SlideShare utilise les cookies pour améliorer les fonctionnalités et les performances, et également pour vous montrer des publicités pertinentes. Si vous continuez à naviguer sur ce site, vous acceptez l’utilisation de cookies. Consultez nos Conditions d’utilisation et notre Politique de confidentialité.
SlideShare utilise les cookies pour améliorer les fonctionnalités et les performances, et également pour vous montrer des publicités pertinentes. Si vous continuez à naviguer sur ce site, vous acceptez l’utilisation de cookies. Consultez notre Politique de confidentialité et nos Conditions d’utilisation pour en savoir plus.
At the start, the web was purely stateless – every request was the beginning (and every response the end) of a new conversation. Then we got cookies, so that servers could remember clients, and SSL so we could share information with servers that wasn't seen by all the servers it passed through en route. These two technologies enabled e-commerce and are so foundational now it is hard to imagine the web without them. The problem is the way we'e evolved the web has been down a path of increasingly aggressive data collection and reduced transparency for users.
We should have always been doing privacy by design, data portability, data transparency, and the right to be forgotten. We should not have become dependent on invasive ad tech and aggregated third-party data; we should not have handed over ownership of our own social graphs and connections so cheaply to private commercial interests.
While many (particularly in the US) may be uncomfortable with the legalistic and regulatory approach, preferring a more laissez-faire, self-governing model for virtually everything, the GDPR can be seen as an opportunity to start doing things right – applying the core principles of privacy by design not just where mandated by regulation but as a standard business practice.
C O O K I E S
Photo by John Dancy on Unsplash
“One day in June 1994, Lou Montulli sat down at his keyboard to ﬁx one of the biggest
problems facing the fledgling World Wide Web -- and, as so often happens in the world of
technology, he created another one.
At 24, Mr. Montulli was the ninth employee [at] Netscape Communications. . . he quickly came
up with an ingenious idea to address the problem and hammered out a five-page document
describing the technology that he and co-workers would design to give the Web a memory.
The solution called for each Web site's computer to place a small file on each visitor's machine
that would track what the visitor's computer did at that site. . . . It was a turning point in the
history of computing: at a stroke, cookies changed the Web from a place of discontinuous
visits into a rich environment in which to shop, to play -- even, for some people, to live. Cookies
fundamentally altered the nature of surfing the Web from being a relatively anonymous activity,
like wandering the streets of a large city, to the kind of environment where records of one's
transactions, movements and even desires could be stored, sorted, mined and sold.” - John
P 3 P
P 3 P
The Platform for Privacy Preferences
Project (P3P) is an obsolete protocol allowing
websites to declare their intended use of
information they collect about web browser users.
Designed to give users more control of their
personal information when browsing, P3P was
developed by the World Wide Web Consortium
(W3C) and officially recommended on April 16,
2002. Development ceased shortly thereafter and
there have been very few implementations of P3P.
D O N OT T R AC K ( D N T )
D O N OT T R AC K ( D N T ) https://allaboutdnt.com/
R E M E M B E R : I
A M N OT
A L AW Y E R
The General Data Protection Regulation
(GDPR) is an EU regulation that went into
effect on May 25th, 2018.
GDPR aims to give individuals (EU
citizens) more control over their personal
data, by requiring that businesses gain
more explicit consent from them to collect
and use it.
Understanding: At its core, GDPR is designed to
protect user data and empower users to have a better
1. What data is being collected about them.
2. How and why their data is being used.
Control: GDPR is also designed to give users better
control over their data. Users must be able to:
1. Tell companies what they can/cannot do with their
2. Request a record of all data stored about them.
3. Amend any data stored about them if it is not
4. Request the deletion of any/all data stored about
Reach: GDPR is designed to protect all EU
citizens and residents. It doesn’t matter
whether the company capturing/
processing data is based in the EU, the
only thing that matters is that the data you
are capturing belongs to an EU Citizen.
Individual Rights: All EU Citizens are entitled to
a series of individual rights under GDPR.
1. The right to be informed
2. The right of access
3. The right to rectification
4. The right to erasure
5. The right to restrict processing
6. The right to data portability
7. The right to object
8. Rights in relation to automated decision
making and profiling
5 Areas of Focus: There are 5 areas that
the GDPR focuses on. These provide a
framework for data capture:
4. Time Limited
Purpose: there are six legally acceptable reasons that a company
can process user data. All data processing needs to fit into one of
these categories and should be documented.
1. Consent: a user has given clear consent for you to
process their personal data for a specific purpose.
2. Contract: the processing is necessary for a contract
you have with the individual, or because they have
asked you to take specific steps before entering into a
3. Legal obligation: the processing is necessary for you
to comply with the law.
4. Vital interests: the processing is necessary to
protect someone’s life.
5. Public task: the processing is necessary for you to
perform a task in the public interest or for your official
functions, and the task or function has a clear basis in
6. Legitimate interests: the processing is necessary for
your legitimate interests or the legitimate
interests of a third party unless there is a good
reason to protect the individual’s personal data which
overrides those legitimate interests.
Limited: No data should be captured or
stored unless it is specifically required for an
approved data processing activity.
Accurate: All data that is captured should
be accurate and kept up to date for as long
as it is stored. Users should be able to
submit amendments to any data and
records should then be updated
Time Limited: Data should only be stored for
as long as required to process the data.
Once you are no longer processing the data,
it should be deleted.
Secure: All data processing and storage
needs to be secure by design and security
practices should be well documented. This
includes both technical infrastructure as well
as access rights/policies.
1. Capture/store as little data as possible.
2. Document what data you are capturing/
storing, why where it is being stored and
for how long.
3. Encrypt data wherever possible.
4. Use anonymised data wherever possible.
5. Make sure that any data you are
capturing has an explicit opt-in.
6. Make it easy for users to make requests
of their data.
7. Make sure to keep your data up-to-date
P R I VACY BY D E S I G N Photo by Dayne Topkin on Unsplash
W H AT D O I D O?
Photo by rawpixel on Unsplash
Assess & Document:
What data do we collect about visitors
How is that data collected, stored, and
What is the purpose for which that data is
collected and used?
How do we inform users of the purpose,
intent, retention, and permissions with
respect to their data?
TA K E OW N E R S H I P
What features on our site need to be
Where can we limit our use of data, in
scope, in timeline, or in purpose?
Where can we limit our data gathering?
How long will it take to get us into
D I V E R S I F Y R E V E N U E ST R E A M S
Photo by Maria Imelda on Unsplash
C U LT I VAT E T R A N S PA R E N CY &
H O N E ST Y
Photo by Kelli Dougal on Unsplash
Enforcement of the GDPR will most likely
first impact businesses with significant
financial interests and assets in the EU.
If you have enough financial presence in
the EU, you can afford a GDPR
B U T I J U ST P U B L I S H A B LO G !
Be clear about what data you collect,
how, and why
Most Likely Impact:
F O C U S O N
T H E S P I R I T
O F T H E L AW,
N OT J U ST
T H E L E T T E R
Photo by Maria Freyenbacher on Unsplash
D I D I
M E N T I O N I
A M N OT A
L AW Y E R ?