SlideShare une entreprise Scribd logo

Should You Track Users After Logout

Aurélie Pols
Aurélie Pols

This document discusses whether digital analytics vendors should continue tracking users after they have logged out of a website. While some vendors do not specify their post-logout tracking policies, digital professionals often refer to client preferences to determine what is allowed. However, professionals should also consider reasonable user expectations of privacy. The lack of transparency around many vendors' tracking methods poses privacy and legal risks for clients. The document aims to foster discussion around balancing user privacy concerns with analytics needs in a changing regulatory environment.

Données & analyses
1  sur  12
Télécharger pour lire hors ligne
©  Aurélie  Pols   1   Amicus  brief1:  Should  you  measure  when  a  user  logs  out?     Table  of  Contents:   To  the  attention  of  ....................................................................................................  1   Objective  of  this  document  ........................................................................................  1   Authors  .....................................................................................................................  2   Cited  sources  ............................................................................................................................................................  2   Background  information  ............................................................................................  3   Description  of  the  data  ecosystem  .............................................................................  5   Involved  actors  ........................................................................................................................................................  5   Vocabulary  .................................................................................................................................................................  5   Legal  jargon  (borrowed  from  EU  legislation)  ............................................................................................  6   Risk  and  potential  liability  .................................................................................................................................  8   Type  of  content  accessed  (and  logged-­‐out  from)  .....................................................................................  9   Reasonable  client  expectation  ..........................................................................................................................  9   Minimal  requirements  to  lower  risk  ............................................................................................................  10   Doomsday  scenario  .............................................................................................................................................  11   Conclusion  ...............................................................................................................  11     To  the  attention  of   The  Digital  Analytics  Association,  more  specifically   Name   Company   Title   Email   Jodi  McDermott   comScore   President   XXXXXXX   Bob  Page   HortonWorks   Vice  President   XXXXXXX     Jim  Sterne     Chair  of  the   Board   XXXXXXX   Mike  Levin   DAA   Executive   Director   XXXXXXX   Objective  of  this  document   This  amicus  brief  is  intended  to  support  the  digital  analytics  community  with  the   understanding  of  the  implications  of  digital  measurement  practices  from  the  angle   of  increasing  Privacy,  Compliance,  Ethics  and  Security  requirements.     This  document  is  not  intended  to  hold  any  legal  recommendations.     The  purpose  of  this  document  is  to  foster  reflections  and  discussions  within  the   digital  analytics  community  about  vendors’  measurement  practices,  ways  to  tackle   evolving  global  Privacy  legislation  and  increased  feelings  of  lack  of  trust  that  is  felt   by  Internet  users  all  over  the  world.                                                                                                                   1  Amicus  brief  or  Amicus  Curiae:  A  person  (or  other  entity,  such  as  state  government)  who  is  not  a   party  to  a  particular  lawsuit  but  nevertheless  has  a  strong  interest  in  it  may  be  allowed,  by  leave  of   the  court,  to  file  an  amicus  curiae  brief,  a  statement  of  particular  views  on  the  subject  matter  of  the   lawsuit.  Source:  http://www.merriam-­‐webster.com/dictionary/amicus%20curiae    
©  Aurélie  Pols   2   Authors   Name   Company   Country   Email   Aurélie  Pols   OX3  Analytics  S.L.   Spain   aurelie@mindyourprivacy.com     Peter  O’Neill   L3  Analytics   UK   XXXXXX   Benjamin   Mercier   Barclays   UK   XXXXXX       Cited  sources   Name   Company   Country   Email   Simo  Ahava   Netbooster   Finland   XXXXXX   Tahir  Fayyaz   Havas  Media   UK   XXXXXX   Doug  Hall   Conversion  Works   UK   XXXXXX       Date:  January  12th  2015   Version:  5  
©  Aurélie  Pols   3   Background  information     In  October  2014,    Simo  Ahava  from  Netbooster  Finland  wrote  an  excellent  blog   post  entitled  “#GTMtips:  Once  userID,  Always  userID”  about  the  use  of  Google   Universal  Analytics’  UserID  across  sessions.    http://www.simoahava.com/gtm-­‐ tips/once-­‐userid-­‐always-­‐userid/           The  same  day,  Peter  O’Neill  from  L3  Analytics  in  the  UK  bounced  on  the  article  and   started  a  Twitter  conversation  about  whether  a  visitor  should  continue  to  be   identified  and  measured  after  having  expressly  logged-­‐out  from  a  website  section   or  an  application.         Current  perception  within  the  industry:   As  clearly  shown  through  the  feedback  to  Peter  O’Neill’s  tweet,  digital  analytics   professionals  tend  to  refer  to  vendor  documentation  and  more  specifically  their   Terms  of  Use  or  policy  in  order  to  define  the  legality  of  certain  measurement   practices.         When  the  question  is  raised  to  the  vendors  and  nothing  is  found  within  the  legal   documentation,  the  next  logical  step  is  usually    to  assure  that  the  client  is  “happy”   with  the  tracking  methods.   By  client  we  define  here  the  party  that  is  effectively  using  the  vendor’s  solution  on   their  digital  properties  for  eg.  an  ecommerce,  bank,  insurance  company…    
©  Aurélie  Pols   4       Digital  professionals  should  however  also  take  into  consideration  “reasonable   expectations”  of  visitors  of  online  properties.  As  they  are  recommending  on   measurement  best  practices  either  on  behalf  of  their  clients,  as  external   consultants,  or  for  their  employer  as  internal  digital  analysts.       Which  brings  to  the  most  important  point  for  the  digital  analytics  sector  and  other   players  within  this  data  ecosystem  such  as  vendors.     While  being  considered  as  a  competitive  advantage,  their  visitor  tracking   methodology  often  lacks  transparency,  potentially  harming  their  clients  and  in  the   process  those  consultants  recommending  their  very  tools.     Additionally,  while  at  the  same  time,  vendors  are  engaged  into  new  and  parallel   features  races  in  order  to  assure  adequate  alignment  with  Privacy  requirements,   this  lack  of  transparency  often  leaves  actors  second-­‐guessing.     Here  is  an  example  of  how  KissMetrics2  apparently  auto  stitches  visitor’s  data   between  sessions,  independently  of  whether  users  logged  out  (according  to  Tahir   Fayyaz  from  Havas  Media  UK).       It  raises  the  question  of  whether  a  choice,  the  very  feature,  actually  exists  for  the   websites  to  define  how  the  data  about  their  clients’  behavior  is  being  stitched   together.                                                                                                                           2  KISSMetrics  Finalizes  Supercookies  Settlement  by  Wendy  Davis,  MediaPost,  January  2013,   http://www.mediapost.com/publications/article/191409/kissmetrics-­‐finalizes-­‐supercookies-­‐ settlement.html,  last  visited  November  5th  2014  
©  Aurélie  Pols   5   Description  of  the  data  ecosystem   Involved  actors   Vocabulary   • “Website  owner”  is  defined  in  this  document  as  the  company  collecting  the   data  about  their  clients  in  order  to  optimize  their  digital  properties.  Such  a   company  could  be  a  pure  digital  player  like  an  ecommerce  property  or   online  retailer,  a  bank,  a  pharmaceutical  or  insurance  company,  etc.     • “Customer”  is  defined  as  the  visitor  to  the  digital  properties  or  apps,  which   by  interacting  with  the  properties  leaves  data  exhausts  of  preferences  in   ways  of  clicks  and  data  introduced  through  forms  and  other  logging   methods.   • Actors  in  between  this  relationship  are  considered  “intermediaries”,  who   hold  their  own  legal  liability  within  the  data  ecosystem,  and  are  often  either   tool  vendors  &/or  agencies.     More  specifically,  the  eco  system  of  actors  looks  like  this:       Where  data  flows,  through  intermediaries,  from  visitors  towards  the  company   collecting  the  data,  from  the  customer  to  the  website  properties  in  this  case.     Depending  upon  the  type  of  data,  sector  and  geography,  the  company  collecting  the   data,  the  customer  for  digital  analytics  agencies  and  vendors,  has  certain   responsibilities  related  to  the  data  being  collected  (and  the  person  this  data  might   be  coming  from3).                                                                                                                   3  Avoiding  any  debate  here  about  data  ownership  in  order  to  keep  this  simple  
©  Aurélie  Pols   6       In  between  the  extremes  of  these  data  flows  and  related  responsibility,  lay  tools   and  agencies,  which  take  part  in  the  data  flow  and  hence  pick  up  some  of  the   responsibility.  In  a  word,  they  may  be  liable  in  case  of  issues.  Such  issues  can  be   related  to  compliance,  security  or  more  vaguely  Privacy  issues.     Tools  or  vendors  typically  waiver  their  liability  within  this  data  eco  system   through  their  Terms  of  Use  or  Terms  and  Conditions,  where  they  stipulate  correct   and  incorrect  uses  of  their  technology  whenever  possible.     After  all,  technology  is  Privacy  neutral  and  it  would  be  impossible  for  vendors  to   imagine  every  case  scenario.     What  vendors  can  decide  is:     1. Under  which  legislation  the  data  is  stored.     2. Which  functionalities  are  developed  to  support  business  needs,  including   possible  security,  privacy  and  compliance  requirements.   Legal  jargon  (borrowed  from  EU  legislation)   European  Data  Protection4  legislation  attributes  roles  and  responsibilities  related   to  data  flows.     More  specifically,  EU  Privacy  legislation  talks  of  “Data  Controllers”  and  “Data   Processors”,  or  sub-­‐processors,  in  this  data  eco  system.                                                                                                                   4  Europe  talks  of  Data  Protection  instead  of  Privacy  legislation,  which  is  more  of  a  US  focused  topic.   The  UK  sits  in  between  as  for  now,  it’s  still  part  of  Europe.  
©  Aurélie  Pols   7         Intermediaries  hold  responsibilities  in  the  data  flow,  using  the  legal  term  “Data   Processors”,  or  “Data  Sub-­‐Processors”,  in  most  cases  for  digital  analytics5.     The  responsibilities  of  a  “Data  Controller”,  the  digital  property  collecting  the  data   in  the  first  place,  is  roughly  outlined  as  follows6:   1. Inform  participants;   2. Obtain  informed  consent;   3. Ensure  that  data  held  is  accurate;   4. Delete  personal  data  when  it  is  no  longer  needed;   5. Protect  against  unauthorized  destruction,  loss,  alteration  and  disclosure;   6. Contract  with  Data  Processors  responsibly;   7. Take  care  transferring  data  out  of  Europe;   8. If  you  collect  “special”  categories  of  data,  get  specialist  advice;   9. Deal  with  any  subject  access  requests;   10. If  the  assessment  is  high  stakes,  ensure  there  is  review  of  any  automated   decision  making;   11. Appoint  a  data  protection  officer  and  train  the  staff;   12. Work  with  supervisory  authorities  and  respond  to  complaints.                                                                                                                       5  The  main  exception  is  Google  Analytics,  who  acts  as  both  a  processor  but  also  a  controller,  which   is  why  they  don’t  want  data  that  could  potentially  identify  an  individual  within  their  tool  cf.   http://www.mindyourprivacy.com/english-­‐us-­‐role-­‐playing-­‐which-­‐one-­‐are-­‐you-­‐google-­‐analytics-­‐ controller-­‐or-­‐processor/?lang=en     6  Note  that  in  the  case  of  a  vendor’s  website,  the  vendor  then  takes  on  the  role  of   “Data  controller”  for  it’s  own  digital  properties  
©  Aurélie  Pols   8   Risk  and  potential  liability   Getting  back  to  the  initial  question  of  whether  a  digital  analyst  should  continue  to   track  and  measure  once  a  client  logs  out,  the  answer  is  best  expressed  in  terms  of   risk.     What  is  wrong  about  continuing  to  track  visitors  after  a  log  out  action?       The  first  risk  is  legal,  during  the  session,  the  visitor  made  an  action  like:  “stop   identifying  or/&  tracking  me”.  If  the  visitor  continues  to  browse  the  site,  he  would   expect  to  be  treated  as  an  anonymous  visitor  and  not  be  tracked.  In  most  digital   properties,  after  logging  out,  the  site  doesn’t  display  the  visitors  name  anymore,   photos  etc.  but  still  remembers  him  and  continues  to  track  his  actions  as  if  no   logout  ever  happened.     Such  risk  can  either  be  of  a  non-­‐compliance  nature  and  therefore  the  customer  –   the  data  controller  -­‐  could  encounter  financial  fines  for  non-­‐compliance  with  the   legislation  or  such  risk  might  be  related  to  client  feelings  of  creepiness.     Indeed,  a  visitor  who  did  expressively  log  out  might  “expect”  not  to  be  tracked   anymore.  Therefore  if  this  visitor  gets  re-­‐targeted  with  promotions  related  to   unlogged  navigation,  it  might  damage  the  trust  relationship  that  stands  between   the  site  and  the  visitor.  This  is  what  we  call  Creepiness.     Additionally,  risk  is  distributed  between  the  actors  within  the  data  eco  system  as   the  data  controller  can  turn  against  a  data  processor  or  sub-­‐processor  to  claim  for   compensation  in  case  of  trouble.     The  initial  data  controller  should  go  through  the  exercise  of  balancing  its  own  risk   by  asking  the  following  questions:   1. Is  my  company  being  non-­‐compliant  by  still  tracking  an  identified  visitor   even  though  the  visitor  did  expressly  log  out?  (an  email  address  is   considered  to  be  PII  in  all  US  states  so  let’s  consider  we  are  talking  about  an   individual  as  this  is  login)     2. If  so,  what  is  the  probability  of  being  fined  and  for  which  maximum   amount?   3. If  not  legal  issues,  are  there  a  potential  brand  perception  issues  that  might   arise  from  this  practice  if  word  comes  out?   4. If  so,  what  are  the  rewards  from  still  tracking  an  individual  after  they   expressly  logged  out  compared  to  this  potential  feeling  of  creepiness?     For  intermediaries  like  agencies  mainly,  they  should  ask  themselves  the  same   questions  but  in  the  light  of  their  own  liability.   In  fact,  agencies  should  include  as  a  mandatory  step  of  their  relationship  with  their   customers,  an  explanation  of  what  exactly  does  the  tracking  technology  collects  as   data  and  how  visitors’  sessions  are  delimited.  According  to  the  transparency   principle  and  hopefully  with  the  help  of  the  vendors,  the  web  sites  will  be  able  to   make  an  informed  decision  about  the  best  data  strategy  to  take.  
©  Aurélie  Pols   9   Type  of  content  accessed  (and  logged-­‐out  from)   A  word  of  caution  related  to  question  2:  the  probability  of  being  fined.     Certain  sectors  and  geographies  hold  higher  probabilities  of  fines  &/or  class   actions.     In  Spain  for  example,  Telcos  are  the  favorite  target  for  Data  Protection  Agencies   while  in  Italy,  credit  agencies  should  be  more  careful.     The  US,  unlike  the  EU  (who  has  overarching  Data  Protection  legislation  for  all   sectors)  holds  specific  Privacy  related  legislation  per  sector.     The  typical  ones  are  related  to  health  (HIPPA),  children  (COPPA)  but  also  banking,   energy,  video  rentals,  etc.  etc.  and  often  talk  of  the  use  of  “sensitive”  data  (health,   financial,  sexual  orientation,  political  views,  …)  on  top  of  the  initial  classification   between  the  probability  of  identifying  an  individual  or  not.   Typically  pharma  clients,  banks  and  insurances,  digital  properties  dealing  with   children,  etc.  should  be  extra  careful  with  the  choices  they  make  related  to  their   digital  analytics  infrastructure  and  measure  practices.   Reasonable  client  expectation   Even  if  “reasonable  client  expectation”  could  be  argued  to  answer  questions  1  and   2,  for  which  legal  analysis  would  be  necessary  depending  upon  country  and  sector,   it’s  mainly  for  question  3  and  4  that  expectations  and  perception  really  starts   playing  an  active  role.       As  mentioned  in  the  previous  section  about  types  of  content,  the  question  should   be  asked  as  to  why  a  client  would  expressly  logout  of  an  application  or  online   service.     Certain  industries  would  typically  terminate  sessions  as  the  browser  is  closed  like   airlines  while  others,  like  banks,  would  often  automatically  log  out  after  a  defined   period  of  time,  if  their  clients  don’t  do  it  after  finishing  their  transactions.  On  the   other  side  of  the  spectrum,  social  sites  like  Facebook  would  keep  the  automatic   login  active  even  when  a  window  is  closed  and  opened  up  again  within  the  same   browser.       Choices  related  to  how  to  allow  logout  in  the  first  place  are  therefore  abundant  and   will  depend  upon  each  particular  situation.  Those  logout  choices  will  be  influenced   by  the  sector  the  company  is  operating  in,  security  reasons  and  possibly  analytics   practices  if  not  region.   From  there  on  follows  that  the  choice  of  continuing  to  track  a  user  even  after  they   actively  logged  out  is  not  a  black  and  white  answer  as  it  depends,  possibly  even  on   more  factors  than  those  listed  above.     And  while  companies  will  certainly  have  internal  discussions  about  how  and  when   to  close  sessions  and  log  out,  the  same  cannot  be  said  for  analytics.  The  simple   reason  for  the  difference  is  because  tracking  can  go  undetected  from  the  trained   digital  analytics  eye.  And  you  can’t  really  ask  questions  about  what  you  can’t  see.    
©  Aurélie  Pols   10   It  therefore  often  falls  upon  the  underlying  agency  that  is  consulting  related  to  the   digital  analytics  set  up  of  the  customer  to  recommend  best  practices,  with  all  the   liability  that  this  infers  as  discussed  earlier.   Minimal  requirements  to  lower  risk   While  the  #1  responsibility  of  a  data  controller  is  to  inform  participants,  the   question  remains  open  as  to  whether  a  Privacy  Policy  should  specify  a  data  is   being  collected  even  if  a  user  logs  out.     At  the  time  of  writing,  it  doesn’t  seem  common  practice.     While  Privacy  Policies  are  clearly  evolving  in  terms  of  transparency,  tone  and   focus,  going  this  deep  into  data  collection  details  is  far  from  common  practice.   Another  point  to  raise  would  be  about  the  type  of  data  being  collected  after  logout   as  this  data  could  remain  linked  to  a  uniquely  identified  individual  or  become  part   of  a  bucketed  type  of  anonymous  data,  if  the  tools  allowed  for  such  a  distinction.       As  an  example  it  would  be  interesting  for  those  companies  to  separate  in  the  data   governance  guidance,  the  data  that  would  be  used  by  analytics  to  produce  insights,   improve  the  navigation,  make  a  better  user  experience  etc..  from  the  data  that  is   used  by  marketing  to  (re-­‐)target  customers  from  the  data  that  is  used  by  the   business  to  increase  the  sales.   That  way  it  makes  more  options  for  internal  reflections  when  deciding  about   tracking  data  after  logout.         This  functionality  was  actually  described  by  Seth  Romanow  while  at  Microsoft  at   eMetrics  in  2007  and  he  called  it  “Personamous”:    
©  Aurélie  Pols   11   This  set-­‐up  was  reached  through  clever  technology  and  the  use  of  webtrends  and   Omniture  at  the  time:  2  tools  and  a  lot  of  databases  in  between.     Doomsday  scenario   Imagine  a  health  insurer  website  where  a  visitor  is  logged  in  to  request  refunds.     Let’s  now  imagine  this  visitor  logs  out  and  looks  for  a  specialized  physician  related   to  prostate  cancer.  What  would  our  industry  do  with  this  information?     The  current  Big  Data  Privacy  debate,  initiated  by  the  then  French  Data  Protection   Authority  president  Isabelle  Falque-­‐Pierrotin,  is  whether  discrimination  might   take  place  due  to  excessive  tracking.   Would  an  insurance  company  increase  its  rates  if  you  were  to  search  for  a  prostate   cancer  physician  and  fall  within  the  likelihood  of  having  prostate  cancer  (because   you’re  male  and  are  over  50  years)?     Imagine  you’re  logged  onto  a  health  website,  you  log  out  and  look  for  Viagra.  Are   you  going  to  receive  an  automatic  email  with  discount  coupons  for  Viagra  through   some  kind  of  Marketing  Automation  program  on  your  family  email  address?   Conclusion   There  is  no  black  and  white  answer  to  the  initial  question  posed  in  this  document:   should  you  measure  when  logged  out?     The  way  data  will  be  picked  up,  stored  and  later  re-­‐used  should  be  seen  on  a  case-­‐ by-­‐case  scenario  basis  where  clearly  the  responsibility  of  our  industry  is  to   promote  “Responsible  Measure  Practices”  as  pointed  out  by  Doug  Hall  at   eMetrics  London.     Not  only  the  companies  using  the  measurement  technologies  to  better  understand   their  clients  should  be  aware  of  their  responsibilities.in  terms  of  compliance  and   consumer  feelings  of  creepiness.  The  digital  analytics  vendors  and  the  specialized   consultancies  also  have  a  part  to  play  in  the  liability  of  the  digital  data  ecosystem.     Agencies  can  hedge  their  liability  by  understanding  the  consequences  of  their   recommendations  and  asking  for  more  transparency  from  vendors  as  to  how  data   is  being  collected,  stored  and  shared.  Additionally,  they  should  not  shy  away  from   asking  professional  support  in  legal  matters  related  to  compliance  with  current   and  evolving  Privacy  legislation.     Vendors  have  been  limiting  their  liability  typically  through  their  Terms  of  Use  and   will  continue  to  do  so  in  order  to  assure  technological  neutrality.     After  all,  they  cannot  be  held  responsible  for  the  use  of  their  products.   Yet  they  should  give  the  opportunity  to  digital  analysts  to  have  the  right  features  in   place  that  would  allow  for  increased  choice  and  safer  ways  of  (re)using  the  data   being  collected.  
©  Aurélie  Pols   12   Some  actions  can  be  taken  to  improve  the  data  privacy  without  hurting  the  vision   of  analytics.    A  solution  could  be  a  reset  of  marketing  related  measurement  after   each  logout  keeping  analytics  live.     Also,  The  Universal  Analytics  userID  feature,  as  described  by  Simo  Ahava  in  his   blog  post,  is  a  great  feature,  it  might  be  worth  asking  whether  a  second  userID  to   support  Microsoft’s  Personamous  suggestion  would  not  be  worth  considering.  

Recommandé

Impunity report -Legal aspects study
Impunity report -Legal aspects studyImpunity report -Legal aspects study
Impunity report -Legal aspects studyHadrian Cawthorne
 
Security and privacy for journalists
Security and privacy for journalistsSecurity and privacy for journalists
Security and privacy for journalistsJillian York
 
Politics, privacy and morality - top trends for 2014, by communications firm ...
Politics, privacy and morality - top trends for 2014, by communications firm ...Politics, privacy and morality - top trends for 2014, by communications firm ...
Politics, privacy and morality - top trends for 2014, by communications firm ...SenateSHJ
 
Responsible Journalism
Responsible JournalismResponsible Journalism
Responsible JournalismDianne Smith-Harper
 
Research Paper Ideas For College. Unique Research
Research Paper Ideas For College. Unique ResearchResearch Paper Ideas For College. Unique Research
Research Paper Ideas For College. Unique ResearchZaara Jensen
 
ANALYTIC CHECKLIST FOR ESSAYS - ESL Works
ANALYTIC CHECKLIST FOR ESSAYS - ESL WorksANALYTIC CHECKLIST FOR ESSAYS - ESL Works
ANALYTIC CHECKLIST FOR ESSAYS - ESL WorksAnita Miller
 
Bluekai Little Blue Book
Bluekai Little Blue BookBluekai Little Blue Book
Bluekai Little Blue Bookwhatismarketing
 
A Review of the Data Broker Collection, Use,and Sale of Consumer Data
A Review of the Data Broker Collection, Use,and Sale of Consumer DataA Review of the Data Broker Collection, Use,and Sale of Consumer Data
A Review of the Data Broker Collection, Use,and Sale of Consumer Data- Mark - Fullbright
 

Recommandé

Impunity report -Legal aspects study
Impunity report -Legal aspects studyImpunity report -Legal aspects study
Impunity report -Legal aspects studyHadrian Cawthorne
 
Security and privacy for journalists
Security and privacy for journalistsSecurity and privacy for journalists
Security and privacy for journalistsJillian York
 
Politics, privacy and morality - top trends for 2014, by communications firm ...
Politics, privacy and morality - top trends for 2014, by communications firm ...Politics, privacy and morality - top trends for 2014, by communications firm ...
Politics, privacy and morality - top trends for 2014, by communications firm ...SenateSHJ
 
Responsible Journalism
Responsible JournalismResponsible Journalism
Responsible JournalismDianne Smith-Harper
 
Research Paper Ideas For College. Unique Research
Research Paper Ideas For College. Unique ResearchResearch Paper Ideas For College. Unique Research
Research Paper Ideas For College. Unique ResearchZaara Jensen
 
ANALYTIC CHECKLIST FOR ESSAYS - ESL Works
ANALYTIC CHECKLIST FOR ESSAYS - ESL WorksANALYTIC CHECKLIST FOR ESSAYS - ESL Works
ANALYTIC CHECKLIST FOR ESSAYS - ESL WorksAnita Miller
 
Bluekai Little Blue Book
Bluekai Little Blue BookBluekai Little Blue Book
Bluekai Little Blue Bookwhatismarketing
 
A Review of the Data Broker Collection, Use,and Sale of Consumer Data
A Review of the Data Broker Collection, Use,and Sale of Consumer DataA Review of the Data Broker Collection, Use,and Sale of Consumer Data
A Review of the Data Broker Collection, Use,and Sale of Consumer Data- Mark - Fullbright
 
Technology Economics: Sodium Hypochlorite Chemical Production
Technology Economics: Sodium Hypochlorite Chemical ProductionTechnology Economics: Sodium Hypochlorite Chemical Production
Technology Economics: Sodium Hypochlorite Chemical ProductionIntratec Solutions
 
Digital Transformation Business Evolution
Digital Transformation Business Evolution Digital Transformation Business Evolution
Digital Transformation Business Evolution Digital Catapult
 
UNICOM Conference on Digital Transformation - The Trust Framework Initiative ...
UNICOM Conference on Digital Transformation - The Trust Framework Initiative ...UNICOM Conference on Digital Transformation - The Trust Framework Initiative ...
UNICOM Conference on Digital Transformation - The Trust Framework Initiative ...MicheleNati
 
[Report] Consumer Perceptions of Privacy in the Internet of Things
[Report] Consumer Perceptions of Privacy in the Internet of Things[Report] Consumer Perceptions of Privacy in the Internet of Things
[Report] Consumer Perceptions of Privacy in the Internet of ThingsAltimeter, a Prophet Company
 
Altimetersocialanalytics081011final 110810105257-phpapp01
Altimetersocialanalytics081011final 110810105257-phpapp01Altimetersocialanalytics081011final 110810105257-phpapp01
Altimetersocialanalytics081011final 110810105257-phpapp01Stephen Darori
 
Altimeter social analytics
Altimeter social analyticsAltimeter social analytics
Altimeter social analyticsRahul Mantri
 
Trustable Tech mark (10 August 2018)
Trustable Tech mark (10 August 2018)Trustable Tech mark (10 August 2018)
Trustable Tech mark (10 August 2018)Peter Bihr
 
ThingsCon: Trustable Tech mark (26 Sept 2018)
ThingsCon: Trustable Tech mark (26 Sept 2018)ThingsCon: Trustable Tech mark (26 Sept 2018)
ThingsCon: Trustable Tech mark (26 Sept 2018)Peter Bihr
 
Future of Pieces | 2018 Trends by Adi Yoffe
Future of Pieces | 2018 Trends by Adi Yoffe Future of Pieces | 2018 Trends by Adi Yoffe
Future of Pieces | 2018 Trends by Adi Yoffe Adi Yoffe
 
Citizen-consumer permission based data sharing | Dr Matt Stroud | January 2015
Citizen-consumer permission based data sharing | Dr Matt Stroud | January 2015Citizen-consumer permission based data sharing | Dr Matt Stroud | January 2015
Citizen-consumer permission based data sharing | Dr Matt Stroud | January 2015Department for Communities and Local Government Local Digital Campaign
 
ThingsCon: Trustable Tech Mark (10 Oct 2018)
ThingsCon: Trustable Tech Mark (10 Oct 2018)ThingsCon: Trustable Tech Mark (10 Oct 2018)
ThingsCon: Trustable Tech Mark (10 Oct 2018)Peter Bihr
 
eikon
eikoneikon
eikonMichel El Maalouly
 
eikon
eikoneikon
eikonGabriel Hermelin
 
Technology Economics: Propylene via Metathesis
Technology Economics: Propylene via MetathesisTechnology Economics: Propylene via Metathesis
Technology Economics: Propylene via MetathesisIntratec Solutions
 
Outlier Analytics - Learning from Those on the Fringe
Outlier Analytics - Learning from Those on the FringeOutlier Analytics - Learning from Those on the Fringe
Outlier Analytics - Learning from Those on the FringeForte Consultancy Group
 
IIAR best practice primer paper: Who are industry analysts and what do they do?
IIAR best practice primer paper: Who are industry analysts and what do they do?IIAR best practice primer paper: Who are industry analysts and what do they do?
IIAR best practice primer paper: Who are industry analysts and what do they do?IIAR (Institute of Industry Analyst Relations)
 
Towards a Trustmark for IoT (30 May 2018)
Towards a Trustmark for IoT (30 May 2018)Towards a Trustmark for IoT (30 May 2018)
Towards a Trustmark for IoT (30 May 2018)Peter Bihr
 
The Trustable Technology Mark
The Trustable Technology MarkThe Trustable Technology Mark
The Trustable Technology MarkPeter Bihr
 
Ivory Essay Uk. Online assignment writing service.
Ivory Essay Uk. Online assignment writing service.Ivory Essay Uk. Online assignment writing service.
Ivory Essay Uk. Online assignment writing service.Tonya Jackson
 
Towards a Trustmark for IoT (May 2018)
Towards a Trustmark for IoT (May 2018)Towards a Trustmark for IoT (May 2018)
Towards a Trustmark for IoT (May 2018)Peter Bihr
 
AI Roles and Risk for election year 2024
AI Roles and Risk for election year 2024AI Roles and Risk for election year 2024
AI Roles and Risk for election year 2024Aurélie Pols
 
Preparing for the AI Act - 5 years into GDPR enforcement
Preparing for the AI Act - 5 years into GDPR enforcementPreparing for the AI Act - 5 years into GDPR enforcement
Preparing for the AI Act - 5 years into GDPR enforcementAurélie Pols
 

Contenu connexe

Similaire à Should You Track Users After Logout

Technology Economics: Sodium Hypochlorite Chemical Production
Technology Economics: Sodium Hypochlorite Chemical ProductionTechnology Economics: Sodium Hypochlorite Chemical Production
Technology Economics: Sodium Hypochlorite Chemical ProductionIntratec Solutions
 
Digital Transformation Business Evolution
Digital Transformation Business Evolution Digital Transformation Business Evolution
Digital Transformation Business Evolution Digital Catapult
 
UNICOM Conference on Digital Transformation - The Trust Framework Initiative ...
UNICOM Conference on Digital Transformation - The Trust Framework Initiative ...UNICOM Conference on Digital Transformation - The Trust Framework Initiative ...
UNICOM Conference on Digital Transformation - The Trust Framework Initiative ...MicheleNati
 
[Report] Consumer Perceptions of Privacy in the Internet of Things
[Report] Consumer Perceptions of Privacy in the Internet of Things[Report] Consumer Perceptions of Privacy in the Internet of Things
[Report] Consumer Perceptions of Privacy in the Internet of ThingsAltimeter, a Prophet Company
 
Altimetersocialanalytics081011final 110810105257-phpapp01
Altimetersocialanalytics081011final 110810105257-phpapp01Altimetersocialanalytics081011final 110810105257-phpapp01
Altimetersocialanalytics081011final 110810105257-phpapp01Stephen Darori
 
Altimeter social analytics
Altimeter social analyticsAltimeter social analytics
Altimeter social analyticsRahul Mantri
 
Trustable Tech mark (10 August 2018)
Trustable Tech mark (10 August 2018)Trustable Tech mark (10 August 2018)
Trustable Tech mark (10 August 2018)Peter Bihr
 
ThingsCon: Trustable Tech mark (26 Sept 2018)
ThingsCon: Trustable Tech mark (26 Sept 2018)ThingsCon: Trustable Tech mark (26 Sept 2018)
ThingsCon: Trustable Tech mark (26 Sept 2018)Peter Bihr
 
Future of Pieces | 2018 Trends by Adi Yoffe
Future of Pieces | 2018 Trends by Adi Yoffe Future of Pieces | 2018 Trends by Adi Yoffe
Future of Pieces | 2018 Trends by Adi Yoffe Adi Yoffe
 
ThingsCon: Trustable Tech Mark (10 Oct 2018)
ThingsCon: Trustable Tech Mark (10 Oct 2018)ThingsCon: Trustable Tech Mark (10 Oct 2018)
ThingsCon: Trustable Tech Mark (10 Oct 2018)Peter Bihr
 
Technology Economics: Propylene via Metathesis
Technology Economics: Propylene via MetathesisTechnology Economics: Propylene via Metathesis
Technology Economics: Propylene via MetathesisIntratec Solutions
 
Outlier Analytics - Learning from Those on the Fringe
Outlier Analytics - Learning from Those on the FringeOutlier Analytics - Learning from Those on the Fringe
Outlier Analytics - Learning from Those on the FringeForte Consultancy Group
 
Towards a Trustmark for IoT (30 May 2018)
Towards a Trustmark for IoT (30 May 2018)Towards a Trustmark for IoT (30 May 2018)
Towards a Trustmark for IoT (30 May 2018)Peter Bihr
 
The Trustable Technology Mark
The Trustable Technology MarkThe Trustable Technology Mark
The Trustable Technology MarkPeter Bihr
 
Ivory Essay Uk. Online assignment writing service.
Ivory Essay Uk. Online assignment writing service.Ivory Essay Uk. Online assignment writing service.
Ivory Essay Uk. Online assignment writing service.Tonya Jackson
 
Towards a Trustmark for IoT (May 2018)
Towards a Trustmark for IoT (May 2018)Towards a Trustmark for IoT (May 2018)
Towards a Trustmark for IoT (May 2018)Peter Bihr
 

Similaire à Should You Track Users After Logout (20)

Technology Economics: Sodium Hypochlorite Chemical Production
Technology Economics: Sodium Hypochlorite Chemical ProductionTechnology Economics: Sodium Hypochlorite Chemical Production
Technology Economics: Sodium Hypochlorite Chemical Production
 
Digital Transformation Business Evolution
Digital Transformation Business Evolution Digital Transformation Business Evolution
Digital Transformation Business Evolution
 
UNICOM Conference on Digital Transformation - The Trust Framework Initiative ...
UNICOM Conference on Digital Transformation - The Trust Framework Initiative ...UNICOM Conference on Digital Transformation - The Trust Framework Initiative ...
UNICOM Conference on Digital Transformation - The Trust Framework Initiative ...
 
[Report] Consumer Perceptions of Privacy in the Internet of Things
[Report] Consumer Perceptions of Privacy in the Internet of Things[Report] Consumer Perceptions of Privacy in the Internet of Things
[Report] Consumer Perceptions of Privacy in the Internet of Things
 
Altimetersocialanalytics081011final 110810105257-phpapp01
Altimetersocialanalytics081011final 110810105257-phpapp01Altimetersocialanalytics081011final 110810105257-phpapp01
Altimetersocialanalytics081011final 110810105257-phpapp01
 
Altimeter social analytics
Altimeter social analyticsAltimeter social analytics
Altimeter social analytics
 
Trustable Tech mark (10 August 2018)
Trustable Tech mark (10 August 2018)Trustable Tech mark (10 August 2018)
Trustable Tech mark (10 August 2018)
 
ThingsCon: Trustable Tech mark (26 Sept 2018)
ThingsCon: Trustable Tech mark (26 Sept 2018)ThingsCon: Trustable Tech mark (26 Sept 2018)
ThingsCon: Trustable Tech mark (26 Sept 2018)
 
Future of Pieces | 2018 Trends by Adi Yoffe
Future of Pieces | 2018 Trends by Adi Yoffe Future of Pieces | 2018 Trends by Adi Yoffe
Future of Pieces | 2018 Trends by Adi Yoffe
 
Citizen-consumer permission based data sharing | Dr Matt Stroud | January 2015
Citizen-consumer permission based data sharing | Dr Matt Stroud | January 2015Citizen-consumer permission based data sharing | Dr Matt Stroud | January 2015
Citizen-consumer permission based data sharing | Dr Matt Stroud | January 2015
 
ThingsCon: Trustable Tech Mark (10 Oct 2018)
ThingsCon: Trustable Tech Mark (10 Oct 2018)ThingsCon: Trustable Tech Mark (10 Oct 2018)
ThingsCon: Trustable Tech Mark (10 Oct 2018)
 
eikon
eikoneikon
eikon
 
eikon
eikoneikon
eikon
 
Technology Economics: Propylene via Metathesis
Technology Economics: Propylene via MetathesisTechnology Economics: Propylene via Metathesis
Technology Economics: Propylene via Metathesis
 
Outlier Analytics - Learning from Those on the Fringe
Outlier Analytics - Learning from Those on the FringeOutlier Analytics - Learning from Those on the Fringe
Outlier Analytics - Learning from Those on the Fringe
 
IIAR best practice primer paper: Who are industry analysts and what do they do?
IIAR best practice primer paper: Who are industry analysts and what do they do?IIAR best practice primer paper: Who are industry analysts and what do they do?
IIAR best practice primer paper: Who are industry analysts and what do they do?
 
Towards a Trustmark for IoT (30 May 2018)
Towards a Trustmark for IoT (30 May 2018)Towards a Trustmark for IoT (30 May 2018)
Towards a Trustmark for IoT (30 May 2018)
 
The Trustable Technology Mark
The Trustable Technology MarkThe Trustable Technology Mark
The Trustable Technology Mark
 
Ivory Essay Uk. Online assignment writing service.
Ivory Essay Uk. Online assignment writing service.Ivory Essay Uk. Online assignment writing service.
Ivory Essay Uk. Online assignment writing service.
 
Towards a Trustmark for IoT (May 2018)
Towards a Trustmark for IoT (May 2018)Towards a Trustmark for IoT (May 2018)
Towards a Trustmark for IoT (May 2018)
 

Plus de Aurélie Pols

AI Roles and Risk for election year 2024
AI Roles and Risk for election year 2024AI Roles and Risk for election year 2024
AI Roles and Risk for election year 2024Aurélie Pols
 
Preparing for the AI Act - 5 years into GDPR enforcement
Preparing for the AI Act - 5 years into GDPR enforcementPreparing for the AI Act - 5 years into GDPR enforcement
Preparing for the AI Act - 5 years into GDPR enforcementAurélie Pols
 
Creative destruction & Privacy Whitewashing: where does risk lie?
Creative destruction & Privacy Whitewashing: where does risk lie? Creative destruction & Privacy Whitewashing: where does risk lie?
Creative destruction & Privacy Whitewashing: where does risk lie? Aurélie Pols
 
ePrivacy Directive, a 10 steps framework to be as compliant as possible for m...
ePrivacy Directive, a 10 steps framework to be as compliant as possible for m...ePrivacy Directive, a 10 steps framework to be as compliant as possible for m...
ePrivacy Directive, a 10 steps framework to be as compliant as possible for m...Aurélie Pols
 
IAPP - Skills For Minimizing Privacy Risk in Data Science Product and Service...
IAPP - Skills For Minimizing Privacy Risk in Data Science Product and Service...IAPP - Skills For Minimizing Privacy Risk in Data Science Product and Service...
IAPP - Skills For Minimizing Privacy Risk in Data Science Product and Service...Aurélie Pols
 
Women in STEM for IE Girl Up Club
Women in STEM for IE Girl Up Club Women in STEM for IE Girl Up Club
Women in STEM for IE Girl Up Club Aurélie Pols
 
For Superweek 2022: discussing risk using IAB's TCF
For Superweek 2022: discussing risk using IAB's TCFFor Superweek 2022: discussing risk using IAB's TCF
For Superweek 2022: discussing risk using IAB's TCFAurélie Pols
 
Interoperability in Digital will take a Global Village
Interoperability in Digital will take a Global VillageInteroperability in Digital will take a Global Village
Interoperability in Digital will take a Global VillageAurélie Pols
 
The GDPR is here. So do you know what the courts are saying?
The GDPR is here. So do you know what the courts are saying?The GDPR is here. So do you know what the courts are saying?
The GDPR is here. So do you know what the courts are saying?Aurélie Pols
 
CPDP: Data ownership, Innovation and Privacy: looking for an approach on both...
CPDP: Data ownership, Innovation and Privacy: looking for an approach on both...CPDP: Data ownership, Innovation and Privacy: looking for an approach on both...
CPDP: Data ownership, Innovation and Privacy: looking for an approach on both...Aurélie Pols
 
GDPR and the aftermath: what are we building towards?
GDPR and the aftermath: what are we building towards?GDPR and the aftermath: what are we building towards?
GDPR and the aftermath: what are we building towards?Aurélie Pols
 
Who Goes There? Demystifying Digital Identity for All (1/2)
Who Goes There? Demystifying Digital Identity for All (1/2)Who Goes There? Demystifying Digital Identity for All (1/2)
Who Goes There? Demystifying Digital Identity for All (1/2)Aurélie Pols
 
Data is the new infrastructure, Privacy is the new green, Trust is the new cu...
Data is the new infrastructure, Privacy is the new green, Trust is the new cu...Data is the new infrastructure, Privacy is the new green, Trust is the new cu...
Data is the new infrastructure, Privacy is the new green, Trust is the new cu...Aurélie Pols
 
How digitization challenges our values as citizens
How digitization challenges our values as citizens How digitization challenges our values as citizens
How digitization challenges our values as citizens Aurélie Pols
 
Technical Consequences of the Data Subject's Rights
Technical Consequences of the Data Subject's RightsTechnical Consequences of the Data Subject's Rights
Technical Consequences of the Data Subject's RightsAurélie Pols
 
From GDPR to ePrivacy: what does it mean to the advertising sector?
From GDPR to ePrivacy: what does it mean to the advertising sector?From GDPR to ePrivacy: what does it mean to the advertising sector?
From GDPR to ePrivacy: what does it mean to the advertising sector?Aurélie Pols
 
State of EU legislation: GDPR & ePrivacy for Superweek
State of EU legislation: GDPR & ePrivacy for SuperweekState of EU legislation: GDPR & ePrivacy for Superweek
State of EU legislation: GDPR & ePrivacy for SuperweekAurélie Pols
 
The Great GDPR MyData Debate - Aurelie Pols - Keynote
The Great GDPR MyData Debate - Aurelie Pols - KeynoteThe Great GDPR MyData Debate - Aurelie Pols - Keynote
The Great GDPR MyData Debate - Aurelie Pols - KeynoteAurélie Pols
 
The Data Subject First? Decoding the GDPR at StrataData
The Data Subject First? Decoding the GDPR at StrataDataThe Data Subject First? Decoding the GDPR at StrataData
The Data Subject First? Decoding the GDPR at StrataDataAurélie Pols
 
Brussels data science - Privacy Engineering for Big Data & Data Science
Brussels data science - Privacy Engineering for Big Data & Data ScienceBrussels data science - Privacy Engineering for Big Data & Data Science
Brussels data science - Privacy Engineering for Big Data & Data ScienceAurélie Pols
 

Plus de Aurélie Pols (20)

AI Roles and Risk for election year 2024
AI Roles and Risk for election year 2024AI Roles and Risk for election year 2024
AI Roles and Risk for election year 2024
 
Preparing for the AI Act - 5 years into GDPR enforcement
Preparing for the AI Act - 5 years into GDPR enforcementPreparing for the AI Act - 5 years into GDPR enforcement
Preparing for the AI Act - 5 years into GDPR enforcement
 
Creative destruction & Privacy Whitewashing: where does risk lie?
Creative destruction & Privacy Whitewashing: where does risk lie? Creative destruction & Privacy Whitewashing: where does risk lie?
Creative destruction & Privacy Whitewashing: where does risk lie?
 
ePrivacy Directive, a 10 steps framework to be as compliant as possible for m...
ePrivacy Directive, a 10 steps framework to be as compliant as possible for m...ePrivacy Directive, a 10 steps framework to be as compliant as possible for m...
ePrivacy Directive, a 10 steps framework to be as compliant as possible for m...
 
IAPP - Skills For Minimizing Privacy Risk in Data Science Product and Service...
IAPP - Skills For Minimizing Privacy Risk in Data Science Product and Service...IAPP - Skills For Minimizing Privacy Risk in Data Science Product and Service...
IAPP - Skills For Minimizing Privacy Risk in Data Science Product and Service...
 
Women in STEM for IE Girl Up Club
Women in STEM for IE Girl Up Club Women in STEM for IE Girl Up Club
Women in STEM for IE Girl Up Club
 
For Superweek 2022: discussing risk using IAB's TCF
For Superweek 2022: discussing risk using IAB's TCFFor Superweek 2022: discussing risk using IAB's TCF
For Superweek 2022: discussing risk using IAB's TCF
 
Interoperability in Digital will take a Global Village
Interoperability in Digital will take a Global VillageInteroperability in Digital will take a Global Village
Interoperability in Digital will take a Global Village
 
The GDPR is here. So do you know what the courts are saying?
The GDPR is here. So do you know what the courts are saying?The GDPR is here. So do you know what the courts are saying?
The GDPR is here. So do you know what the courts are saying?
 
CPDP: Data ownership, Innovation and Privacy: looking for an approach on both...
CPDP: Data ownership, Innovation and Privacy: looking for an approach on both...CPDP: Data ownership, Innovation and Privacy: looking for an approach on both...
CPDP: Data ownership, Innovation and Privacy: looking for an approach on both...
 
GDPR and the aftermath: what are we building towards?
GDPR and the aftermath: what are we building towards?GDPR and the aftermath: what are we building towards?
GDPR and the aftermath: what are we building towards?
 
Who Goes There? Demystifying Digital Identity for All (1/2)
Who Goes There? Demystifying Digital Identity for All (1/2)Who Goes There? Demystifying Digital Identity for All (1/2)
Who Goes There? Demystifying Digital Identity for All (1/2)
 
Data is the new infrastructure, Privacy is the new green, Trust is the new cu...
Data is the new infrastructure, Privacy is the new green, Trust is the new cu...Data is the new infrastructure, Privacy is the new green, Trust is the new cu...
Data is the new infrastructure, Privacy is the new green, Trust is the new cu...
 
How digitization challenges our values as citizens
How digitization challenges our values as citizens How digitization challenges our values as citizens
How digitization challenges our values as citizens
 
Technical Consequences of the Data Subject's Rights
Technical Consequences of the Data Subject's RightsTechnical Consequences of the Data Subject's Rights
Technical Consequences of the Data Subject's Rights
 
From GDPR to ePrivacy: what does it mean to the advertising sector?
From GDPR to ePrivacy: what does it mean to the advertising sector?From GDPR to ePrivacy: what does it mean to the advertising sector?
From GDPR to ePrivacy: what does it mean to the advertising sector?
 
State of EU legislation: GDPR & ePrivacy for Superweek
State of EU legislation: GDPR & ePrivacy for SuperweekState of EU legislation: GDPR & ePrivacy for Superweek
State of EU legislation: GDPR & ePrivacy for Superweek
 
The Great GDPR MyData Debate - Aurelie Pols - Keynote
The Great GDPR MyData Debate - Aurelie Pols - KeynoteThe Great GDPR MyData Debate - Aurelie Pols - Keynote
The Great GDPR MyData Debate - Aurelie Pols - Keynote
 
The Data Subject First? Decoding the GDPR at StrataData
The Data Subject First? Decoding the GDPR at StrataDataThe Data Subject First? Decoding the GDPR at StrataData
The Data Subject First? Decoding the GDPR at StrataData
 
Brussels data science - Privacy Engineering for Big Data & Data Science
Brussels data science - Privacy Engineering for Big Data & Data ScienceBrussels data science - Privacy Engineering for Big Data & Data Science
Brussels data science - Privacy Engineering for Big Data & Data Science
 

Dernier

BigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptxBigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptxolyaivanovalion
 
Introduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptxIntroduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptxfirstjob4
 
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
Week-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionWeek-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionfulawalesam
 
April 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's AnalysisApril 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's Analysismanisha194592
 
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...amitlee9823
 
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...amitlee9823
 
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...Valters Lauzums
 
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort ServiceBDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort ServiceDelhi Call girls
 
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAl Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAroojKhan71
 
100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptxAnupama Kate
 
Generative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusGenerative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusTimothy Spann
 
Schema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfSchema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfLars Albertsson
 
Carero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxCarero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxolyaivanovalion
 
Edukaciniai dropshipping via API with DroFx
Edukaciniai dropshipping via API with DroFxEdukaciniai dropshipping via API with DroFx
Edukaciniai dropshipping via API with DroFxolyaivanovalion
 
FESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfFESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfMarinCaroMartnezBerg
 
CebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptxCebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptxolyaivanovalion
 

Dernier (20)

Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get CytotecAbortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
 
BigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptxBigBuy dropshipping via API with DroFx.pptx
BigBuy dropshipping via API with DroFx.pptx
 
Introduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptxIntroduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptx
 
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
Week-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionWeek-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interaction
 
April 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's AnalysisApril 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's Analysis
 
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
Call Girls Hsr Layout Just Call 👗 7737669865 👗 Top Class Call Girl Service Ba...
 
Sampling (random) method and Non random.ppt
Sampling (random) method and Non random.pptSampling (random) method and Non random.ppt
Sampling (random) method and Non random.ppt
 
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
 
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
 
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort ServiceBDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
 
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAl Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
 
100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx
 
Generative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusGenerative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and Milvus
 
Schema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfSchema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdf
 
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts ServiceCall Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
 
Carero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxCarero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptx
 
Edukaciniai dropshipping via API with DroFx
Edukaciniai dropshipping via API with DroFxEdukaciniai dropshipping via API with DroFx
Edukaciniai dropshipping via API with DroFx
 
FESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfFESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdf
 
CebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptxCebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptx
 

Should You Track Users After Logout

  • 1. ©  Aurélie  Pols   1   Amicus  brief1:  Should  you  measure  when  a  user  logs  out?     Table  of  Contents:   To  the  attention  of  ....................................................................................................  1   Objective  of  this  document  ........................................................................................  1   Authors  .....................................................................................................................  2   Cited  sources  ............................................................................................................................................................  2   Background  information  ............................................................................................  3   Description  of  the  data  ecosystem  .............................................................................  5   Involved  actors  ........................................................................................................................................................  5   Vocabulary  .................................................................................................................................................................  5   Legal  jargon  (borrowed  from  EU  legislation)  ............................................................................................  6   Risk  and  potential  liability  .................................................................................................................................  8   Type  of  content  accessed  (and  logged-­‐out  from)  .....................................................................................  9   Reasonable  client  expectation  ..........................................................................................................................  9   Minimal  requirements  to  lower  risk  ............................................................................................................  10   Doomsday  scenario  .............................................................................................................................................  11   Conclusion  ...............................................................................................................  11     To  the  attention  of   The  Digital  Analytics  Association,  more  specifically   Name   Company   Title   Email   Jodi  McDermott   comScore   President   XXXXXXX   Bob  Page   HortonWorks   Vice  President   XXXXXXX     Jim  Sterne     Chair  of  the   Board   XXXXXXX   Mike  Levin   DAA   Executive   Director   XXXXXXX   Objective  of  this  document   This  amicus  brief  is  intended  to  support  the  digital  analytics  community  with  the   understanding  of  the  implications  of  digital  measurement  practices  from  the  angle   of  increasing  Privacy,  Compliance,  Ethics  and  Security  requirements.     This  document  is  not  intended  to  hold  any  legal  recommendations.     The  purpose  of  this  document  is  to  foster  reflections  and  discussions  within  the   digital  analytics  community  about  vendors’  measurement  practices,  ways  to  tackle   evolving  global  Privacy  legislation  and  increased  feelings  of  lack  of  trust  that  is  felt   by  Internet  users  all  over  the  world.                                                                                                                   1  Amicus  brief  or  Amicus  Curiae:  A  person  (or  other  entity,  such  as  state  government)  who  is  not  a   party  to  a  particular  lawsuit  but  nevertheless  has  a  strong  interest  in  it  may  be  allowed,  by  leave  of   the  court,  to  file  an  amicus  curiae  brief,  a  statement  of  particular  views  on  the  subject  matter  of  the   lawsuit.  Source:  http://www.merriam-­‐webster.com/dictionary/amicus%20curiae    
  • 2. ©  Aurélie  Pols   2   Authors   Name   Company   Country   Email   Aurélie  Pols   OX3  Analytics  S.L.   Spain   aurelie@mindyourprivacy.com     Peter  O’Neill   L3  Analytics   UK   XXXXXX   Benjamin   Mercier   Barclays   UK   XXXXXX       Cited  sources   Name   Company   Country   Email   Simo  Ahava   Netbooster   Finland   XXXXXX   Tahir  Fayyaz   Havas  Media   UK   XXXXXX   Doug  Hall   Conversion  Works   UK   XXXXXX       Date:  January  12th  2015   Version:  5  
  • 3. ©  Aurélie  Pols   3   Background  information     In  October  2014,    Simo  Ahava  from  Netbooster  Finland  wrote  an  excellent  blog   post  entitled  “#GTMtips:  Once  userID,  Always  userID”  about  the  use  of  Google   Universal  Analytics’  UserID  across  sessions.    http://www.simoahava.com/gtm-­‐ tips/once-­‐userid-­‐always-­‐userid/           The  same  day,  Peter  O’Neill  from  L3  Analytics  in  the  UK  bounced  on  the  article  and   started  a  Twitter  conversation  about  whether  a  visitor  should  continue  to  be   identified  and  measured  after  having  expressly  logged-­‐out  from  a  website  section   or  an  application.         Current  perception  within  the  industry:   As  clearly  shown  through  the  feedback  to  Peter  O’Neill’s  tweet,  digital  analytics   professionals  tend  to  refer  to  vendor  documentation  and  more  specifically  their   Terms  of  Use  or  policy  in  order  to  define  the  legality  of  certain  measurement   practices.         When  the  question  is  raised  to  the  vendors  and  nothing  is  found  within  the  legal   documentation,  the  next  logical  step  is  usually    to  assure  that  the  client  is  “happy”   with  the  tracking  methods.   By  client  we  define  here  the  party  that  is  effectively  using  the  vendor’s  solution  on   their  digital  properties  for  eg.  an  ecommerce,  bank,  insurance  company…    
  • 4. ©  Aurélie  Pols   4       Digital  professionals  should  however  also  take  into  consideration  “reasonable   expectations”  of  visitors  of  online  properties.  As  they  are  recommending  on   measurement  best  practices  either  on  behalf  of  their  clients,  as  external   consultants,  or  for  their  employer  as  internal  digital  analysts.       Which  brings  to  the  most  important  point  for  the  digital  analytics  sector  and  other   players  within  this  data  ecosystem  such  as  vendors.     While  being  considered  as  a  competitive  advantage,  their  visitor  tracking   methodology  often  lacks  transparency,  potentially  harming  their  clients  and  in  the   process  those  consultants  recommending  their  very  tools.     Additionally,  while  at  the  same  time,  vendors  are  engaged  into  new  and  parallel   features  races  in  order  to  assure  adequate  alignment  with  Privacy  requirements,   this  lack  of  transparency  often  leaves  actors  second-­‐guessing.     Here  is  an  example  of  how  KissMetrics2  apparently  auto  stitches  visitor’s  data   between  sessions,  independently  of  whether  users  logged  out  (according  to  Tahir   Fayyaz  from  Havas  Media  UK).       It  raises  the  question  of  whether  a  choice,  the  very  feature,  actually  exists  for  the   websites  to  define  how  the  data  about  their  clients’  behavior  is  being  stitched   together.                                                                                                                           2  KISSMetrics  Finalizes  Supercookies  Settlement  by  Wendy  Davis,  MediaPost,  January  2013,   http://www.mediapost.com/publications/article/191409/kissmetrics-­‐finalizes-­‐supercookies-­‐ settlement.html,  last  visited  November  5th  2014  
  • 5. ©  Aurélie  Pols   5   Description  of  the  data  ecosystem   Involved  actors   Vocabulary   • “Website  owner”  is  defined  in  this  document  as  the  company  collecting  the   data  about  their  clients  in  order  to  optimize  their  digital  properties.  Such  a   company  could  be  a  pure  digital  player  like  an  ecommerce  property  or   online  retailer,  a  bank,  a  pharmaceutical  or  insurance  company,  etc.     • “Customer”  is  defined  as  the  visitor  to  the  digital  properties  or  apps,  which   by  interacting  with  the  properties  leaves  data  exhausts  of  preferences  in   ways  of  clicks  and  data  introduced  through  forms  and  other  logging   methods.   • Actors  in  between  this  relationship  are  considered  “intermediaries”,  who   hold  their  own  legal  liability  within  the  data  ecosystem,  and  are  often  either   tool  vendors  &/or  agencies.     More  specifically,  the  eco  system  of  actors  looks  like  this:       Where  data  flows,  through  intermediaries,  from  visitors  towards  the  company   collecting  the  data,  from  the  customer  to  the  website  properties  in  this  case.     Depending  upon  the  type  of  data,  sector  and  geography,  the  company  collecting  the   data,  the  customer  for  digital  analytics  agencies  and  vendors,  has  certain   responsibilities  related  to  the  data  being  collected  (and  the  person  this  data  might   be  coming  from3).                                                                                                                   3  Avoiding  any  debate  here  about  data  ownership  in  order  to  keep  this  simple  
  • 6. ©  Aurélie  Pols   6       In  between  the  extremes  of  these  data  flows  and  related  responsibility,  lay  tools   and  agencies,  which  take  part  in  the  data  flow  and  hence  pick  up  some  of  the   responsibility.  In  a  word,  they  may  be  liable  in  case  of  issues.  Such  issues  can  be   related  to  compliance,  security  or  more  vaguely  Privacy  issues.     Tools  or  vendors  typically  waiver  their  liability  within  this  data  eco  system   through  their  Terms  of  Use  or  Terms  and  Conditions,  where  they  stipulate  correct   and  incorrect  uses  of  their  technology  whenever  possible.     After  all,  technology  is  Privacy  neutral  and  it  would  be  impossible  for  vendors  to   imagine  every  case  scenario.     What  vendors  can  decide  is:     1. Under  which  legislation  the  data  is  stored.     2. Which  functionalities  are  developed  to  support  business  needs,  including   possible  security,  privacy  and  compliance  requirements.   Legal  jargon  (borrowed  from  EU  legislation)   European  Data  Protection4  legislation  attributes  roles  and  responsibilities  related   to  data  flows.     More  specifically,  EU  Privacy  legislation  talks  of  “Data  Controllers”  and  “Data   Processors”,  or  sub-­‐processors,  in  this  data  eco  system.                                                                                                                   4  Europe  talks  of  Data  Protection  instead  of  Privacy  legislation,  which  is  more  of  a  US  focused  topic.   The  UK  sits  in  between  as  for  now,  it’s  still  part  of  Europe.  
  • 7. ©  Aurélie  Pols   7         Intermediaries  hold  responsibilities  in  the  data  flow,  using  the  legal  term  “Data   Processors”,  or  “Data  Sub-­‐Processors”,  in  most  cases  for  digital  analytics5.     The  responsibilities  of  a  “Data  Controller”,  the  digital  property  collecting  the  data   in  the  first  place,  is  roughly  outlined  as  follows6:   1. Inform  participants;   2. Obtain  informed  consent;   3. Ensure  that  data  held  is  accurate;   4. Delete  personal  data  when  it  is  no  longer  needed;   5. Protect  against  unauthorized  destruction,  loss,  alteration  and  disclosure;   6. Contract  with  Data  Processors  responsibly;   7. Take  care  transferring  data  out  of  Europe;   8. If  you  collect  “special”  categories  of  data,  get  specialist  advice;   9. Deal  with  any  subject  access  requests;   10. If  the  assessment  is  high  stakes,  ensure  there  is  review  of  any  automated   decision  making;   11. Appoint  a  data  protection  officer  and  train  the  staff;   12. Work  with  supervisory  authorities  and  respond  to  complaints.                                                                                                                       5  The  main  exception  is  Google  Analytics,  who  acts  as  both  a  processor  but  also  a  controller,  which   is  why  they  don’t  want  data  that  could  potentially  identify  an  individual  within  their  tool  cf.   http://www.mindyourprivacy.com/english-­‐us-­‐role-­‐playing-­‐which-­‐one-­‐are-­‐you-­‐google-­‐analytics-­‐ controller-­‐or-­‐processor/?lang=en     6  Note  that  in  the  case  of  a  vendor’s  website,  the  vendor  then  takes  on  the  role  of   “Data  controller”  for  it’s  own  digital  properties  
  • 8. ©  Aurélie  Pols   8   Risk  and  potential  liability   Getting  back  to  the  initial  question  of  whether  a  digital  analyst  should  continue  to   track  and  measure  once  a  client  logs  out,  the  answer  is  best  expressed  in  terms  of   risk.     What  is  wrong  about  continuing  to  track  visitors  after  a  log  out  action?       The  first  risk  is  legal,  during  the  session,  the  visitor  made  an  action  like:  “stop   identifying  or/&  tracking  me”.  If  the  visitor  continues  to  browse  the  site,  he  would   expect  to  be  treated  as  an  anonymous  visitor  and  not  be  tracked.  In  most  digital   properties,  after  logging  out,  the  site  doesn’t  display  the  visitors  name  anymore,   photos  etc.  but  still  remembers  him  and  continues  to  track  his  actions  as  if  no   logout  ever  happened.     Such  risk  can  either  be  of  a  non-­‐compliance  nature  and  therefore  the  customer  –   the  data  controller  -­‐  could  encounter  financial  fines  for  non-­‐compliance  with  the   legislation  or  such  risk  might  be  related  to  client  feelings  of  creepiness.     Indeed,  a  visitor  who  did  expressively  log  out  might  “expect”  not  to  be  tracked   anymore.  Therefore  if  this  visitor  gets  re-­‐targeted  with  promotions  related  to   unlogged  navigation,  it  might  damage  the  trust  relationship  that  stands  between   the  site  and  the  visitor.  This  is  what  we  call  Creepiness.     Additionally,  risk  is  distributed  between  the  actors  within  the  data  eco  system  as   the  data  controller  can  turn  against  a  data  processor  or  sub-­‐processor  to  claim  for   compensation  in  case  of  trouble.     The  initial  data  controller  should  go  through  the  exercise  of  balancing  its  own  risk   by  asking  the  following  questions:   1. Is  my  company  being  non-­‐compliant  by  still  tracking  an  identified  visitor   even  though  the  visitor  did  expressly  log  out?  (an  email  address  is   considered  to  be  PII  in  all  US  states  so  let’s  consider  we  are  talking  about  an   individual  as  this  is  login)     2. If  so,  what  is  the  probability  of  being  fined  and  for  which  maximum   amount?   3. If  not  legal  issues,  are  there  a  potential  brand  perception  issues  that  might   arise  from  this  practice  if  word  comes  out?   4. If  so,  what  are  the  rewards  from  still  tracking  an  individual  after  they   expressly  logged  out  compared  to  this  potential  feeling  of  creepiness?     For  intermediaries  like  agencies  mainly,  they  should  ask  themselves  the  same   questions  but  in  the  light  of  their  own  liability.   In  fact,  agencies  should  include  as  a  mandatory  step  of  their  relationship  with  their   customers,  an  explanation  of  what  exactly  does  the  tracking  technology  collects  as   data  and  how  visitors’  sessions  are  delimited.  According  to  the  transparency   principle  and  hopefully  with  the  help  of  the  vendors,  the  web  sites  will  be  able  to   make  an  informed  decision  about  the  best  data  strategy  to  take.  
  • 9. ©  Aurélie  Pols   9   Type  of  content  accessed  (and  logged-­‐out  from)   A  word  of  caution  related  to  question  2:  the  probability  of  being  fined.     Certain  sectors  and  geographies  hold  higher  probabilities  of  fines  &/or  class   actions.     In  Spain  for  example,  Telcos  are  the  favorite  target  for  Data  Protection  Agencies   while  in  Italy,  credit  agencies  should  be  more  careful.     The  US,  unlike  the  EU  (who  has  overarching  Data  Protection  legislation  for  all   sectors)  holds  specific  Privacy  related  legislation  per  sector.     The  typical  ones  are  related  to  health  (HIPPA),  children  (COPPA)  but  also  banking,   energy,  video  rentals,  etc.  etc.  and  often  talk  of  the  use  of  “sensitive”  data  (health,   financial,  sexual  orientation,  political  views,  …)  on  top  of  the  initial  classification   between  the  probability  of  identifying  an  individual  or  not.   Typically  pharma  clients,  banks  and  insurances,  digital  properties  dealing  with   children,  etc.  should  be  extra  careful  with  the  choices  they  make  related  to  their   digital  analytics  infrastructure  and  measure  practices.   Reasonable  client  expectation   Even  if  “reasonable  client  expectation”  could  be  argued  to  answer  questions  1  and   2,  for  which  legal  analysis  would  be  necessary  depending  upon  country  and  sector,   it’s  mainly  for  question  3  and  4  that  expectations  and  perception  really  starts   playing  an  active  role.       As  mentioned  in  the  previous  section  about  types  of  content,  the  question  should   be  asked  as  to  why  a  client  would  expressly  logout  of  an  application  or  online   service.     Certain  industries  would  typically  terminate  sessions  as  the  browser  is  closed  like   airlines  while  others,  like  banks,  would  often  automatically  log  out  after  a  defined   period  of  time,  if  their  clients  don’t  do  it  after  finishing  their  transactions.  On  the   other  side  of  the  spectrum,  social  sites  like  Facebook  would  keep  the  automatic   login  active  even  when  a  window  is  closed  and  opened  up  again  within  the  same   browser.       Choices  related  to  how  to  allow  logout  in  the  first  place  are  therefore  abundant  and   will  depend  upon  each  particular  situation.  Those  logout  choices  will  be  influenced   by  the  sector  the  company  is  operating  in,  security  reasons  and  possibly  analytics   practices  if  not  region.   From  there  on  follows  that  the  choice  of  continuing  to  track  a  user  even  after  they   actively  logged  out  is  not  a  black  and  white  answer  as  it  depends,  possibly  even  on   more  factors  than  those  listed  above.     And  while  companies  will  certainly  have  internal  discussions  about  how  and  when   to  close  sessions  and  log  out,  the  same  cannot  be  said  for  analytics.  The  simple   reason  for  the  difference  is  because  tracking  can  go  undetected  from  the  trained   digital  analytics  eye.  And  you  can’t  really  ask  questions  about  what  you  can’t  see.    
  • 10. ©  Aurélie  Pols   10   It  therefore  often  falls  upon  the  underlying  agency  that  is  consulting  related  to  the   digital  analytics  set  up  of  the  customer  to  recommend  best  practices,  with  all  the   liability  that  this  infers  as  discussed  earlier.   Minimal  requirements  to  lower  risk   While  the  #1  responsibility  of  a  data  controller  is  to  inform  participants,  the   question  remains  open  as  to  whether  a  Privacy  Policy  should  specify  a  data  is   being  collected  even  if  a  user  logs  out.     At  the  time  of  writing,  it  doesn’t  seem  common  practice.     While  Privacy  Policies  are  clearly  evolving  in  terms  of  transparency,  tone  and   focus,  going  this  deep  into  data  collection  details  is  far  from  common  practice.   Another  point  to  raise  would  be  about  the  type  of  data  being  collected  after  logout   as  this  data  could  remain  linked  to  a  uniquely  identified  individual  or  become  part   of  a  bucketed  type  of  anonymous  data,  if  the  tools  allowed  for  such  a  distinction.       As  an  example  it  would  be  interesting  for  those  companies  to  separate  in  the  data   governance  guidance,  the  data  that  would  be  used  by  analytics  to  produce  insights,   improve  the  navigation,  make  a  better  user  experience  etc..  from  the  data  that  is   used  by  marketing  to  (re-­‐)target  customers  from  the  data  that  is  used  by  the   business  to  increase  the  sales.   That  way  it  makes  more  options  for  internal  reflections  when  deciding  about   tracking  data  after  logout.         This  functionality  was  actually  described  by  Seth  Romanow  while  at  Microsoft  at   eMetrics  in  2007  and  he  called  it  “Personamous”:    
  • 11. ©  Aurélie  Pols   11   This  set-­‐up  was  reached  through  clever  technology  and  the  use  of  webtrends  and   Omniture  at  the  time:  2  tools  and  a  lot  of  databases  in  between.     Doomsday  scenario   Imagine  a  health  insurer  website  where  a  visitor  is  logged  in  to  request  refunds.     Let’s  now  imagine  this  visitor  logs  out  and  looks  for  a  specialized  physician  related   to  prostate  cancer.  What  would  our  industry  do  with  this  information?     The  current  Big  Data  Privacy  debate,  initiated  by  the  then  French  Data  Protection   Authority  president  Isabelle  Falque-­‐Pierrotin,  is  whether  discrimination  might   take  place  due  to  excessive  tracking.   Would  an  insurance  company  increase  its  rates  if  you  were  to  search  for  a  prostate   cancer  physician  and  fall  within  the  likelihood  of  having  prostate  cancer  (because   you’re  male  and  are  over  50  years)?     Imagine  you’re  logged  onto  a  health  website,  you  log  out  and  look  for  Viagra.  Are   you  going  to  receive  an  automatic  email  with  discount  coupons  for  Viagra  through   some  kind  of  Marketing  Automation  program  on  your  family  email  address?   Conclusion   There  is  no  black  and  white  answer  to  the  initial  question  posed  in  this  document:   should  you  measure  when  logged  out?     The  way  data  will  be  picked  up,  stored  and  later  re-­‐used  should  be  seen  on  a  case-­‐ by-­‐case  scenario  basis  where  clearly  the  responsibility  of  our  industry  is  to   promote  “Responsible  Measure  Practices”  as  pointed  out  by  Doug  Hall  at   eMetrics  London.     Not  only  the  companies  using  the  measurement  technologies  to  better  understand   their  clients  should  be  aware  of  their  responsibilities.in  terms  of  compliance  and   consumer  feelings  of  creepiness.  The  digital  analytics  vendors  and  the  specialized   consultancies  also  have  a  part  to  play  in  the  liability  of  the  digital  data  ecosystem.     Agencies  can  hedge  their  liability  by  understanding  the  consequences  of  their   recommendations  and  asking  for  more  transparency  from  vendors  as  to  how  data   is  being  collected,  stored  and  shared.  Additionally,  they  should  not  shy  away  from   asking  professional  support  in  legal  matters  related  to  compliance  with  current   and  evolving  Privacy  legislation.     Vendors  have  been  limiting  their  liability  typically  through  their  Terms  of  Use  and   will  continue  to  do  so  in  order  to  assure  technological  neutrality.     After  all,  they  cannot  be  held  responsible  for  the  use  of  their  products.   Yet  they  should  give  the  opportunity  to  digital  analysts  to  have  the  right  features  in   place  that  would  allow  for  increased  choice  and  safer  ways  of  (re)using  the  data   being  collected.  
  • 12. ©  Aurélie  Pols   12   Some  actions  can  be  taken  to  improve  the  data  privacy  without  hurting  the  vision   of  analytics.    A  solution  could  be  a  reset  of  marketing  related  measurement  after   each  logout  keeping  analytics  live.     Also,  The  Universal  Analytics  userID  feature,  as  described  by  Simo  Ahava  in  his   blog  post,  is  a  great  feature,  it  might  be  worth  asking  whether  a  second  userID  to   support  Microsoft’s  Personamous  suggestion  would  not  be  worth  considering.