify possible liabilities that may arise if you don’t comply with European data protection laws. For example, having a recurrent security incident can lead to data breaches as you process customer personal data.

  The average data breach cost for 2023 is $4.45 million. This amount includes regulatory fines, containment costs and business losses. As such, a DPA can help you assess the organisational security measures of your data processing methods and define the protocol for reporting a data breach.

  Why is a DPA essential for your business ?

  If your company processes personal data from your customers, such as contact details, you need a DPA to ensure compliance with data security laws like GDPR. You’ll also need a DPA to hire a third party to process your data, e.g., through web analytics or cloud storage.

  But what are the benefits of having a DPA in place ?

  

  A key benefit of signing a DPA is it outlines business terms with a third-party data processor and guarantees compliance with the relevant data privacy laws. A DPA also helps to create an accountability framework between you and your data processor by establishing contractual obligations.

  Additionally, a DPA helps to minimise the risk of unauthorised access to sensitive data. A DPA defines organisational measures that help protect the rights of individuals and safeguard personal data against unauthorised disclosure. Overall, before choosing a data processor, having a DPA ensures that they are capable, compliant and qualified.

  More than 120 countries have already adopted some form of international data protection laws to protect their citizens and their data better. Hence, knowing which laws require a DPA and how you can better ensure compliance is important.

  Which data protection laws require a DPA ?

  Regulatory bodies enact data protection laws to grant consumers greater control over their data and how businesses use it. These laws ensure transparency in data processing and compliance for businesses.

  

  The following are some of the relevant data privacy laws that require you to have a DPA :

  • UK GDPR
  • Brazil LGPD
  • EU GDPR
  • Dubai PDPA
  • Colorado CPA
  • California CCPA/CPRA
  • Virginia VCDPA
  • Connecticut DPA
  • South African POPIA
  • Thailand PDPA

  Companies that don’t adhere to these data protection obligations usually face liabilities such as fines and penalties. With a DPA, you can set clear expectations regarding data processing between you and your customers.

  Review and update any DPAs with third-party processors to ensure compliance with GDPR and the laws we mentioned above. Additionally, confirm that all the relevant clauses are present for compliance with relevant data privacy laws. 

  So, what key data processing clauses should you have in your DPA ? Let’s take a closer look in the next section.

  Key clauses in a data processing agreement

  GDPR provides some general recommendations for what you should state in a DPA.

  

  Here are the elements you should include :

  Data processing specifications

  Your DPA should address the specific business purposes for data processing, the duration of processing and the categories of data under processing. It should also clearly state the party responsible for maintaining GDPR compliance and who the data subjects are, including their location and nationality.

  Your DPA should also address the data processor and controller’s responsibilities concerning data deletion and contract termination.

  Role of processor

  Your DPA should clearly state what your data processor is responsible for and liable for. Some key responsibilities include record keeping, reporting breaches and maintaining data security.

  Other roles of your data processor include providing you with audit opportunities and cooperating with data protection authorities during inquiries. If you decide to end your contract, the data processor is responsible for deleting or returning data, depending on your agreement.

  Role of controller

  Your DPA should inform the responsibilities of the data controller, which typically include issuing processing instructions to the data processor and directing them on how to handle data processing.

  Your DPA should let you define the lawful data processes the data processor should follow and how you’ll uphold the data protection rights of individuals’ sensitive data.

  Organisational and technical specifications

  Your DPA should define specifications such as how third-party processors encrypt, access and test personal data. It should also include specifications on how the data processor and controller will maintain ongoing data security through various factors such as :

  • State of the technology : Do ‌third-party processors have reliable technology, and can they ensure data security within their systems ?
  • Costs of implementation : Does the data controller’s budget allow them to seek third-party services from industry-leading providers who can guarantee a certain level of security ?
  • Variances in users’ personal freedom : Are there privacy policies and opt-out forms for users to express how they want companies to use their sensitive data ?

  Moreover, your DPA should define how you and your data processor will ensure the confidentiality, availability and integrity of data processing services and systems.

  What are the penalties for DPA GDPR non-compliance ?

  Regulators use GDPR’s stiff fines to encourage data controllers and third-party processors to follow‌ best data security practices. One way of maintaining compliance is through drafting up a DPA with your data processor.

  The DPA should clearly outline the necessary legal requirements and include all the relevant clauses mentioned above. Understand what goes into this agreement since data protection authorities can hold your business accountable for a breach — even if a processor’s error caused it.

  Data protection authorities can issue penalties now that the GDPR is in place. For example, according to Article 83 of the GDPR, penalties for data or privacy breaches or non-compliance can amount to up to €20 million or 4% of your annual revenue.

  There are two tiers of fines : tier one and tier two. Violations related to data processors typically attract fines on the tier-one level. Tier one fines can cost your business €10 million or 2% of your company’s global revenue.

  Tier-two fines result from infringement of the right to forget and the right to privacy of your consumer. Tier-two fines can cost your business up to €20 million or 4% of your company’s global revenue.

  GDPR fines make non-compliance an expensive mistake for businesses of all sizes. As such, signing a DPA with any party that acts as a data processor for your business can help you remain GDPR-compliant.

  How a DPA can help your business remain GDPR compliant

  A DPA can help your business define and adhere to lawful data processes.

  

  So, in what other ways can a DPA help you to remain compliant with GDPR ? Let’s take a look !

  1. Assess data processor’s compliance

  Having a DPA helps ensure that the data processor you are working with is GDPR-compliant. You should check if they have a DPA and confirm the processor’s terms of service and legal basis.

  For example, if you want an alternative to Google Analytics that’s GDPR compliant, then you can opt for Matomo. Matomo features a DPA, which you can agree to when you sign up for web analytics services or later.

  2. Establish lawful data processes

  A DPA can also help you review your data processes to ensure they’re GDPR compliant. For example, by defining lawful data processes, you better understand personally identifiable information (PII) and how it relates to data privacy.

  Further, you can allow users to opt out of sharing their data. As such, Matomo can help you to enable Do Not Track preferences on your website.

  

  With this feature, users are given the option to opt in or out of tracking via a toggle in their respective browsers.

  Indeed, establishing lawful data processes helps you define the specific business purposes for collecting and processing personal data. By doing so, you get to notify your users why you need their data and get their consent to process it by including a GDPR-compliant privacy policy on your website.

  3. Anonymise your data

  Global privacy laws like GDPR and ePrivacy mandate companies to display cookie banners or seek consent before tracking visitors’ data. You can either include a cookie consent banner on your site or stop tracking cookies to follow the applicable regulations.

  Further, you can enable cookie-less tracking or easily let users opt out. For example, you can use Matomo without a cookie consent banner, exempting it from many countries’ privacy rules.

  Additionally, through a DPA, you can define organisational measures that define how you’ll anonymise all your users’ data. Matomo can help you anonymise IP addresses, and we recommend that you at least anonymise the last two bytes.

  

  As one of the few web analytics tools you can use to collect data without tracking consent, Matomo also has the French Data Protection Authority (CNIL) approval.

  4. Assess the processor’s bandwidth

  Having a DPA can help you implement data retention policies that show clear retention periods. Such policies are useful when ending a contract with a third-party service provider and determining how they should handle your data.

  A DPA also helps you ensure the processor has the necessary technology to store personal data securely. You can conduct an audit to understand possible vulnerabilities and your data processor’s technological capacity.

  5. Obtain legal counsel

  When drafting a DPA, it’s important to get a consultation on what is needed to ensure complete compliance. Obtaining legal counsel points you in the right direction so you don’t make any mistakes that may lead to non-compliance.

  Conclusion

  Businesses that process users’ data are subject to several DPA contract requirements under GDPR. One of the most important is having DPAs with every third-party provider that helps them perform data processing.

  It’s important to stay updated on GDPR requirements for compliance. As such, Matomo can help you maintain lawful data processes. Matomo gives you complete control over your data and complies with GDPR requirements.

  To get started with Matomo, you can sign up for a 21-day free trial. No credit card required.

  Disclaimer

  We are not lawyers and don’t claim to be. The information provided here is to help give an introduction to GDPR. We encourage every business and website to take data privacy seriously and discuss these issues with your lawyer if you have any concerns.