Recherche avancée

Sur d’autres sites (8341)

• Neutral net or neutered

  4 juin 2013, par Mans — Law and liberty

  In recent weeks, a number of high-profile events, in the UK and elsewhere, have been quickly seized upon to promote a variety of schemes for monitoring or filtering Internet access. These proposals, despite their good intentions of protecting children or fighting terrorism, pose a serious threat to fundamental liberties. Although at a glance the ideas may seem like a reasonable price to pay for the prevention of some truly hideous crimes, there is more than first meets the eye. Internet regulation in any form whatsoever is the thin end of a wedge at whose other end we find severely restricted freedom of expression of the kind usually associated with oppressive dictatorships. Where the Internet was once a novelty, it now forms an integrated part of modern society ; regulating the Internet means regulating our lives.

  Terrorism

  Following the brutal murder of British soldier Lee Rigby in Woolwich, attempts were made in the UK to revive the controversial Communications Data Bill, also dubbed the snooper’s charter. The bill would give police and security services unfettered access to details (excluding content) of all digital communication in the UK without needing so much as a warrant.

  The powers afforded by the snooper’s charter would, the argument goes, enable police to prevent crimes such as the one witnessed in Woolwich. True or not, the proposal would, if implemented, also bring about infrastructure for snooping on anyone at any time for any purpose. Once available, the temptation may become strong to extend, little by little, the legal use of these abilities to cover ever more everyday activities, all in the name of crime prevention, of course.

  In the emotional aftermath of a gruesome act, anything with the promise of preventing it happening again may seem like a good idea. At times like these it is important, more than ever, to remain rational and carefully consider all the potential consequences of legislation, not only the intended ones.

  Hate speech

  Hand in hand with terrorism goes hate speech, preachings designed to inspire violence against people of some singled-out nation, race, or other group. Naturally, hate speech is often to be found on the Internet, where it can reach large audiences while the author remains relatively protected. Naturally, we would prefer for it not to exist.

  To fulfil the utopian desire of a clean Internet, some advocate mandatory filtering by Internet service providers and search engines to remove this unwanted content. Exactly how such censoring might be implemented is however rarely dwelt upon, much less the consequences inadvertent blocking of innocent material might have.

  Pornography

  Another common target of calls for filtering is pornography. While few object to the blocking of child pornography, at least in principle, the debate runs hotter when it comes to the legal variety. Pornography, it is claimed, promotes violence towards women and is immoral or generally offensive. As such it ought to be blocked in the name of the greater good.

  The conviction last week of paedophile Mark Bridger for the abduction and murder of five-year-old April Jones renewed the debate about filtering of pornography in the UK ; his laptop was found to contain child pornography. John Carr of the UK government’s Council on Child Internet Safety went so far as suggesting a default blocking of all pornography, access being granted to an Internet user only once he or she had registered with some unspecified entity. Registering people wishing only to access perfectly legal material is not something we do in a democracy.

  The reality is that Google and other major search engines already remove illegal images from search results and report them to the appropriate authorities. In the UK, the Internet Watch Foundation, a non-government organisation, maintains a blacklist of what it deems ‘potentially criminal’ content, and many Internet service providers block access based on this list.

  While well-intentioned, the IWF and its blacklist should raise some concerns. Firstly, a vigilante organisation operating in secret and with no government oversight acting as the nation’s morality police has serious implications for freedom of speech. Secondly, the blocks imposed are sometimes more far-reaching than intended. In one incident, an attempt to block the cover image of the Scorpions album Virgin Killer hosted by Wikipedia (in itself a dubious decision) rendered the entire related article inaccessible as well as interfered with editing.

  Net neutrality

  Content filtering, or more precisely the lack thereof, is central to the concept of net neutrality. Usually discussed in the context of Internet service providers, this is the principle that the user should have equal, unfiltered access to all content. As a consequence, ISPs should not be held responsible for the content they deliver. Compare this to how the postal system works.

  The current debate shows that the principle of net neutrality is important not only at the ISP level, but should also include providers of essential services on the Internet. This means search engines should not be responsible for or be required to filter results, email hosts should not be required to scan users’ messages, and so on. No mandatory censoring can be effective without infringing the essential liberties of freedom of speech and press.

  Social networks operate in a less well-defined space. They are clearly not part of the essential Internet infrastructure, and they require that users sign up and agree to their terms and conditions. Because of this, they can include restrictions that would be unacceptable for the Internet as a whole. At the same time, social networks are growing in importance as means of communication between people, and as such they have a moral obligation to act fairly and apply their rules in a transparent manner.

  Facebook was recently under fire, accused of not taking sufficient measures to curb ‘hate speech,’ particularly against women. Eventually they pledged to review their policies and methods, and reducing the proliferation of such content will surely make the web a better place. Nevertheless, one must ask how Facebook (or another social network) might react to similar pressure from, say, a religious group demanding removal of ‘blasphemous’ content. What about demands from a foreign government ? Only yesterday, the Turkish prime minister Erdogan branded Twitter ‘a plague’ in a TV interview.

  Rather than impose upon Internet companies the burden of law enforcement, we should provide them the latitude to set their own policies as well as the legal confidence to stand firm in the face of unreasonable demands. The usual market forces will promote those acting responsibly.

  Further reading

  • Tory-Labour pact could save data bill, says Lord Howard
  • Internet companies warn May over ‘snooper’s charter’
  • Snooper’s charter ‘should be replaced by strengthening of existing powers’
  • Exclusive : ‘Snooper’s charter’ would not have prevented Woolwich attack, says MI5
  • Search engines urged to block more online porn sites
  • Why technology must be the solution to child abuse material online
  • Google must take more action to police explicit content, says Vince Cable
  • Facebook bows to campaign groups over ‘hate speech’
  • Facebook sexism campaign attracts thousands online
  • Türkischer Ministerpräsident : Twitter ist eine Plage
  • Valls : « La traque sur Internet doit être une priorité pour nous »
  • La Cnil, futur juge d’Internet
  • “National security matter” : Third agency caught unilaterally blocking web sites

• Google Analytics 4 and GDPR : Everything You Need to Know

  17 mai 2022, par Erin

  Four years have passed since the European General Data Protection Regulation (GDPR, also known as DSGVO in German, and RGPD in French) took effect.

  That’s ample time to get compliant, especially for an organisation as big and innovative as Google. Or is it ? 

  If you are wondering how GDPR affects Google Analytics 4 and what the compliance status is at present, here’s the lowdown. 

  Is Google Analytics 4 GDPR Compliant ?

  No. As of mid-2022, Google Analytics 4 (GA4) isn’t fully GDPR compliant. Despite adding extra privacy-focused features, GA4 still has murky status with the European regulators. After the invalidation of the Privacy Shield framework in 2020, Google is yet to regulate EU-US data protection. At present, the company doesn’t sufficiently protect EU citizens’ and residents’ data against US surveillance laws. This is a direct breach of GDPR.

  Google Analytics and GDPR : a Complex Relationship 

  European regulators have scrutinised Google since GDPR came into effect in 2018.

  While the company took steps to prepare for GDPR provisions, it didn’t fully comply with important regulations around user data storage, transfer and security.

  The relationship between Google and EU regulators got more heated after the Court of Justice of the European Union (CJEU) invalidated the Privacy Shield — a leeway Google used for EU-US data transfers. After 2020, GDPR litigation against Google followed. 

  This post summarises the main milestones in this story and explains the consequences for Google Analytics users. 

  

  2018 : Google Analytics Meets GDPR 

  In 2018, the EU adopted the General Data Protection Regulation (GDPR) — a set of privacy and data security laws, covering all member states. Every business interacting with EU citizens and/or residents had to comply.

  GDPR harmonised data protection laws across member states and put down extra provisions for what constitutes sensitive personal information (or PII). Broadly, PII includes any data about the person’s :

  • Racial or ethnic origin 
  • Employment status 
  • Religious or political beliefs
  • State of health 
  • Genetic or biometric data 
  • Financial records (such as payment method data)
  • Address and phone numbers 

  Businesses were barred from collecting this information without explicit consent (and even with it in some cases). If collected, such sensitive information is also subject to strict requirements on how it should be stored, secured, transferred and used. 

  7 Main GDPR Principles Explained 

  Article 5 of the GDPR lays out seven main GDPR principles for personal data and privacy protection : 

  • Lawfulness, fairness and transparency — data must be obtained legally, collected with consent and in adherence to laws. 
  • Purpose limitation — all personal information must be collected for specified, explicit and legal purposes. 
  • Data minimisation — companies must collect only necessary and adequate data, aligned with the stated purpose. 
  • Accuracy — data accuracy must be ensured at all times. Companies must have mechanisms to erase or correct inaccurate data without delays. 
  • Storage limitation — data must be stored only for as long as the stated purpose suggests. Though there’s no upper time limit on data storage. 
  • Integrity and confidentiality (security) — companies must take measures to ensure secure data storage and prevent unlawful or unauthorised access to it. 
  • Accountability — companies must be able to demonstrate adherence to the above principles. 

  Google claimed to have taken steps to make all of their products GDPR compliant ahead of the deadline. But in practice, this wasn’t always the case.

  In March 2018, a group of publishers admonished Google for not providing them with enough tools for GDPR compliance :

  “[Y]ou refuse to provide publishers with any specific information about how you will collect, share and use the data. Placing the full burden of obtaining new consent on the publisher is untenable without providing the publisher with the specific information needed to provide sufficient transparency or to obtain the requisite specific, granular and informed consent under the GDPR.”

  The proposed Google Analytics GDPR consent form was hard to implement and lacked customisation options. In fact, Google “makes unilateral decisions” on how the collected data is stored and used. 

  Users had no way to learn about or control all intended uses of people’s data — which made compliance with the second clause impossible. 

  Unsurprisingly, Google was among the first companies to face a GDPR lawsuit (together with Facebook). 

  By 2019, French data regulator CNIL, successfully argued that Google wasn’t sufficiently disclosing its data collection across products — and hence in breach of GDPR. After a failed appeal, Google had to pay a €50 million fine and promise to do better. 

  2019 : Google Analytics 4 Announcement 

  Throughout 2019, Google rightfully attempted to resolve some of its GDPR shortcomings across all products, Google Universal Analytics (UA) included. 

  They added a more visible consent mechanism for online tracking and provided extra compliance tips for users to follow. In the background, Google also made tech changes to its data processing mechanism to get on the good side of regulations.

  Though Google addressed some of the issues, they missed others. A 2019 independent investigation found that Google real-time-bidding (RTB) ad auctions still used EU citizens’ and residents’ data without consent, thanks to a loophole called “Push Pages”. But they managed to quickly patch this up before the allegations had made it to court. 

  In November 2019, Google released a beta version of the new product version — Google Analytics 4, due to replace Universal Analytics. 

  GA4 came with a set of new privacy-focused features for ticking GDPR boxes such as :

  • Data deletion mechanism. Users can now request to surgically extract certain data from the Analytics servers via a new interface. 
  • Shorter data retention period. You can now shorten the default retention period to 2 months by default (instead of 14 months) or add a custom limit.  
  • IP Anonymisation. GA4 doesn’t log or store IP addresses by default. 

  Google Analytics also updated its data processing terms and made changes to its privacy policy. 

  Though Google made some progress, Google Analytics 4 still has many limitations — and isn’t GDPR compliant. 

  2020 : Privacy Shield Invalidation Ruling 

  As part of the 2018 GDPR preparations, Google named its Irish entity (Google Ireland Limited) as the “data controller” legally responsible for EEA and Swiss users’ information. 

  The company announcement says : 

  

  Initially, Google assumed that this legal change would help them ensure GDPR compliance as “legally speaking” a European entity was set in charge of European data. 

  Practically, however, EEA consumers’ data was still primarily transferred and processed in the US — where most Google data centres are located. Until 2020, such cross-border data transfers were considered legal thanks to the Privacy Shield framework. 

  But in July 2020, The EU Court of Justice ruled that this framework doesn’t provide adequate data protection to digitally transmitted data against US surveillance laws. Hence, companies like Google can no longer use it. The Swiss Federal Data Protection and Information Commissioner (FDPIC) reached the same conclusion in September 2020. 

  The invalidation of the Privacy Shield framework put Google in a tough position.

   Article 14. f of the GDPR explicitly states : 

  “The controller (the company) that intends to carry out a transfer of personal data to a recipient (Analytics solution) in a third country or an international organisation must provide its users with information on the place of processing and storage of its data”.

  Invalidation of the Privacy Shield framework prohibited Google from moving data to the US. At the same time, GDPR provisions mandated that they must disclose proper data location. 

  But Google Analytics (like many other products) had no a mechanism for : 

  • Guaranteeing intra-EU data storage 
  • Selecting a designated regional storage location 
  • Informing users about data storage location or data transfers outside of the EU 

  And these factors made Google Analytics in direct breach of GDPR — a territory, where they remain as of 2022.

  2020-2022 : Google GDPR Breaches and Fines 

  The 2020 ruling opened Google to GDPR lawsuits from country-specific data regulators.

  Google Analytics in particular was under a heavy cease-fire. 

  • Sweden first fined Google for violating GDPR for no not fulfilling its obligations to request data delisting in 2020. 
  • France rejected Google Analytics 4 IP address anonymisation function as a sufficient measure for protecting cross-border data transfers. Even with it, US intelligence services can still access user IPs and other PII. France declared Google Analytics illegal and pressed a €150 million fine. 
  • Austria also found Google Analytics GDPR non-compliant and proclaimed the service as “illegal”. The authority now seeks a fine too. 

  The Dutch Data Protection Authority and  Norwegian Data Protection Authority also found Google Analytics guilty of a GDPR breach and seek to limit Google Analytics usage. 

  New privacy controls in Google Analytics 4 do not resolve the underlying issue — unregulated, non-consensual EU-US data transfer. 

  Google Analytics GDPR non-compliance effectively opens any website tracking or analysing European visitors to legal persecution.

  In fact, this is already happening. noyb, a European privacy-focused NGO, has already filed over 100 lawsuits against European websites using Google Analytics.

  2022 : Privacy Shield 2.0. Negotiations

  Google isn’t the only US company affected by the Privacy Shield framework invalidation. The ruling puts thousands of digital companies at risk of non-compliance.

  To settle the matter, US and EU authorities started “peace talks” in spring 2022.

  European Commission President Ursula von der Leyen said that they are working with the Biden administration on the new agreement that will “enable predictable and trustworthy data flows between the EU and US, safeguarding the privacy and civil liberties.” 

  However, it’s just the beginning of a lengthy negotiation process. The matter is far from being settled and contentious issues remain as we discussed on Twitter (come say hi !).

  

  For one, the US isn’t eager to modify its surveillance laws and is mostly willing to make them “proportional” to those in place in the EU. These modifications may still not satisfy CJEU — which has the power to block the agreement vetting or invalidate it once again. 

  While these matters are getting hashed out, Google Analytics users, collecting data about EU citizens and/or residents, remain on slippery grounds. As long as they use GA4, they can be subject to GDPR-related lawsuits. 

  To Sum It Up 

  • Google Analytics 4 and Google Universal Analytics are not GDPR compliant because of Privacy Shield invalidation in 2020. 
  • French and Austrian data watchdogs named Google Analytics operations “illegal”. Swedish, Dutch and Norwegian authorities also claim it’s in breach of GDPR. 
  • Any website using GA for collecting data about European citizens and/or residents can be taken to court for GDPR violations (which is already happening). 
  • Privacy Shield 2.0 Framework discussions to regulate EU-US data transfers have only begun and may take years. Even if accepted, the new framework(s) may once again be invalidated by local data regulators as has already happened in the past. 

  Time to Get a GDPR Compliant Google Analytics Alternative 

  Retaining 100% data ownership is the optimal path to GDPR compliance.

  By selecting a transparent web analytics solution that offers 100% data ownership, you can rest assured that no “behind the scenes” data collection, processing or transfers take place. 

  Unlike Google Analytics 4, Matomo offers all of the features you need to be GDPR compliant : 

  • Full data anonymisation 
  • Single-purpose data usage 
  • Easy consent and an opt-out mechanism 
  • First-party cookies usage by default 
  • Simple access to collect data 
  • Fast data removals 
  • EU-based data storage for Matomo Cloud (or storage in the country of your choice with Matomo On-Premise)

  Learn about your audiences in a privacy-centred way and protect your business against unnecessary legal exposure. 

  Start your 21-day free trial (no credit card required) to see how fully GDPR-compliant website analytics works ! 

  21 day free trial. No credit card required.

  Your email address
  

  Your website address
  

  Your Analytics subdomain will be .matomo.cloud (change)

  Choose your analytics subdomain
  

  .matomo.cloud

  I hereby accept the terms and conditions and the data processing agreeement (DPA).

  
  Your information will be used to create an account on our cloud service. For more information please consult our privacy policy.
  
  

  » Start improving your websites now

  

• Matomo’s privacy-friendly web analytics software named best of the year 2022

  25 janvier 2023, par Erin

  W3Tech names Matomo ‘Traffic Analysis Tool of the Year 2022’ in its Web Technologies of the Year list of technologies that gained the most sites

  Matomo, a world-leading open-source web analytics platform, is proud to announce that it has received W3Tech’s award for the best web analytics software in its Web Technologies of the Year 2022. Matomo is the first independent, open-source tool named Traffic Analysis Tool of the Year – with previous winners including Google Analytics and Facebook Pixel.


  W3Tech, a trusted source for web technology research, determines winners for its annual Web Technologies of the Year list by technologies that gained the most websites. W3Tech surveys usage across millions of websites globally – comparing the number of sites using a technology on January 1st of one year with the number of sites using it the following year.

  W3Tech commenting on the Traffic Analysis Tool winners, said : “Matomo, the privacy-focused open source analytics platform, is the traffic analysis tool of the year for the first time, while Google Analytics and the other previous winners all lost a bit of market share in 2022. The Chinese Baidu Analytics ranks second this year. Snowplow, another open source tool, is an unexpected third.”


  Matomo launched in 2007 as an open-source analytics alternative to Google Analytics, keeps businesses GDPR and CCPA-compliant. Matomo is trusted by over 1.4 million websites in 220 countries and is translated into over 50 languages.


  Matomo founder Matthieu Aubry says, “As the first independent, open-source traffic analysis tool to receive this recognition, Matomo is humbled and honoured to lead the charge for change. It’s a testament to the hard work of our community, and it’s a clear sign that consumers and organisations are looking for ethical alternatives.


  “This recognition is a major win for the entire privacy movement and proves that the tide is turning against the big tech players who I believe have long prioritised profits over privacy. We are committed to continuing our work towards a more private and secure digital landscape for all.”


  In W3Tech’s Web Technologies of the Year 2022, Matomo was also judged third Tag Manager, behind Google Tag Manager and Adobe DTM.


  Matomo helps businesses and organisations track and optimise their online presence allowing users to easily collect, analyse, and act on their website and marketing data to gain a deeper understanding of their visitors and drive conversions and revenue. With 100% data ownership, customers using the company’s tools get the power to protect their website user’s privacy – and where their data is stored and what’s happening to it, without external influence. Furthermore, as the data is not sampled, it maintains data accuracy. 


  Aubry says its recent award is a positive reminder of how well this solution is performing internationally and is a testament to the exceptional quality and performance of Matomo’s powerful web analytics tools that respect a user’s privacy.


  “In 2020, the CJEU ruled US cloud servers don’t comply with GDPR. Then in 2022, the Austrian Data Protection Authority and French Data Protection Authority (CNIL) ruled that the use of Google Analytics is illegal due to data transfers to the US. With Matomo Cloud, the customer’s data is stored in Europe, and no data is transferred to the US. On the other hand, with Matomo On-Premise, the data is stored in your country of choice.


  “Matomo has also become one of the most popular open-source alternatives to Google Analytics for website owners and marketing teams because it empowers web professionals to make business decisions. Website investment, collateral, and arrangement are enriched by having the full picture and control of the data.”

  

  About Matomo

  Matomo is a world-leading open-source web analytics platform, trusted by over 1.4 million websites in 220 countries and translated into over 50 languages. Matomo helps businesses and organisations track and optimise their online presence allowing users to easily collect, analyse, and act on their website and marketing data to gain a deeper understanding of their visitors and drive conversions and revenue. Matomo’s vision is to create, as a community, the leading open digital analytics platform that gives every user complete control of their data.

  For more information/ press enquiries Press – Matomo