Recherche avancée

Sur d’autres sites (9511)

• Use Google Analytics and risk fines, after CJEU ruling on Privacy Shield

  27 août 2020, par Joselyn Khor — Privacy
  EU websites using Google Analytics and Facebook are being targeted by European privacy group noyb after the invalidation of the Privacy Shield. They filed a complaint against 101 websites for continuing to send data to the US. 

  “A quick analysis of the HTML source code of major EU webpages shows that many companies still use Google Analytics or Facebook Connect one month after a major judgment by the Court of Justice of the European Union (CJEU) - despite both companies clearly falling under US surveillance laws, such as FISA 702. Neither Facebook nor Google seem to have a legal basis for the data transfers.”

  

  The Privacy Shield previously allowed for EU data to be transferred to the US. However, this was invalidated by the Court of Justice of the European Union (CJEU) on July 16, 2020. The CJEU deemed it illegal for any websites to transfer the personal data of European citizens to the US. 

  They also made it clear in a press release that “data subjects can claim compensation for inadmissible data exports (marginal no. 143 of the judgment). This should in particular include non-material damage (“compensation for pain and suffering”) and must be of a deterrent amount under European law.” Which puts extra financial pressure on websites to take the new ruling seriously.

  Immediate action is required after Google Privacy Shield invalidation

  The Berlin Commissioner for Data Protection and Freedom of Information therefore calls on all those responsible under its supervision to observe the decision of the ECJ [CJEU]. Those responsible who transfer personal data to the USA - especially when using cloud services - are now required to immediately switch to service providers in the European Union or in a country with an adequate level of data protection.

  As the ruling is effective immediately, there’s a pressing need for websites using Google Analytics to act, or face getting fined.

  What does this mean for you ?

  If you’re using Google Analytics the safest bet is to stop using it immediately. 

  "Neither Google Analytics nor Facebook Connect are necessary for the operation of these websites and could therefore have been replaced or at least deactivated in the meantime."

  If you still need to use it, then you’ll need to inform your visitors via a clear consent screen. This banner needs to make clear their personal data will be sent to the US, and to educate them about any potential risk related to this. They will then need to explicitly agree to this. 

  Another downside of cookie consent screens is that you may also suffer a damaging loss of visitors. After implementing cookie consent best practices, the UK’s data regulator the Information Commissioner’s Office (ICO) found a 90% drop in traffic, “implying a ninety percent drop in opt-in rates.”

  With an acceptance rate for such consent screens being lower than 10% your analytics becomes guesswork rather than science. 

  Looking for a privacy-respecting alternative to Google Analytics ?

  Privacy compliant Matomo Analytics is one of the best Google Analytics alternatives availalble. 

  With Matomo you’re able to continue using analytics without facing the wrath of both the GDPR and the CJEU. Matomo On-Premise lets you choose where your data is stored, so you can ensure no data is processed in the US. 

  Matomo is privacy-friendly and can be tweaked to comply with all privacy laws. Including the GDPR, HIPAA, CCPA and PECR. The benefits of this include : not needing to use tracking or cookie consent screens (like with GA) ; and avoiding fines because no personal data is collected. You also get 100% accurate data and the ability to protect your user’s privacy.

  Download Matomo

  

  Is your EU business at risk of being fined for using Google Analytics ?

  Email

  Get our assessment guide

• How to verify user permissions – Introducing the Piwik Platform

  9 novembre 2014, par Thomas Steur — Development

  This is the next post of our blog series where we introduce the capabilities of the Piwik platform (our previous post was How to make your plugin multilingual). This time you’ll learn how to verify user permissions. For this tutorial you will need to have basic knowledge of PHP and the Piwik platform.

  When should a plugin verify permissions ?

  Usually you want to do this before executing any action – such as deleting or fetching data – and before rendering any sensitive information that should not be accessible by everyone. For instance in an API method or Controller action. You sometimes also need to verify permissions before registering menu items or widgets.

  How does Piwik’s user management work ?

  It is quite simple as it only differentiates between a few roles : View permission, Admin permission and Super User permission. If you manage multiple websites with Piwik a user can be assigned to different roles as a user might have no permission for some websites but view or admin permission for another set of websites.

  Worth mentioning is that roles inherit from each other. This means the role admin automatically includes the role view and a super user automatically covers the view and admin role.

  Getting started

  In this post, we assume that you have already set up your development environment and created a plugin. If not, visit the Piwik Developer Zone where you’ll find the tutorial Setting up Piwik and other Guides that help you to develop a plugin.

  Verifying user permissions

  To protect your data the platform offers many convenient methods in the \Piwik\Piwik class. There you will find methods that either start with check, is or has. While methods that start with check throw an exception in case a condition is not met, the other methods return a boolean true or false.

  Use methods that throw an exception if you want to stop any further execution in case a user does not have an appropriate role. The platform will catch the exception and display an error message or ask the user to log in.

  public function deleteAllMessages()
  {
      // delete messages only if user has super user access, otherwise show an error message
      Piwik::checkUserSuperUserAccess();
   
      $this->getModel()->deleteAllMessages();
  }
  Télécharger

  Use methods that return a boolean for instance when registering menu items or widgets.

  public function configureAdminMenu(MenuAdmin $menu)
  {
      if (Piwik::hasUserSuperUserAccess()) {
          $menu->addPlatformItem('Plugins', $this->urlForDefaultAction());
      }
  }
  Télécharger

  It is important to be aware that just because the menu item won’t be displayed in the UI a user can still open the registered URL manually. Therefore you have to check for permissions in the actual controller action as well.

  View permission

  A user having a view permission should be only able to view reports but not make any changes apart from his personal settings. The methods that end with UserHasSomeViewAccess make sure a user has at least view permission for one website whereas the methods *UserHasViewAccess($idSites = array(1,2,3)) check whether a user has view access for all of the given websites.

  Piwik::checkUserHasSomeViewAccess();
   
  Piwik::checkUserHasViewAccess($idSites = array(1,2,3));
  Télécharger

  As a plugin developer you would usually use the latter example to verify the permissions for specific websites. Use the first example in case you develop something like an “All Websites Dashboard” where you only want to make sure the user has a view permission for at least one website.

  Admin permission

  A user having an admin permission cannot only view reports but also change website related settings. The methods to check for this role are similar to the ones before, just swap the term View with Admin.

  Piwik::checkUserHasSomeAdminAccess();
   
  Piwik::checkUserHasAdminAccess($idSites = array(1,2,3));
  Télécharger

  Super user permission

  A user having the super user permission is allowed to access all of the data stored in Piwik and change any settings. To check if a user has this role use one of the methods that end with UserSuperUserAccess.

  Piwik::checkUserHasSuperUserAccess();

  As a plugin developer you would check for this permission for instance in places where your plugin shows an activity log over all users or where it offers the possibility to change any system wide settings.

  Getting information about the currently logged in user

  Sometimes you might want to know which user is currently logged in. This can be useful if you want to persist user related information in the database or if you want to send an email to the currently logged in user. You can easily get this information by calling the following methods :

  $login = Piwik::getCurrentUserLogin()
  $email = Piwik::getCurrentUserEmail()
  Télécharger

  Advanced features

  Of course there is more that you can do. For instance you can verify whether a user is an anonymous user or whether a user has a specific role. You can also perform any operation in the context of a super user even if the current user does not have this role. Would you like to know more about those features ? Check out the Piwik class reference, the Security guide and the Manage Users user guide.

  If you have any feedback regarding our APIs or our guides in the Developer Zone feel free to send it to us.

• How to verify user permissions – Introducing the Piwik Platform

  9 novembre 2014, par Thomas Steur — Development

  This is the next post of our blog series where we introduce the capabilities of the Piwik platform (our previous post was How to make your plugin multilingual). This time you’ll learn how to verify user permissions. For this tutorial you will need to have basic knowledge of PHP and the Piwik platform.

  When should a plugin verify permissions ?

  Usually you want to do this before executing any action – such as deleting or fetching data – and before rendering any sensitive information that should not be accessible by everyone. For instance in an API method or Controller action. You sometimes also need to verify permissions before registering menu items or widgets.

  How does Piwik’s user management work ?

  It is quite simple as it only differentiates between a few roles : View permission, Admin permission and Super User permission. If you manage multiple websites with Piwik a user can be assigned to different roles as a user might have no permission for some websites but view or admin permission for another set of websites.

  Worth mentioning is that roles inherit from each other. This means the role admin automatically includes the role view and a super user automatically covers the view and admin role.

  Getting started

  In this post, we assume that you have already set up your development environment and created a plugin. If not, visit the Piwik Developer Zone where you’ll find the tutorial Setting up Piwik and other Guides that help you to develop a plugin.

  Verifying user permissions

  To protect your data the platform offers many convenient methods in the \Piwik\Piwik class. There you will find methods that either start with check, is or has. While methods that start with check throw an exception in case a condition is not met, the other methods return a boolean true or false.

  Use methods that throw an exception if you want to stop any further execution in case a user does not have an appropriate role. The platform will catch the exception and display an error message or ask the user to log in.

  public function deleteAllMessages()
  {
      // delete messages only if user has super user access, otherwise show an error message
      Piwik::checkUserSuperUserAccess();
   
      $this->getModel()->deleteAllMessages();
  }
  Télécharger

  Use methods that return a boolean for instance when registering menu items or widgets.

  public function configureAdminMenu(MenuAdmin $menu)
  {
      if (Piwik::hasUserSuperUserAccess()) {
          $menu->addPlatformItem('Plugins', $this->urlForDefaultAction());
      }
  }
  Télécharger

  It is important to be aware that just because the menu item won’t be displayed in the UI a user can still open the registered URL manually. Therefore you have to check for permissions in the actual controller action as well.

  View permission

  A user having a view permission should be only able to view reports but not make any changes apart from his personal settings. The methods that end with UserHasSomeViewAccess make sure a user has at least view permission for one website whereas the methods *UserHasViewAccess($idSites = array(1,2,3)) check whether a user has view access for all of the given websites.

  Piwik::checkUserHasSomeViewAccess();
   
  Piwik::checkUserHasViewAccess($idSites = array(1,2,3));
  Télécharger

  As a plugin developer you would usually use the latter example to verify the permissions for specific websites. Use the first example in case you develop something like an “All Websites Dashboard” where you only want to make sure the user has a view permission for at least one website.

  Admin permission

  A user having an admin permission cannot only view reports but also change website related settings. The methods to check for this role are similar to the ones before, just swap the term View with Admin.

  Piwik::checkUserHasSomeAdminAccess();
   
  Piwik::checkUserHasAdminAccess($idSites = array(1,2,3));
  Télécharger

  Super user permission

  A user having the super user permission is allowed to access all of the data stored in Piwik and change any settings. To check if a user has this role use one of the methods that end with UserSuperUserAccess.

  Piwik::checkUserHasSuperUserAccess();

  As a plugin developer you would check for this permission for instance in places where your plugin shows an activity log over all users or where it offers the possibility to change any system wide settings.

  Getting information about the currently logged in user

  Sometimes you might want to know which user is currently logged in. This can be useful if you want to persist user related information in the database or if you want to send an email to the currently logged in user. You can easily get this information by calling the following methods :

  $login = Piwik::getCurrentUserLogin()
  $email = Piwik::getCurrentUserEmail()
  Télécharger

  Advanced features

  Of course there is more that you can do. For instance you can verify whether a user is an anonymous user or whether a user has a specific role. You can also perform any operation in the context of a super user even if the current user does not have this role. Would you like to know more about those features ? Check out the Piwik class reference, the Security guide and the Manage Users user guide.

  If you have any feedback regarding our APIs or our guides in the Developer Zone feel free to send it to us.