Recherche avancée

Médias (0)

Mot : - Tags -/flash

Aucun média correspondant à vos critères n’est disponible sur le site.

Autres articles (105)

  • MediaSPIP 0.1 Beta version

    25 avril 2011, par

    MediaSPIP 0.1 beta is the first version of MediaSPIP proclaimed as "usable".
    The zip file provided here only contains the sources of MediaSPIP in its standalone version.
    To get a working installation, you must manually install all-software dependencies on the server.
    If you want to use this archive for an installation in "farm mode", you will also need to proceed to other manual (...)

  • Amélioration de la version de base

    13 septembre 2013

    Jolie sélection multiple
    Le plugin Chosen permet d’améliorer l’ergonomie des champs de sélection multiple. Voir les deux images suivantes pour comparer.
    Il suffit pour cela d’activer le plugin Chosen (Configuration générale du site > Gestion des plugins), puis de configurer le plugin (Les squelettes > Chosen) en activant l’utilisation de Chosen dans le site public et en spécifiant les éléments de formulaires à améliorer, par exemple select[multiple] pour les listes à sélection multiple (...)

  • Mise à jour de la version 0.1 vers 0.2

    24 juin 2013, par

    Explications des différents changements notables lors du passage de la version 0.1 de MediaSPIP à la version 0.3. Quelles sont les nouveautés
    Au niveau des dépendances logicielles Utilisation des dernières versions de FFMpeg (>= v1.2.1) ; Installation des dépendances pour Smush ; Installation de MediaInfo et FFprobe pour la récupération des métadonnées ; On n’utilise plus ffmpeg2theora ; On n’installe plus flvtool2 au profit de flvtool++ ; On n’installe plus ffmpeg-php qui n’est plus maintenu au (...)

Sur d’autres sites (15456)

  • GA360 Sunset : Is Now the Time to Switch ?

    20 mai 2024, par Erin

    Google pushed the sunset date of Universal Analytics 360 to July 2024, giving enterprise users more time to transition to Google Analytics 4. This extension is also seen by some as time to find a suitable alternative. 

    While Google positions GA4 as an upgrade to Universal Analytics, the new platform has faced its fair share of backlash. 

    So before you rush to meet the new sunset deadline, ask yourself this question : Is now the time to switch to a Google Analytics alternative ?

    In this article, we’ll explain what the new GA360 sunset date means and show you what you could gain by choosing a privacy-friendly alternative. 

    What’s happening with the final GA360 sunset ?

    Google has given Universal Analytics 360 properties with a current 360 licence a one-time extension, which will end on 1 July 2024.

    Why did Google extend the sunset ?

    In a blog post on Google, Russell Ketchum, Director of Product Management at Google Analytics, provided more details about the final GA360 sunset. 

    In short, the tech giant realised it would take large enterprise accounts (which typically have complex analytics setups) much longer to transition smoothly. The extension gives them time to migrate to GA4 and check everything is tracking correctly. 

    What’s more, Google is also focused on improving the GA4 experience before more GA360 users migrate :

    “We’re focusing our efforts and investments on Google Analytics 4 to deliver a solution built to adapt to a changing ecosystem. Because of this, throughout 2023 we’ll be shifting support away from Universal Analytics 360 and will move our full focus to Google Analytics 4 in 2024. As a result, performance will likely degrade in Universal Analytics 360 until the new sunset date.”

    Despite the extension, the July sunset is definitive. 

    Starting the week of 1 July 2024, you won’t be able to access any Universal Analytics properties or the API (not even with read-only access), and all data will be deleted.

    In other words, it’s not just data collection that will cease at the start of July. You won’t be able to access the platform, and all your data will be deleted. 

    What GA360 features is Google deprecating, and when ?

    If you’re wondering which GA360 features are being deprecated and when, here is the timeline for Google’s final GA360 sunset :

    • 1 January 2024 : From the beginning of the year, Google doesn’t guarantee all features and functionalities in UA 360 will continue to work as expected. 
    • 29 January 2024 : Google began deprecating a string of advertising and measurement features as it shifts resources to focus on GA4. These features include :
      • Realtime reports
      • Lifetime Value report
      • Model Explorer
      • Cohort Analysis
      • Conversion Probability report
      • GDN Impression Beta
    • Early March 2024 : Google began deprecating more advertising and measurement features. Deprecated advertising features include Demographic and Interest reports, Publisher reporting, Phone Analytics, Event and Salesforce Data Import, and Realtime BigQuery Export. Deprecated measurement features include Universal Analytics property creation, App Views, Unsampled reports, Custom Tables and annotations.
    • Late March 2024 : This is the last recommended date for migration to GA4 to give users three months to validate data and settings. By this date, Google recommends that you migrate your UA’s Google Ads links to GA4, create new Google Ad conversions based on GA4 events, and add GA4 audiences to campaigns and ad groups for retargeting. 
    • 1 July 2024 : From 1 July 2024, you won’t be able to access any UA properties, and all data will be deleted.

    What’s different about GA4 360 ? 

    GA4 comes with a new set of metrics, setups and reports that change how you analyse your data. We highlight the key differences between Universal Analytics and GA4 below. 

    What’s different about GA4?

    New dashboard

    The layout of GA4 is completely different from Universal Analytics, so much so that the UX can be very complex for first-time and experienced GA users alike. Reports or metrics that used to be available in a couple of clicks in UA now take five or more to find. While you can do more in theory with GA4, it takes much more work. 

    New measurements

    The biggest difference between GA4 and UA is how Google measures data. GA4 tracks events — and everything counts as an event. That includes pageviews, scrolls, clicks, file downloads and contact form submissions. 

    The idea is to anonymise data while letting you track complex buyer journeys across multiple devices. However, it can be very confusing, even for experienced marketers and analysts. 

    New metrics

    You won’t be able to track the same metrics in GA4 as in Universal Analytics. Rather than bounce rate, for example, you are forced to track engagement rate, which is the percentage of engaged sessions. These sessions last at least ten seconds, at least two pageviews or at least one conversion event. 

    Confused ? You’re not alone. 

    New reports

    Most reports you’ll be familiar with in Universal Analytics have been replaced in GA4. The new platform also has a completely different reporting interface, with every report grouped under the following five headings : realtime, audience, acquisition, behaviour and conversions. It can be hard for experienced marketers, let alone beginners, to find their way around these new reports. 

    AI insights

    GA4 has machine learning (ML) capabilities that allow you to generate AI insights from your data. Specifically, GA4 has predictive analytics features that let you track three trends : 

    • Purchase probability : the likelihood that a consumer will make a purchase in a given timeframe.
    • Churn probability : the likelihood a customer will churn in a given period.
    • Predictive revenue : the amount of revenue a user is likely to generate over a given period. 

    Google generates these insights using historical data and machine learning algorithms. 

    Cross-platform capabilities

    GA4 also offers cross-platform capabilities, meaning it can track user interactions across websites and mobile apps, giving businesses a holistic view of customer behaviour. This allows for better decision-making throughout the customer journey.

    Does GA4 360 come with other risks ?

    Aside from the poor usability, complexity and steep learning curve, upgrading your GA360 property to GA4 comes with several other risks.

    GA4 has a rocky relationship with privacy regulations, and while you can use it in a GDPR-compliant way at the moment, there’s no guarantee you’ll be able to do so in the future. 

    This presents the prospect of fines for non-compliance. A worse risk, however, is regulators forcing you to change web analytics platforms in the future—something that’s already happened in the EU. Migrating to a new application can be incredibly painful and time-consuming, especially when you can choose a privacy-friendly alternative that avoids the possibility of this scenario. 

    If all this wasn’t bad enough, switching to GA4 risks your historical Universal Analytics data. That’s because you can’t import Universal Analytics data into GA4, even if you migrate ahead of the sunset deadline.

    Why you should consider a GA4 360 alternative instead

    With the GA360 sunset on the horizon, what are your options if you don’t want to deal with GA4’s problems ? 

    The easiest solution is to migrate to a GA4 360 alternative instead. And there are plenty of reasons to migrate from Google Analytics to a privacy-friendly alternative like Matomo. 

    Keep historical data

    As we’ve explained, Google isn’t letting users import their Universal Analytics data from GA360 to GA4. The easiest way to keep it is by switching to a Google Analytics alternative like Matomo that lets you import your historical data. 

    Any business using Google Analytics, whether a GA360 user or otherwise, can import data into Matomo using our Google Analytics Importer plugin. It’s the best way to avoid disruption or losing data when moving on from Universal Analytics.

    Collect 100% accurate data

    Google Analytics implements data sampling and machine learning to fill gaps in your data and generate the kind of predictive insights we mentioned earlier. For standard GA4 users, data sampling starts at 10 million events. For GA4 360 users, data sampling starts at one billion events. Nevertheless, Google Analytics data may not accurately reflect your web traffic. 

    You can fix this using a Google Analytics alternative like Matomo that doesn’t use data sampling. That way, you can be confident that your data-driven decisions are being made with 100% accurate user data. 

    Try Matomo for Free

    Get the web insights you need, without compromising data accuracy.

    No credit card required

    Guarantee user privacy first

    Google has a stormy relationship with the EU-US Data Privacy Framework—being banned and added back to the framework in recent years.

    Currently, organisations governed by GDPR can use Google Analytics to collect data about EU residents, but there’s no guarantee of their ability to do so in the future. Nor does the Framework prevent Google from using EU customer data for ulterior purposes such as marketing and training large language models. 

    By switching to a privacy-focused alternative like Matomo, you don’t have to worry about your user’s data ending up in the wrong hands.

    Upgrade to an all-in-one analytics tool

    Switching from Google Analytics can actually give organisations access to more features. That’s because some GA4 alternatives, like Matomo, offer advanced conversion optimisation features like heatmaps, session recordings, A/B testing, form analytics and more right out of the box. 

    Matomo Heatmaps Feature

    This makes Matomo a great choice for marketing teams that want to minimise their tech stack and use one tool for both web and behavioural analytics. 

    Get real-time reports

    GA4 isn’t the best tool for analysing website visitors in real time. That’s because it can take up to 4 hours to process new reports in GA360.

    However, Google Analytics alternatives like Matomo have a range of real-time reports you can leverage.

    Real-Time Map Tooltip

    In Matomo, the Real Time Visitor World Map and other reports are processed every 15 minutes. There is also a Visits in Real-time report, which refreshes every five seconds and shows a wealth of data for each visitor. 

    Matomo makes migration easy

    Whether it’s the poor usability, steep learning curve, inaccurate data or privacy issues, there’s every reason to think twice about migrating your UA360 account to GA4. 

    So why not migrate to a Google Analytics alternative like Matomo instead ? One that doesn’t sample data, guarantees your customers’ privacy, offers all the features GA4 doesn’t and is already used by over 1 million sites worldwide.

    Making the switch is easy. Matomo is one of the few web analytics tools that lets you import historical Google Analytics data. In doing so, you can continue to access your historical data and develop more meaningful insights by not having to start from scratch.

    If you’re ready to start a Google Analytics migration, you can try Matomo free for 21 days — no credit card required. 

  • What Is Data Misuse & How to Prevent It ? (With Examples)

    13 mai 2024, par Erin

    Your data is everywhere. Every time you sign up for an email list, log in to Facebook or download a free app onto your smartphone, your data is being taken.

    This can scare customers and users who fear their data will be misused.

    While data can be a powerful asset for your business, it’s important you manage it well, or you could be in over your head.

    In this guide, we break down what data misuse is, what the different types are, some examples of major data misuse and how you can prevent it so you can grow your brand sustainably.

    What is data misuse ?

    Data is a good thing.

    It helps analysts and marketers understand their customers better so they can serve them relevant information, products and services to improve their lives.

    But it can quickly become a bad thing for both the customers and business owners when it’s mishandled and misused.

    What is data misuse?

    Data misuse is when a business uses data outside of the agreed-upon terms. When companies collect data, they need to legally communicate how that data is being used. 

    Who or what determines when data is being misused ?

    Several bodies :

    • User agreements
    • Data privacy laws
    • Corporate policies
    • Industry regulations

    There are certain laws and regulations around how you can collect and use data. Failure to comply with these guidelines and rules can result in several consequences, including legal action.

    Keep reading to discover the different types of data misuse and how to prevent it.

    3 types of data misuse

    There are a few different types of data misuse.

    If you fail to understand them, you could face penalties, legal trouble and a poor brand reputation.

    3 types of data misuse.

    1. Commingling

    When you collect data, you need to ensure you’re using it for the right purpose. Commingling is when an organisation collects data from a specific audience for a specific reason but then uses the data for another purpose.

    One example of commingling is if a company shares sensitive customer data with another company. In many cases, sister companies will share data even if the terms of the data collection didn’t include that clause.

    Another example is if someone collects data for academic purposes like research but then uses the data later on for marketing purposes to drive business growth in a for-profit company.

    In either case, the company went wrong by not being clear on what the data would be used for. You must communicate with your audience exactly how the data will be used.

    2. Personal benefit

    The second common way data is misused in the workplace is through “personal benefit.” This is when someone with access to data abuses it for their own gain.

    The most common example of personal benefit data muse is when an employee misuses internal data.

    While this may sound like each instance of data misuse is caused by malicious intent, that’s not always the case. Data misuse can still exist even if an employee didn’t have any harmful intent behind their actions. 

    One of the most common examples is when an employee mistakenly moves data from a company device to personal devices for easier access.

    3. Ambiguity

    As mentioned above, when discussing commingling, a company must only use data how they say they will use it when they collect it.

    A company can misuse data when they’re unclear on how the data is used. Ambiguity is when a company fails to disclose how user data is being collected and used.

    This means communicating poorly on how the data will be used can be wrong and lead to misuse.

    One of the most common ways this happens is when a company doesn’t know how to use the data, so they can’t give a specific reason. However, this is still considered misuse, as companies need to disclose exactly how they will use the data they collect from their customers.

    Laws on data misuse you need to follow

    Data misuse can lead to poor reputations and penalties from big tech companies. For example, if you step outside social media platforms’ guidelines, you could be suspended, banned or shadowbanned.

    But what’s even more important is certain types of data misuse could mean you’re breaking laws worldwide. Here are some laws on data misuse you need to follow to avoid legal trouble :

    General Data Protection Regulation (GDPR)

    The GDPR, or General Data Protection Regulation, is a law within the European Union (EU) that went into effect in 2018.

    The GDPR was implemented to set a standard and improve data protection in Europe. It was also established to increase accountability and transparency for data breaches within businesses and organisations.

    The purpose of the GDPR is to protect residents within the European Union.

    The penalties for breaking GDPR laws are fines up to 20 million Euros or 4% of global revenues (whatever the higher amount is).

    The GDPR doesn’t just affect companies in Europe. You can break the GDPR’s laws regardless of where your organisation is located worldwide. As long as your company collects, processes or uses the personal data of any EU resident, you’re subject to the GDPR’s rules.

    If you want to track user data to grow your business, you need to ensure you’re following international data laws. Tools like Matomo—the world’s leading privacy-friendly web analytics solution—can help you achieve GDPR compliance and maintain it.

    With Matomo, you can confidently enhance your website’s performance, knowing that you’re adhering to data protection laws. 

    Try Matomo for Free

    Get the web insights you need, without compromising data accuracy.

    No credit card required

    California Consumer Privacy Act (CCPA)

    The California Consumer Privacy Act (CCPA) is another important data law companies worldwide must follow.

    Like GDPR, the CCPA is a data privacy law established to protect residents of a certain region — in this case, residents of California in the United States.

    The CCPA was implemented in 2020, and businesses worldwide can be penalised for breaking the regulations. For example, if you’re found violating the CCPA, you could be fined $7,500 for each intentional violation.

    If you have unintentional violations, you could still be fined, but at a lesser fee of $2,500.

    The Gramm-Leach-Bliley Act (GLBA)

    If your business is located within the United States, then you’re subject to a federal law implemented in 1999 called The Gramm-Leach-Bliley Act (GLB Act or GLBA).

    The GLBA is also known as the Financial Modernization Act of 1999. Its purpose is to control the way American financial institutions handle consumer data. 

    In the GLBA, there are three sections :

    1. The Financial Privacy Rule : regulates the collection and disclosure of private financial data.
    2. Safeguards Rule : Financial institutions must establish security programs to protect financial data.
    3. Pretexting Provisions : Prohibits accessing private data using false pretences.

    The GLBA also requires financial institutions in the U.S. to give their customers written privacy policy communications that explain their data-sharing practices.

    4 examples of data misuse in real life

    If you want to see what data misuse looks like in real life, look no further.

    Big tech is central to some of the biggest data misuses and scandals.

    4 examples of data misuse in real life.

    Here are a few examples of data misuse in real life you should take note of to avoid a similar scenario :

    1. Facebook election interference

    One of history’s most famous examples of data misuse is the Facebook and Cambridge Analytica scandal in 2018.

    During the 2018 U.S. midterm elections, Cambridge Analytica, a political consulting firm, acquired personal data from Facebook users that was said to have been collected for academic research.

    Instead, Cambridge Analytica used data from roughly 87 million Facebook users. 

    This is a prime example of commingling.

    The result ? Cambridge Analytica was left bankrupt and dissolved, and Facebook was fined $5 billion by the Federal Trade Commission (FTC).

    2. Uber “God View” tracking

    Another big tech company, Uber, was caught misusing data a decade ago. 

    Why ?

    Uber implemented a new feature for its employees in 2014 called “God View.”

    The tool enabled Uber employees to track riders using their app. The problem was that they were watching them without the users’ permission. “God View” lets Uber spy on their riders to see their movements and locations.

    The FTC ended up slapping them with a major lawsuit, and as part of their settlement agreement, Uber agreed to have an outside firm audit their privacy practices between 2014 and 2034.

    Uber "God View."

    3. Twitter targeted ads overstep

    In 2019, Twitter was found guilty of allowing advertisers to access its users’ personal data to improve advertisement targeting.

    Advertisers were given access to user email addresses and phone numbers without explicit permission from the users. The result was that Twitter ad buyers could use this contact information to cross-reference with Twitter’s data to serve ads to them.

    Twitter stated that the data leak was an internal error. 

    4. Google location tracking

    In 2020, Google was found guilty of not explicitly disclosing how it’s using its users’ personal data, which is an example of ambiguity.

    The result ?

    The French data protection authority fined Google $57 million.

    8 ways to prevent data misuse in your company

    Now that you know the dangers of data misuse and its associated penalties, it’s time to understand how you can prevent it in your company.

    How to prevent data misuse in your company.

    Here are eight ways you can prevent data misuse :

    1. Track data with an ethical web analytics solution

    You can’t get by in today’s business world without tracking data. The question is whether you’re tracking it safely or not.

    If you want to ensure you aren’t getting into legal trouble with data misuse, then you need to use an ethical web analytics solution like Matomo.

    With it, you can track and improve your website performance while remaining GDPR-compliant and respecting user privacy. Unlike other web analytics solutions that monetise your data and auction it off to advertisers, with Matomo, you own your data.

    Try Matomo for Free

    Get the web insights you need, without compromising data accuracy.

    No credit card required

    2. Don’t share data with big tech

    As the data misuse examples above show, big tech companies often violate data privacy laws.

    And while most of these companies, like Google, appear to be convenient, they’re often inconvenient (and much worse), especially regarding data leaks, privacy breaches and the sale of your data to advertisers.

    Have you ever heard the phrase : “You are the product ?” When it comes to big tech, chances are if you’re getting it for free, you (and your data) are the products they’re selling.

    The best way to stop sharing data with big tech is to stop using platforms like Google. For more ideas on different Google product alternatives, check out this list of Google alternatives.

    3. Identity verification 

    Data misuse typically isn’t a company-wide ploy. Often, it’s the lack of security structure and systems within your company. 

    An important place to start is to ensure proper identity verification for anyone with access to your data.

    4. Access management

    After establishing identity verification, you should ensure you have proper access management set up. For example, you should only give specific access to specific roles in your company to prevent data misuse.

    5. Activity logs and monitoring

    One way to track data misuse or breaches is by setting up activity logs to ensure you can see who is accessing certain types of data and when they’re accessing it.

    You should ensure you have a team dedicated to continuously monitoring these logs to catch anything quickly.

    6. Behaviour alerts 

    While manually monitoring data is important, it’s also good to set up automatic alerts if there is unusual activity around your data centres. You should set up behaviour alerts and notifications in case threats or compromising events occur.

    7. Onboarding, training, education

    One way to ensure quality data management is to keep your employees up to speed on data security. You should ensure data security is a part of your employee onboarding. Also, you should have regular training and education to keep people informed on protecting company and customer data.

    8. Create data protocols and processes 

    To ensure long-term data security, you should establish data protocols and processes. 

    To protect your user data, set up rules and systems within your organisation that people can reference and follow continuously to prevent data misuse.

    Leverage data ethically with Matomo

    Data is everything in business.

    But it’s not something to be taken lightly. Mishandling user data can break customer trust, lead to penalties from organisations and even create legal trouble and massive fines.

    You should only use privacy-first tools to ensure you’re handling data responsibly.

    Matomo is a privacy-friendly web analytics tool that collects, stores and tracks data across your website without breaking privacy laws.

    With over 1 million websites using Matomo, you can track and improve website performance with :

    • Accurate data (no data sampling)
    • Privacy-friendly and compliant with privacy regulations like GDPR, CCPA and more
    • Advanced features like heatmaps, session recordings, A/B testing and more

    Try Matomo free for 21-days. No credit card required.

  • A Guide to GDPR Sensitive Personal Data

    13 mai 2024, par Erin

    The General Data Protection Regulation (GDPR) is one of the world’s most stringent data protection laws. It provides a legal framework for collection and processing of the personal data of EU individuals.

    The GDPR distinguishes between “special categories of personal data” (also referred to as “sensitive”) and other personal data and imposes stricter requirements on collection and processing of sensitive data. Understanding these differences will help your company comply with the requirements and avoid heavy penalties.

    In this article, we’ll explain what personal data is considered “sensitive” according to the GDPR. We’ll also examine how a web analytics solution like Matomo can help you maintain compliance.

    What is sensitive personal data ?

    The following categories of data are treated as sensitive :

      1. Personal data revealing :
        • Racial or ethnic origin ;
        • Political opinions ;
        • Religious or philosophical beliefs ;
        • Trade union membership ;
      2. Genetic and biometric data ;
      3. Data concerning a person’s :
        • Health ; or
        • Sex life or sexual orientation.
    Examples of GDPR Sensitive Personal Data

    Sensitive vs. non-sensitive personal data : What’s the difference ?

    While both categories include information about an individual, sensitive data is seen as more private, or requiring a greater protection. 

    Sensitive data often carries a higher degree of risk and harm to the data subject, if the data is exposed. For example, a data breach exposing health records could lead to discrimination for the individuals involved. An insurance company could use the information to increase premiums or deny coverage. 

    In contrast, personal data like name or gender is considered less sensitive because it doesn’t carry the same degree of harm as sensitive data. 

    Unauthorised access to someone’s name alone is less likely to harm them or infringe on their fundamental rights and freedoms than an unauthorised access to their health records or biometric data. Note that financial information (e.g. credit card details) does not fall into the special categories of data.

    Table displaying different sensitive data vs non-sensitive data

    Legality of processing

    Under the GDPR, both sensitive and nonsensitive personal data are protected. However, the rules and conditions for processing sensitive data are more stringent.

    Article 6 deals with processing of non-sensitive data and it states that processing is lawful if one of the six lawful bases for processing applies. 

    In contrast, Art. 9 of the GDPR states that processing of sensitive data is prohibited as a rule, but provides ten exceptions. 

    It is important to note that the lawful bases in Art. 6 are not the same as exceptions in Art. 9. For example, while performance of a contract or legitimate interest of the controller are a lawful basis for processing non-sensitive personal data, they are not included as an exception in Art. 9. What follows is that controllers are not permitted to process sensitive data on the basis of contract or legitimate interest. 

    The exceptions where processing of sensitive personal data is permitted (subject to additional requirements) are : 

    • Explicit consent : The individual has given explicit consent to processing their sensitive personal data for specified purpose(s), except where an EU member state prohibits such consent. See below for more information about explicit consent. 
    • Employment, social security or social protection : Processing sensitive data is necessary to perform tasks under employment, social security or social protection law.
    • Vital interests : Processing sensitive data is necessary to protect the interests of a data subject or if the individual is physically or legally incapable of consenting. 
    • Non-for-profit bodies : Foundations, associations or nonprofits with a political, philosophical, religious or trade union aim may process the sensitive data of their members or those they are in regular contact with, in connection with their purposes (and no disclosure of the data is permitted outside the organisation, without the data subject’s consent).
    • Made public : In some cases, it may be permissible to process the sensitive data of a data subject if the individual has already made it public and accessible. 
    • Legal claims : Processing sensitive data is necessary to establish, exercise or defend legal claims, including legal or in court proceedings.
    • Public interest : Processing is necessary for reasons of substantial public interest, like preventing unlawful acts or protecting the public.
    • Health or social care : Processing special category data is necessary for : preventative or occupational medicine, providing health and social care, medical diagnosis or managing healthcare systems.
    • Public health : It is permissible to process sensitive data for public health reasons, like protecting against cross-border threats to health or ensuring the safety of medicinal products or medical devices. 
    • Archiving, research and statistics : You may process sensitive data if it’s done for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.

    In addition, you must adhere to all data handling requirements set by the GDPR.

    Important : Note that for any data sent that you are processing, you always need to identify a lawful basis under Art. 6. In addition, if the data sent contains sensitive data, you must comply with Art. 9.

    Explicit consent

    While consent is a valid lawful basis for processing non-sensitive personal data, controllers are permitted to process sensitive data only with an “explicit consent” of the data subject.

    The GDPR does not define “explicit” consent, but it is accepted that it must meet all Art. 7 conditions for consent, at a higher threshold. To be “explicit” a consent requires a clear statement (oral or written) of the data subject. Consent inferred from the data subject’s actions does not meet the threshold. 

    The controller must retain records of the explicit consent and provide appropriate consent withdrawal method to allow the data subject to exercise their rights.

    Examples of compliant and non-compliant sensitive data processing

    Here are examples of when you can and can’t process sensitive data :

    • When you can process sensitive data : A doctor logs sensitive data about a patient, including their name, symptoms and medicine prescribed. The hospital can process this data to provide appropriate medical care to their patients. An IoT device and software manufacturer processes their customers’ health data based on explicit consent of each customer. 
    • When you can’t process sensitive data : One example is when you don’t have explicit consent from a data subject. Another is when there’s no lawful basis for processing it or you are collecting personal data you simply do not need. For example, you don’t need your customer’s ethnic origin to fulfil an online order.

    Other implications of processing sensitive data

    If you process sensitive data, especially on a large scale, GDPR imposes additional requirements, such as having Data Privacy Impact Assessments, appointing Data Protection Officers and EU Representatives, if you are a controller based outside the EU.

    Penalties for GDPR non-compliance

    Mishandling sensitive data (or processing it when you’re not allowed to) can result in huge penalties. There are two tiers of GDPR fines :

    • €10 million or 2% of a company’s annual revenue for less severe infringements
    • €20 million or 4% of a company’s annual revenue for more severe infringements

    In the first half of 2023 alone, fines imposed in the EU due to GDPR violations exceeded €1.6 billion, up from €73 million in 2019.

    Examples of high-profile violations in the last few years include :

    • Amazon : The Luxembourg National Commission fined the retail giant with a massive $887 million fine in 2021 for not processing personal data per the GDPR. 
    • Google : The National Data Protection Commission (CNIL) fined Google €50 million for not getting proper consent to display personalised ads.
    • H&M : The Hamburg Commissioner for Data Protection and Freedom of Information hit the multinational clothing company with a €35.3 million fine in 2020 for unlawfully gathering and storing employees’ data in its service centre.

    One of the criteria that affects the severity of a fine is “data category” — the type of personal data being processed. Companies need to take extra precautions with sensitive data, or they risk receiving more severe penalties.

    What’s more, GDPR violations can negatively affect your brand’s reputation and cause you to lose business opportunities from consumers concerned about your data practices. 76% of consumers indicated they wouldn’t buy from companies they don’t trust with their personal data.

    Organisations should lay out their data practices in simple terms and make this information easily accessible so customers know how their data is being handled.

    Get started with GDPR-compliant web analytics

    The GDPR offers a framework for securing and protecting personal data. But it also distinguishes between sensitive and non-sensitive data. Understanding these differences and applying the lawful basis for processing this data type will help ensure compliance.

    Looking for a GDPR-compliant web analytics solution ?

    At Matomo, we take data privacy seriously. 

    Our platform ensures 100% data ownership, putting you in complete control of your data. Unlike other web analytics solutions, your data remains solely yours and isn’t sold or auctioned off to advertisers. 

    Additionally, with Matomo, you can be confident in the accuracy of the insights you receive, as we provide reliable, unsampled data.

    Matomo also fully complies with GDPR and other data privacy laws like CCPA, LGPD and more.

    Start your 21-day free trial today ; no credit card required. 

    Disclaimer

    We are not lawyers and don’t claim to be. The information provided here is to help give an introduction to GDPR. We encourage every business and website to take data privacy seriously and discuss these issues with your lawyer if you have any concerns.