Recherche avancée

Sur d’autres sites (10845)

• Use Google Analytics and risk fines, after CJEU ruling on Privacy Shield

  27 août 2020, par Joselyn Khor — Privacy
  EU websites using Google Analytics and Facebook are being targeted by European privacy group noyb after the invalidation of the Privacy Shield. They filed a complaint against 101 websites for continuing to send data to the US. 

  “A quick analysis of the HTML source code of major EU webpages shows that many companies still use Google Analytics or Facebook Connect one month after a major judgment by the Court of Justice of the European Union (CJEU) - despite both companies clearly falling under US surveillance laws, such as FISA 702. Neither Facebook nor Google seem to have a legal basis for the data transfers.”

  

  The Privacy Shield previously allowed for EU data to be transferred to the US. However, this was invalidated by the Court of Justice of the European Union (CJEU) on July 16, 2020. The CJEU deemed it illegal for any websites to transfer the personal data of European citizens to the US. 

  They also made it clear in a press release that “data subjects can claim compensation for inadmissible data exports (marginal no. 143 of the judgment). This should in particular include non-material damage (“compensation for pain and suffering”) and must be of a deterrent amount under European law.” Which puts extra financial pressure on websites to take the new ruling seriously.

  Immediate action is required after Google Privacy Shield invalidation

  The Berlin Commissioner for Data Protection and Freedom of Information therefore calls on all those responsible under its supervision to observe the decision of the ECJ [CJEU]. Those responsible who transfer personal data to the USA - especially when using cloud services - are now required to immediately switch to service providers in the European Union or in a country with an adequate level of data protection.

  As the ruling is effective immediately, there’s a pressing need for websites using Google Analytics to act, or face getting fined.

  What does this mean for you ?

  If you’re using Google Analytics the safest bet is to stop using it immediately. 

  "Neither Google Analytics nor Facebook Connect are necessary for the operation of these websites and could therefore have been replaced or at least deactivated in the meantime."

  If you still need to use it, then you’ll need to inform your visitors via a clear consent screen. This banner needs to make clear their personal data will be sent to the US, and to educate them about any potential risk related to this. They will then need to explicitly agree to this. 

  Another downside of cookie consent screens is that you may also suffer a damaging loss of visitors. After implementing cookie consent best practices, the UK’s data regulator the Information Commissioner’s Office (ICO) found a 90% drop in traffic, “implying a ninety percent drop in opt-in rates.”

  With an acceptance rate for such consent screens being lower than 10% your analytics becomes guesswork rather than science. 

  Looking for a privacy-respecting alternative to Google Analytics ?

  Privacy compliant Matomo Analytics is one of the best Google Analytics alternatives availalble. 

  With Matomo you’re able to continue using analytics without facing the wrath of both the GDPR and the CJEU. Matomo On-Premise lets you choose where your data is stored, so you can ensure no data is processed in the US. 

  Matomo is privacy-friendly and can be tweaked to comply with all privacy laws. Including the GDPR, HIPAA, CCPA and PECR. The benefits of this include : not needing to use tracking or cookie consent screens (like with GA) ; and avoiding fines because no personal data is collected. You also get 100% accurate data and the ability to protect your user’s privacy.

  Download Matomo

  

  Is your EU business at risk of being fined for using Google Analytics ?

  Email

  Get our assessment guide

• My journey to Coviu

  27 octobre 2015, par silvia

  My new startup just released our MVP – this is the story of what got me here.

  I love creating new applications that let people do their work better or in a manner that wasn’t possible before.

  My first such passion was as a student intern when I built a system for a building and loan association’s monthly customer magazine. The group I worked with was managing their advertiser contacts through a set of paper cards and I wrote a dBase based system (yes, that long ago) that would manage their customer relationships. They loved it – until it got replaced by an SAP system that cost 100 times what I cost them, had really poor UX, and only gave them half the functionality. It was a corporate system with ongoing support, which made all the difference to them.

  The story repeated itself with a CRM for my Uncle’s construction company, and with a resume and quotation management system for Accenture right after Uni, both of which I left behind when I decided to go into research.

  Even as a PhD student, I never lost sight of challenges that people were facing and wanted to develop technology to overcome problems. The aim of my PhD thesis was to prepare for the oncoming onslaught of audio and video on the Internet (yes, this was 1994 !) by developing algorithms to automatically extract and locate information in such files, which would enable users to structure, index and search such content.

  Many of the use cases that we explored are now part of products or continue to be challenges : finding music that matches your preferences, identifying music or video pieces e.g. to count ads on the radio or to mark copyright infringement, or the automated creation of video summaries such as trailers.

  

  This continued when I joined the CSIRO in Australia – I was working on segmenting speech into words or talk spurts since that would simplify captioning & subtitling, and on MPEG-7 which was a (slightly over-engineered) standard to structure metadata about audio and video.

  In 2001 I had the idea of replicating the Web for videos : i.e. creating hyperlinked and searchable video-only experiences. We called it “Annodex” for annotated and indexed video and it needed full-screen hyperlinked video in browsers – man were we ahead of our time ! It was my first step into standards, got several IETF RFCs to my name, and started my involvement with open codecs through Xiph.

  Around the time that YouTube was founded in 2006, I founded Vquence – originally a video search company for the Web, but pivoted to a video metadata mining company. Vquence still exists and continues to sell its data to channel partners, but it lacks the user impact that has always driven my work.

  As the video element started being developed for HTML5, I had to get involved. I contributed many use cases to the W3C, became a co-editor of the HTML5 spec and focused on video captioning with WebVTT while contracting to Mozilla and later to Google. We made huge progress and today the technology exists to publish video on the Web with captions, making the Web more inclusive for everybody. I contributed code to YouTube and Google Chrome, but was keen to make a bigger impact again.

  The opportunity came when a couple of former CSIRO colleagues who now worked for NICTA approached me to get me interested in addressing new use cases for video conferencing in the context of WebRTC. We worked on a kiosk-style solution to service delivery for large service organisations, particularly targeting government. The emerging WebRTC standard posed many technical challenges that we addressed by building rtc.io , by contributing to the standards, and registering bugs on the browsers.

  Fast-forward through the development of a few further custom solutions for customers in health and education and we are starting to see patterns of need emerge. The core learning that we’ve come away with is that to get things done, you have to go beyond “talking heads” in a video call. It’s not just about seeing the other person, but much more about having a shared view of the things that need to be worked on and a shared way of interacting with them. Also, we learnt that the things that are being worked on are quite varied and may include multiple input cameras, digital documents, Web pages, applications, device data, controls, forms.

  So we set out to build a solution that would enable productive remote collaboration to take place. It would need to provide an excellent user experience, it would need to be simple to work with, provide for the standard use cases out of the box, yet be architected to be extensible for specialised data sharing needs that we knew some of our customers had. It would need to be usable directly on Coviu.com, but also able to integrate with specialised applications that some of our customers were already using, such as the applications that they spend most of their time in (CRMs, practice management systems, learning management systems, team chat systems). It would need to require our customers to sign up, yet their clients to join a call without sign-up.

  Collaboration is a big problem. People are continuing to get more comfortable with technology and are less and less inclined to travel distances just to get a service done. In a country as large as Australia, where 12% of the population lives in rural and remote areas, people may not even be able to travel distances, particularly to receive or provide recurring or specialised services, or to achieve work/life balance. To make the world a global village, we need to be able to work together better remotely.

  The need for collaboration is being recognised by specialised Web applications already, such as the LiveShare feature of Invision for Designers, Codassium for pair programming, or the recently announced Dropbox Paper. Few go all the way to video – WebRTC is still regarded as a complicated feature to support.

  

  With Coviu, we’d like to offer a collaboration feature to every Web app. We now have a Web app that provides a modern and beautifully designed collaboration interface. To enable other Web apps to integrate it, we are now developing an API. Integration may entail customisation of the data sharing part of Coviu – something Coviu has been designed for. How to replicate the data and keep it consistent when people collaborate remotely – that is where Coviu makes a difference.

  We have started our journey and have just launched free signup to the Coviu base product, which allows individuals to own their own “room” (i.e. a fixed URL) in which to collaborate with others. A huge shout out goes to everyone in the Coviu team – a pretty amazing group of people – who have turned the app from an idea to reality. You are all awesome !

  With Coviu you can share and annotate :

  • images (show your mum photos of your last holidays, or get feedback on an architecture diagram from a customer),
  • pdf files (give a presentation remotely, or walk a customer through a contract),
  • whiteboards (brainstorm with a colleague), and
  • share an application window (watch a YouTube video together, or work through your task list with your colleagues).

  All of these are regarded as “shared documents” in Coviu and thus have zooming and annotations features and are listed in a document tray for ease of navigation.

  This is just the beginning of how we want to make working together online more productive. Give it a go and let us know what you think.

  http://coviu.com/

• Consent management platforms : Keys to compliance and user trust

  14 juin, par Joe

  Today’s marketing managers and data analysts face a tricky balancing act : gaining meaningful customer insights while respecting user privacy. Finding ways to navigate the maze of complex privacy regulations while managing consent at scale can be daunting. 

  Consent management platforms (CMPs) offer a solution. They allow companies to collect data ethically, manage user consent efficiently, and comply with privacy regulations like Europe’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

  This guide explains everything you need to know about CMPs : how they function, why they’re essential for data governance, and how they work hand-in-hand with analytics platforms to promote transparency and build trust with users.

  What is a consent management platform (CMP) and what is it for ?

  A consent management platform (CMP) helps organisations collect, organise, and store user consent for personal data processing purposes. In short, it’s a tool that ensures data collection respects user privacy and complies with regulations like the GDPR and CCPA.

  Without a CMP, businesses could face hefty fines and penalties for violating data privacy laws in different parts of the world. This shows how vital these tools are to all modern businesses.

  How do consent management platforms work ?

  CMPs give users a clear and straightforward way to provide explicit consent for data collection. These platforms manage both the technical aspects of consent storage and the user experience on your site or app.

  Here’s a simplified breakdown :

  • Cookie consent banners : The CMP displays a banner whenever a user visits your website. This banner explains the types of personal information collected and for what purpose.
  • User choice : The user can accept or reject cookies and trackers. They can often customise their preferences to choose which specific data types they’re willing to share.
  • Preference storage : The CMP stores the user’s choices. This information helps ensure that you only collect and process the permitted data.
  • Integration with other systems : CMPs integrate with other systems, such as analytics platforms and advertising networks, to ensure that data collection and processing comply with the user’s choices throughout the customer experience.

  

  A key feature of CMPs is their role in shaping privacy policy design. This design encompasses the layout, visual elements, and cues employed to seek user consent.

  A recent study by Karlstad University in Sweden showed that privacy policy design significantly influences user comprehension and willingness to disclose information. In other words, it affects consent rates considerably and is key to enhancing data collection.

  Importance of consent management for compliance

  As the world becomes increasingly interconnected, consent management is taking centre stage. Although it applies to all technologies and systems that gather or handle personal data, few instances are as relevant as smart homes.

  Smart home devices have unique access to our personal spaces and private lives. They represent a unique challenge to consent management since one person is potentially granting access to personal data from themselves and other people who may be inside or around the house.

  A 2023 study by the University College London and the University of Oxford pointed out that clear design principles and granular, contextual permission structures are essential in these situations.

  However, consent management isn’t just best practice. It’s a widespread legal requirement. Not meeting these requirements can result in hefty penalties and reputational damage to your organisation.

  Consent management under GDPR

  The European Union’s GDPR is a data protection law applicable to organisations that process the personal data of individuals residing in the European Economic Area (EEA). It’s based on the principle of opting in.

  The GDPR is one of the strongest data privacy laws globally. For non-compliance, fines can be up to €20 million or 4% of the company’s total global turnover (whichever is higher).

  It’s also one of the most heavily enforced privacy laws. According to enforcementtracker.com, Meta was fined €1.2 billion in 2023, with GDPR fines reaching over €2 billion that year alone. In the UK, the largest GDPR fine is €22.05 million, according to Statista. It pays to comply.

  The GDPR has specific rules around consent, including that it must be :

  • Freely given : Users must not be pressured or coerced.
  • Specific : Must be given for specific data processing purposes.
  • Informed : Users must be provided with clear and concise information.
  • Unambiguous : Permission must be granted through clear and affirmative action, such as checking a box or tapping a button.

  CMPs help you meet these requirements by providing a transparent and user-friendly way to obtain and manage consent.

  Consent management under CCPA

  The CCPA is another privacy protection law for businesses collecting personal information from California residents. It grants Californians the right to know what data is being collected about them, to prevent it from being sold, and to request its deletion.

  CMPs support CCPA compliance by enabling users to exercise their rights and ensuring transparent data collection practices.

  Managing consent under other regulatory frameworks

  In addition to the GDPR and CCPA, numerous other privacy regulations can impact your organisation. These regulations include :

  • The COPPA in the US
  • Brazil’s LGPD
  • Japan’s APPI
  • Canada’s PIPEDA.
  • Australia’s Privacy Act 1988 

  A CMP will help streamline the process by providing a clear, practical framework to ensure you meet all applicable requirements.

  Key features to look for in a CMP

  Choosing the right CMP is crucial for global business.

  Here are some key features to consider :

  Custom banners

  Consent banners are often among users’ first digital interactions with your brand. It should be clear, concise and visually appealing. Look for a CMP that allows you to :

  • Customise the banner’s design to match your website’s branding and aesthetics.
  • Control the banner’s positioning for optimal visibility.

  End-user management tools

  The CMP should also offer a user-friendly interface allowing visitors to grant, manage and withdraw consent.

  This includes customisable banners, granular permissions, and a preference centre. The latter is a dedicated space where users can manage their preferences anytime.

  Integration capabilities with existing systems

  The CMP should integrate with your existing technology stack, including your analytics platform, marketing automation tools and CRM. This integration ensures a smooth workflow and prevents data silos.

  How to select the right CMP for your organisation

  To find the perfect CMP, focus on your specific needs and priorities. Here’s a step-by-step guide to help you make an informed decision :

  Assessing organisational needs and goals

  Start by clearly defining your organisation’s requirements. Consider the following :

  • Types of data collected : What personal data do you collect (for example, cookies, IP addresses, location data) ?
  • Compliance requirements : Which privacy regulations must you comply with (GDPR, CCPA, COPPA) ?
  • Website or app complexity : How complex is your website or app in terms of user interactions and data collection points ?
  • Budget : How much are you willing to invest in a CMP ?

  Comparing features and pricing

  Once you thoroughly understand your needs, you can compare the features and pricing of various CMPs. Look for key features like :

  • Customisable banners
  • Granular options
  • Preference centre
  • Integration with existing systems
  • Analytics and reporting

  Once you’ve shortlisted a few options, compare the pricing and choose the best value for your budget. Take advantage of free trials before committing to a paid plan.

  Checking verified user reviews

  Read user reviews on platforms like G2 or Trustpilot to get an idea of the strengths and weaknesses of different CMPs. Look for reviews from similar organisations regarding size, industry and compliance requirements.

  Integration with a privacy-focused analytics platform

  A consent management platform acts as the bridge between your users and your analytics and marketing teams. It ensures user preferences are communicated to your analytics setup, so data collection and analysis align with their choices and comply with privacy regulations. 

  Finding a consent manager integration that works with your analytics setup is essential for businesses.

  Top five consent management platforms

  The CMP market is pretty competitive, with many players providing excellent solutions. According to Emergen Research, it was valued at $320.9 million in 2021 and is growing at 21.2%.

  Here are five of our top choices 

  1. usercentrics

  usercentrics is a comprehensive CMP with customisable banners, granular consent options and a preference centre.

  

  usercentrics geolocation rulesets page (Source : Usercentrics)

  This Google-certified CMP allows you to create global and regional consent rules to ensure compliance with local regulations like GDPR, CCPA and LGPD. For a smooth implementation, usercentrics provides access to a knowledgeable support team and a dedicated customer success executive.

  It’s worth noting that Usercentrics is the CMP we use here at Matomo. It helps us in our mission to collect and analyse data ethically and with a privacy-first mindset.

  • Key features : Customisable banners, granular permissions, cross-domain and cross-device capabilities, automatic website scans, reporting and analytics.
  • Pricing : Usercentrics offers a free plan and four paid subscription plans from €7 to €50 per month.

  2. Osano

  Osano is a user-friendly CMP focusing on transparency and ease of use.

  

  Osano’s main dashboard (Source : Osano)

  Osano can scan websites for tracking technologies without impacting the user experience.

  • Key features : Customisable banners, multi-language support, granular consent options, a preference centre and access to a knowledgeable team of compliance specialists.
  • Pricing : Osano offers a self-service free plan and a paid plan at $199 per month.

  3. Cookiebot

  Cookiebot is another popular CMP with numerous integration options, including Matomo and other analytics tools. 

  

  Cookiebot consent banner options (Source : Cookiebot)

  • Key features : A cookie scanner, a privacy trigger or button allowing users to change their consent settings, a consent management API and advanced analytics.
  • Pricing : Cookiebot offers a free plan and paid plans ranging from €7 to €50 per month.

  4. CookieYes

  CookieYes is well-suited for small businesses and websites with basic privacy needs. 

  

  CookieYes cookie banner options (Source : CookieYes)

  It offers various features, including multilingual support, geo-targeting, privacy policy generation, and a preference centre. CookieYes also integrates with analytics and CMS tools, making it easy to implement as part of your stack.

  • Key features : Customisable consent banners, granular consent options, preference centre, integration with Matomo, reporting and analytics.
  • Pricing : You can use CookieYes for free or subscribe to one of their three paid plans, which range from $10 to $55 per month.

  5. Tarte au Citron

  Tarte au Citron is an open-source, lightweight, and customisable CMP developed in France.

  

  (Source : Tarte au Citron)

  Its focus is on transparency and user experience. It provides many features free of charge, but many do require some technical knowledge to deploy. There’s also a paid subscription with ongoing support and faster implementation.

  Tarte au Citron integrates with Matomo, which is also open-source. If you’re building an open-source stack for your analytics, Matomo and Tarte au Citron make an excellent pair.

  • Key features : Open-source, customisable consent banners, integration with Matomo, works with over 220 services.
  • Pricing : You can deploy the open-source core for free, but Tarte au Citron offers three paid licenses starting at €190 for one year and reaching €690 for a lifetime license.

  How to implement cookie consent the right way

  Implementing cookie consent requires precision, time and effort. But doing it wrong can result in significant legal penalties and severe reputational damage, eroding user trust and impacting your brand’s standing. Here are the key dos and don’ts of consent :

  

  Provide clear and concise information

  Use plain language that is easy for anyone to understand. Avoid using technical terms or legal jargon that may confuse users.

  Prioritise transparency

  Be upfront about your data collection practices. Clearly state what data you collect, how you use it and who you share it with. Provide links to your privacy and cookie policies for users who want to learn more.

  Offer granular control

  Give users detailed control over as many of their cookie preferences as possible. Allow them to choose which categories of tracking cookies they consent to, such as strictly necessary, performance and marketing cookies.

  Implement user-friendly banners

  Ensure banners are prominently displayed, easy to understand, and use clear and concise language. Also, make sure they’re accessible to all users, including those with disabilities.

  Respect “do not track” settings

  It’s essential to honour users’ choices when they enable their “do not track” browser setting.

  Document consent

  Maintain a record of user consent. This will help you demonstrate compliance with data privacy regulations and provide evidence of user consent in case of an audit or investigation.

  Regularly review and update consent policies

  Review and update your customer consent policies regularly to ensure they comply with evolving data privacy regulations and reflect your current data collection practices.

  Cookie consent pitfalls to avoid

  Here are some common pitfalls to avoid that may lead to legal penalties, loss of user trust or inaccurate analytics :

  • Avoid lengthy and complicated explanations. Overwhelming users with dense legal jargon or overly technical details can lead to consent fatigue and reduce the likelihood of informed consent.
  • Don’t force users to accept all cookies or none. Blanket consent options violate user autonomy and fail to comply with regulations like the GDPR.
  • Don’t make information about your data collection practices hard to find. Hidden or buried privacy policies breed suspicion and erode trust.
  • Avoid pre-checking all cookie consents. Pre-checked boxes imply consent without explicit user action, which is not compliant with GDPR and similar regulations. Users must actively opt in, not out.

  Emerging consent management trends 

  Consent management is constantly evolving and driven by new technologies, regulations, and user expectations. Here are some emerging trends to watch out for in the short term :

  • Increased automation : AI and machine learning are helping automate consent management processes, making them more efficient and effective.
  • Enhanced user experience : CMPs are becoming more user-friendly, focusing on providing an intuitive experience.
  • Privacy-preserving analytics : CMPs are being integrated with privacy-preserving analytics platforms, such as Matomo, to enable organisations to gain insights into user behaviour without compromising privacy.
  • Google Consent Mode : In 2024, Google rolled out Consent Mode v2 to align with the Digital Markets Act. Due to upcoming privacy regulations, more versions may be coming soon.

  The Privacy Governance Report 2024 also highlights the increasing complexity of managing data privacy, with more than four in five privacy professionals taking on additional responsibilities in their existing roles. This trend will likely continue in the coming years as more privacy laws are enacted.

  Addressing upcoming privacy regulations

  Data privacy and user consent requirements continue to emerge and evolve. Businesses must stay informed and adapt their practices accordingly.

  

  In 2025, several new privacy regulations are going into effect, including :

  • New state-level privacy laws in eight US states :
    • Delaware (1 January 2025)
    • Iowa (1 January 2025)
    • Nebraska (1 January 2025)
    • New Hampshire (1 January 2025)
    • New Jersey (15 January 2025)
    • Tennessee (1 July 2025)
    • Minnesota (31 July 2025)
    • Maryland (1 October 2025)
  • The EU’s Artificial Intelligence Act (which will be implemented from 1 August 2024 through 2 August 2026) and other AI-focused regulations.
  • The UK Adequacy Decision Review has a deadline of 27 December 2025.

  Organisations that collect, process or otherwise handle data from Europe and the above-named US states should proactively prepare for these changes by :

  • Conducting regular privacy impact assessments
  • Reviewing consent mechanisms regularly
  • Implementing data minimisation strategies
  • Providing user-friendly privacy controls

  Future-proofing your consent management strategy

  CMPs are essential for managing consent preferences, protecting user privacy, and earning customers’ trust through transparency and ethical data practices.

  When choosing a CMP, you should consider key features such as integration capabilities, customisation options and user-friendly interfaces.

  Integrating a CMP with a privacy-first analytics solution like Matomo allows you to collect and analyse data in a way that’s compliant and respectful of user preferences. This combination helps maintain data integrity while demonstrating a strong commitment to privacy. 

  Start your 21-day free trial today.