Slides for my talk at the Digital AnalyMeetups in Berlin Nov 2017.
Video is here: https://www.youtube.com/watch?v=iFDiRbcmP34&feature=youtu.be&t=1h23m (unrehearsed, sp please excuse the less than graceful delivery).
2. Digital Analytics Meetup Berlin
So what is he talking about
§ Legal Guidelines, of limited usefulness
§ Tag Management, or, I think it would be a great idea
§ Should we even care, or, of course, but why
§ What do we do next, to make the world a little better
Digital Analytics Meetup
Seite 2
3. Digital Analytics Meetup Berlin
Legal Guidelines
EU
Directives
Other
Rules
National
Laws
Digital Analytics Meetup
Seite 2
WTF?
4. Digital Analytics Meetup Berlin
Digital Analytics Meetup
Seite 4
Legal Guidelines
EU Directives
§ informed consent as guiding principle
§ not a „cookie law“
National Laws
§ Bundesdatenschutzgesetz, Landesdatenschutzgesetz
§ Telekommunikationsgesetz („Datensparsamkeit“)
Other Regulations
§ Vendors‘ terms of service
§ Communiqués by privacy officers
§ International agreements (e.g. Privacy Shield)
5. Digital Analytics Meetup Berlin
Digital Analytics Meetup
Seite 5
Legal Guidelines
Laws provide guidelines
§ It tells in broad terms what we can do or can‘t do
§ If it‘s the same for all it puts us all on even footing
But there is always a but
§ Figuring out specifics might take legal counsel
§ Most of these rules apply only to personally identifiable data
§ But definitions are unclear and prone to change (e.g.
IP-addresses might be PII or not, depending on whom you ask)
6. The Problem
§ Developers are missing from that description
§ Marketers and even „webmasters“ are not necessarily tech savy
§ Ease of use invites abuse
Digital Analytics Meetup Berlin
Digital Analytics Meetup
Page 6
Tag Management
7. Digital Analytics Meetup Berlin
Digital Analytics Meetup
Seite 7
Tag Management, dangers of
TMS are Javascript Injectors
§ They have been described as „XSS as a Service“
§ This is not actually funny
Injected Tags run in the Page Context
§ They have access to all page data (forms, cookies, user data)
§ They can send data anywhere
Other Problems
§ Tags may break SSL encryption
§ They may overwrite variables
§ They may load heaps of other stuff
8. Digital Analytics Meetup Berlin
Digital Analytics Meetup
Seite 8
Tag Management and 3rd party tags
§ Many marketing tags are container
tags
§ They may load other tags ...
§ ... which may load other tags ...
§ ... which may load even more tags ...
§ (You see where this is going)
§ Proliferation of tags makes
control of data impossible
9. Digital Analytics Meetup Berlin
Digital Analytics Meetup
Seite 9
Tag Management – Stop-gap measures
Set Permissions
§ Exclude marketing from publishing (no offense meant)
§ Let developers do vetting of tags
§ Listen to them when they decline a tag
Use Whitelists
§ Some TMS (e.g. GTM) allow to whitelist/blacklist tags
§ You should prefer whitelists
§ If possible limit yourself to image tags and iframes
§ But if you allow custom HTML tags and js variables you
might as well not bother
Kick Publishers Butts
§ Why do they load 3rd party stuff anyway
10. Digital Analytics Meetup Berlin
Digital Analytics Meetup
Seite 10
Tag Management – Stop-gap measures
Browser Testing
§ Step manually through your site to see which tags are loaded
§ Ghostery lists all tags that are loaded
§ WASP Inspector displays dependencies between tags
Continuous Testing
§ Ghostery offers an (expensive) business solution
§ For a homegrown solution, capture requests with
a headless browser
§ (Automating everything is a PITA, so mock your page with just empty
HTML, a datalayer and the TMS code)
11. Digital Analytics Meetup Berlin
Digital Analytics Meetup
Seite 11
Tag Management – Stop-gap measures
Content Security policies
§ CSPs originally designed to combat XSS
§ But then we know TMS are XSS as a service
§ CSPs set „allowed origins“ for scripts and
other ressources
§ They prevent forms from being hacked, ensure SSL-encryption etc.
Problems with CSPs
§ No support by IE, limited support by Edge
§ Notoriously difficult to manage
12. Digital Analytics Meetup Berlin
Digital Analytics Meetup
Page 12
Tag Management – Stop-gap measures
Implementation of CSPs
§ CSPs are supposed to be set as http headers
§ So for full support they need to set on the server
§ However some features can be set via <meta> tags
§ So you can do some basic prototyping within your TMS
13. Digital Analytics Meetup Berlin
Digital Analytics Meetup
Seite 13
Tag Management – Stop-gap measures
14. Digital Analytics Meetup Berlin
Digital Analytics Meetup
Seite 14
Tag Management – Stop-gap measures
15. Digital Analytics Meetup Berlin
Digital Analytics Meetup
Page 15
Why do we care ?
§ Because we are fundamentally
good people
§ Do unto others as you would have
them do unto you
Jesus (attr.)
§ Act only according to that maxim
whereby you can at the same time
will that it should become a
universal law without contradiction
Immanuel Kant
§ However in real life ethics often
takes the back seat
16. Digital Analytics Meetup Berlin
Digital Analytics Meetup
Page 16
Why do we care ?
§ „Every action has an equal and
opposite reaction“
Isaac Newton
§ Ex.: A single lawsuit took down
Safe Harbor
§ EU tightens regulations
§ People are getting worried and
angry
§ Reaction might be very well rather
disproportionate
17. Digital Analytics Meetup Berlin
Digital Analytics Meetup
Seite 17
What do we do now ?
Transparency
§ Brilliant example: http://www.bbc.com/usingthebbc/cookies/
§ Problem: people prefer complaining over educating themselves
Advocacy
§ We do expert meetups. Why don‘t we do „layperson“ meetups ?
§ Problem: This might be viewed as lobbyism
Doing a better job
§ Do more with less data
§ More respect for user preferences
§ Hold up our end of the bargain
18. Digital Analytics Meetup Berlin
Digital Analytics Meetup
Page 18
Who am I
§ Eike Pierstorff
§ Senior Implementation Consultant
with e-dynamics
§ Job: e.pierstorff@e-dynamics.de
§ Casual: eike@diebesteallerzeiten.de
§ Blogging about Analytics here:
http://www.flesheatingarthropods.org/