3. EU cookie law
May 2011
websites owned by companies based in the EU
- Clear notice explaining cookies and opt-out mechanism
- Strictly necessary cookies (session)
- Performance cookies (tracking) (opt-out)
- Targeting cookies (ads) (opt-out)
fine can be a maximum of 500,000£
5. GDPR
Effective since May 25 2018
Applied to people in EU
Personal Identifiable Information (PII)
- Right to be forgotten
- Right of access
- Data controller
- Data processor
7. Applied to people IN EU
IP address, PII?
Citizen outside EU?
Mobility
8. Data controller & Data processor
Data controller: frontend
- Complies with user-facing/interaction information and decision making
Data processor: google analytics
- Communicates with data controller to make GDPR compliance
11. Right to be forgotten
controllers of any links to, or copy or replication of, those personal data.
12. Pseudonymization
the processing of personal data in such a way that the data can no longer be attributed to a
specific data subject without the use of additional information.
14. Celerative
No aplica mucho
Prepararse, otra forma de pensar en los datos
- “Taggear” PII
- Revisar que PII no vaya por querystring ni url path
- Metodos de pseudonymization o separar data identificable de la que no es
- Frontend: tener una seccion de cookie policy y otra de privacy policy
- Frontend: revisar como se cargan las cookies (opt-in/opt-out)
- Google Analytics: va contra las normas enviar PII a GA
https://www.google.com/analytics/terms/us.html (buscar personally identifiable
information)
http://www.blastam.com/blog/5-actionable-steps-gdpr-compliance-google-analytics