Recherche avancée

Sur d’autres sites (5302)

• How to make Matomo GDPR compliant in 12 steps

  3 avril 2018, par InnoCraft

  Important note : this blog post has been written by digital analysts, not lawyers. The purpose of this article is to briefly show you where Matomo is entering into play within the GDPR process. This work comes from our interpretation of the UK privacy commission : ICO. It cannot be considered as professional legal advice. So as GDPR, this information is subject to change. We strongly advise you to have a look at the different privacy authorities in order to have up to date information.

  The General Data Protection Regulation (EU) 2016/679, also referred to RGPD in French, Datenschutz-Grundverordnung, DS-GVO in German, is a regulation on data protection and privacy for all individuals within the European Union. It concerns organizations worldwide dealing with EU citizens and will come into force on the 25th May 2018.

  The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. It includes cookies, IP addresses, User ID, location, and any other data you may have collected.

  We will list below the 12 steps recommended by the UK privacy commissioner in order to be GDPR compliant and what you need to do for each step.

  The 12 steps of GDPR compliance according to ICO and how it fit with Matomo

  As mentioned in one of our previous blog post about GDPR, if you are not collecting any personal data with Matomo, then you are not concerned about what is written below.

  If you are processing personal data in any way, here are the 12 steps to follow along with some recommendations on how to be GDPR compliant with Matomo :

  1 – Awareness

  Make sure that people within your organization know that you are using Matomo in order to analyze traffic on the website/app. If needed, send them the link to the “What is Matomo ?” page.

  2 – Information you hold

  List all the personal data you are processing with Matomo within your record of processing activities. We are personally using the template provided by ICO which is composed of a set of 30 questions you need to answer regarding your use of Matomo. We have published an article which walks you through the list of questions specifically in the use case of Matomo Analytics. Please be aware that personal data may be also tracked in non-obvious ways for example as part of page URLs or page titles.

  3 – Communicating privacy information

  a – Add a privacy notice

  Add a privacy notice wherever you are using Matomo in order to collect personal data. Please refer to the ICO documentation in order to learn how to write a privacy notice. You can learn more in our article about creating your privacy notice for Matomo Analytics. Make sure that a privacy policy link is always available on your website or app.

  b – Add Matomo to your privacy policy page

  Add Matomo to the list of technologies you are using on your privacy policy page and add all the necessary information to it as requested in the following checklist. To learn more check out our article about Privacy policy.

  4 – Individuals’ rights

  Make sure that your Matomo installation respects all the individuals’ rights. To make it short, you will need to know the features in Matomo that you need to use to respect user rights (right of access, right of rectification, right of erasure…). These features are available starting in Matomo 3.5.0 released on May 8th : GDPR tools for Matomo (User guide).

  5 – Subject access requests

  Make sure that you are able to answer an access request from a data subject for Matomo. For example, when a person would like to access her or his personal data that you have collected about her or him, then you will need to be you able to provide her or him with this information. We recommend you design a process for this like “Who is dealing with it ?” and check that it is working. If you can answer to the nightmare letter, then you are ready. The needed features for this in Matomo will be available soon.

  6 – Lawful basis for processing personal data

  There are different lawful basis you can use under GDPR. It can be either “Legitimate interest” or “Explicit consent”. Do not forget to mention it within your privacy policy page. Read more in our article about lawful basis.

  7 – Consent

  Users should be able to remove their consent at any time. By chance, Matomo is providing a feature in order to do just that : add the opt-out feature to your privacy policy page.
  We are also offering a tool that allows you optionally to require consent before any data is tracked. This will be useful if a person should be only tracked after she or he has given explicit consent to be tracked.

  8 – Children

  If your website or app is targeted for children and you are using Matomo, extra measures will need to be taken. For example you will need to write your privacy policy even more clear and moreover getting parents consent if the child is below 13. As it is a very specific case, we strongly recommend you to follow this link for further information.

  9 – Data breaches

  As you may be collecting personal data with Matomo, you should also check your “data breach procedure” to define if a leak may have consequences on the privacy of the data subject. Please consult ICO’s website for further information.

  10 – Data Protection by Design and Data Protection Impact Assessments

  Ask yourself if you really need to process personal data within Matomo. If the data you are processing within Matomo is sensitive, we strongly recommend you to make a Data Protection Impact Assessment. A software is available from the The open source PIA software helps to carry out data protection impact assessment, by French Privacy Commissioner : CNIL.

  11 – Data Protection Officers

  If you are reading this article and you are the Data Protection Officer (DPO), you will not be concerned by this step. If that’s not the case, your duty is to provide to the DPO (if your business has a DPO) our blog post in order for her or him to ask you questions regarding your use of Matomo. Note that your DPO can also be interested in the different data that Matomo can process : “What data does Matomo track ?” (FAQ).

  12 – International

  Matomo data is hosted wherever you want. So according to the location of the data, you will need to show specific safeguard except for EU. For example regarding the USA, you will have to check if your web hosting platform is registered to the Privacy Shield : privacyshield.gov/list
  Note : our Matomo cloud infrastructure is based in France.

  That’s the end of this blog post. As GDPR is a huge topic, we will release many more blog posts in the upcoming weeks. If there are any Matomo GDPR topic related posts you would like us to write, please feel free to contact us.

  The post How to make Matomo GDPR compliant in 12 steps appeared first on Analytics Platform - Matomo.

• Managing Music Playback Channels

  30 juin 2013, par Multimedia Mike — General

  My Game Music Appreciation site allows users to interact with old video game music by toggling various channels, as long as the underlying synthesizer engine supports it.

  
  
  

  Users often find their way to the Nintendo DS section pretty quickly. This is when they notice an obnoxious quirk with the channel toggling feature : specifically, one channel doesn’t seem to map to a particular instrument or track.

  When it comes to computer music playback methodologies, I have long observed that there are 2 general strategies : Fixed channel and dynamic channel allocation.

  Fixed Channel Approach
  One of my primary sources of computer-based entertainment used to be watching music. Sure I listened to it as well. But for things like Amiga MOD files and related tracker formats, there was a rich ecosystem of fun music playback programs that visualized the music. There exist music visualization modes in various music players these days (such as iTunes and Windows Media Player), but those largely just show you a single wave form. These files were real time syntheses based on multiple audio channels and usually showed some form of analysis for each channel. My personal favorite was Cubic Player :

  
  
  

  Most of these players supported the concept of masking individual channels. In doing so, the user could isolate, study, and enjoy different components of the song. For many 4-channel Amiga MOD files, I observed that the common arrangement was to use the 4 channels for beat (percussion track), bass line, chords, and melody. Thus, it was easy to just listen to, e.g., the bass line in isolation.

  MODs and similar formats specified precisely which digital audio sample to play at what time and on which specific audio channel. To view the internals of one of these formats, one gets the impression that they contain an extremely computer-centric view of music.

  Dynamic Channel Allocation Algorithm
  MODs et al. enjoyed a lot of popularity, but the standard for computer music is MIDI. While MOD and friends took a computer-centric view of music, MIDI takes, well, a music-centric view of music.

  There are MIDI visualization programs as well. The one that came with my Gravis Ultrasound was called PLAYMIDI.EXE. It looked like this…

  
  
  

  … and it confused me. There are 16 distinct channels being visualized but some channels are shown playing multiple notes. When I dug into the technical details, I learned that MIDI just specifies what notes need to be played, at what times and frequencies and using which instrument samples, and it was the MIDI playback program’s job to make it happen.

  Thus, if a MIDI file specifies that track 1 should play a C major chord consisting of notes C, E, and G, it would transmit events “key-on C ; delta time 0 ; key-on E ; delta time 0 ; key-on G ; delta time … ; [other commands]“. If the playback program has access to multiple channels (say, up to 32, in the case of the GUS), the intuitive approach would be to maintain a pool of all available channels. Then, when it’s time to process the “key-on C” event, fetch the first available channel from the pool, mark it as in-use, play C on the channel, and return that channel to the pool when either the sample runs its course or the corresponding “key-off C” event is encountered in the MIDI command stream.

  About That Game Music
  Circling back around to my game music website, numerous supported systems use the fixed channel approach for playback while others use dynamic channel allocation approach, including evey Nintendo DS game I have so far analyzed.

  Which approach is better ? As in many technical matters, there are trade-offs either way. For many systems, the fixed channel approach is necessary because for many older audio synthesis systems, different channels had very specific purposes. The 8-bit NES had 5 channels : 2 square wave generators (used musically for melody/treble), 1 triangle wave generator (usually used for bass line), a noise generator (subverted for all manner of percussive sounds), and a limited digital channel (was sometimes assigned richer percussive sounds). Dynamic channel allocation wouldn’t work here.

  But the dynamic approach works great on hardware with 16 digital channels available like, for example, the Nintendo DS. Digital channels are very general-purpose. What about the SNES, with its 8 digital channels ? Either approach could work. In practice, most games used a fixed channel approach : Games might use 4-6 channels for music while reserving the remainder for various in-game sound effects. Some notable exceptions to this pattern were David Wise’s compositions for Rare’s SNES games (think Battletoads and the various Donkey Kong Country titles). These clearly use some dynamic channel approach since masking all but one channel will give you a variety of instrument sounds.

  Epilogue
  There ! That took a long time to explain but I find it fascinating for some reason. I need to distill it down to far fewer words because I want to make it a FAQ on my website for “Why can’t I isolate specific tracks for Nintendo DS games ?”

  Actually, perhaps I should remove the ability to toggle Nintendo DS channels in the first place. Here’s a funny tale of needless work : I found the Vio2sf engine for synthesizing Nintendo DS music and incorporated it into the program. It didn’t support toggling of individual channels so I figured out a way to add that feature to the engine. And then I noticed that most Nintendo DS games render that feature moot. After I released the webapp, I learned that I was out of date on the Vio2sf engine. The final insult was that the latest version already supports channel toggling. So I did the work for nothing. But then again, since I want to remove that feature from the UI, doubly so.

• How should I write my privacy notice for Matomo Analytics under GDPR ?

  24 avril 2018, par InnoCraft

  Important note : this blog post has been written by digital analysts, not lawyers. The purpose of this article is to show you an example of a privacy notice for Matomo under GDPR. This work comes from our interpretation of the UK privacy commission : ICO. It cannot be considered as professional legal advice. So as GDPR, this information is subject to change. We strongly advise you to have a look at the different privacy authorities in order to have up to date information.

  A basic rule of thumb is that if you are not processing personal data, then you do not need to show any privacy notice. But if you are doing so, such as processing full IP addresses, then a privacy notice is required at the time of the data collection. Please note that personal data may also be hidden, for example, in page titles or page URLs.

  In this blog post, we will define what a privacy notice is according to GDPR and how to write it if you are using Matomo and you are processing personal data.

  What is a privacy notice under GDPR ?

  One of the most important rights that a data subject has under GDPR, is the right to be informed about the collection and use of their personal data.

  Here is what ICO is saying about the privacy notice :

  “You must provide individuals with information including : your purposes for processing their personal data, your retention periods for that personal data, and who it will be shared with. We call this ‘privacy information’.”

  “When you collect personal data from the individual it relates to, you must provide them with privacy information at the time you obtain their data.”

  Note that a privacy notice is different from a privacy policy.

  The privacy notice has to include :

  • the reasons why you are processing the personal data
  • for how long
  • who the different parties you are going to share them with are

  So whatever lawful basis you are using (explicit consent or legitimate interest), you need to have a privacy notice if you collect personal data.

  What does this privacy notice look like ?

  ICO is providing best practices in order to display the information :

  • a layered approach
  • dashboards
  • just-in-time notices
  • icons
  • mobile and smart device functionalities

  Once more, it really depends on the data you are processing with Matomo. If you wish to track personal data on the entire website, you will probably have an upper or footer privacy notice such as :

  

  If you wish to process specific data, you could also insert just-in-time notices such as :

  

  What is the information you need to disclose to the final user ?

  To us, there are two things to distinguish between the privacy notice and the privacy policy.

  According to ICO, the privacy notice needs to include the 3 following elements :

  • the reasons why you are processing the personal data
  • for how long
  • who are the different parties you are going to share them with

  But you also need to inform them about :

  • The name and contact details of your organisation.
  • The name and contact details of your representative (if applicable).
  • The contact details of your data protection officer (if applicable).
  • The purposes of the processing.
  • The lawful basis for the processing.
  • The legitimate interests for the processing (if applicable).
  • The categories of personal data obtained (if the personal data is not obtained from the individual it relates to).
  • The recipients or categories of recipients of the personal data.
  • The details of transfers of the personal data to any third countries or international organisations (if applicable).
  • The retention periods for the personal data.
  • The rights available to individuals in respect of the processing.
  • The right to withdraw consent (if applicable).
  • The right to lodge a complaint with a supervisory authority.
  • The source of the personal data (if the personal data is not obtained from the individual it relates to).
  • The details of whether individuals are under a statutory or contractual obligation to provide the personal data (if applicable, and if the personal data is collected from the individual it relates to).
  • The details of the existence of automated decision-making, including profiling (if applicable).

  Pretty long, don’t you think ? In order to reduce it, you can either adopt a layered approach where your “pop-up” window will act as a drop down menu. Or from what we understood, page 5 of this document provided by ICO, a privacy notice can link to a more detailed document, such as a privacy policy page.

  Examples

  Let’s take the example of a website which tracks the non-anonymised full IP address, and using User ID functionality to keep track of logged-in users. Under GDPR, the owner of the website will have to choose either to process personal data based on “Legitimate interests” or on “Consent”. Here is how it will look like :

  Example of a privacy notice under GDPR Legitimate interests

  This site uses Matomo to analyze traffic and help us to improve your user experience.

  We process your email address and IP address and cookies are stored on your browser for 13 months. This data is only processed by us and our web hosting platform. Please read our Privacy Policy to learn more.

  Example of a privacy notice under GDPR Consent

  This site uses Matomo to analyze traffic and help us to improve your user experience.

  We process your email address and IP address and cookies are stored on your browser for 13 months. This data is only processed by us and our web hosting platform.

  [Accept] or [Opt-out]

  Please read our Privacy Policy to learn more.

  Once that information is provided to the user, you can then link it to your privacy policy where you will provide more details about it. Soon we will issue a blog post dealing with how to write a privacy policy page for Matomo.

  The post How should I write my privacy notice for Matomo Analytics under GDPR ? appeared first on Analytics Platform - Matomo.