Sandboxes: the landscapes of the Internet is rapidly changing, and privacy is a key area to defend.
The governments of the world are lawmaking in unison these years – from the pan-European GDPR to the Californian CCPA and the Brazilian LGPD, data privacy laws are taking shape and emerging in waves of what looks to be a worldwide tech shake-up.
Meanwhile, the enforcement of the GDPR in the EU is cementing its status as a herculean work of law that finally brings much-needed regulation to the run-amok harvesting of internet users’ data and to the profit machines of ad tech surveillance.
The GDPR is literally changing the make-up of the commercial Internet. This becomes very clear, as we shall see, when comparing how much tracking is taking place on news sites in the US vs. the EU.
What most emerging privacy laws have in common is a clear settlement of responsibility: it is not up to the end-users themselves to protect their privacy – that is up to the tech companies and websites, the controllers and owners and operators.
It follows, then, that the technologies needed to bring the intentions of the privacy laws to life have to be technologies that are implemented by the website owners, not the users – GDPR software that applies to the structural changes that the GDPR is creating, not band-aid solutions of self-defense for every individual user out there.
In this article, we look at GDPR software solutions – comparing different GDPR compliance software and holding them up against the self-defense technologies that end-users employ themselves to protect their privacy on the Internet, arguing why this is not a sustainable solution.
Then, we look at the impact of the GDPR on the Internet so far through scan research of news sites in the US and EU.
Lastly, we look at the changing landscape of the Internet, gazing out into the future to glimpse its shapes to come.
Come with us . . .
So, GDPR software (or GDPR compliance software or GDPR consent tools) are solutions that enable the application of and compliance to the GDPR in general.
The GDPR has many rules and requirements for companies and organizations to abide by, and because of this, there are many different GDPR software that focus on the different clauses of provision of the law.
GDPR software range to cover different GDPR provisions such as –
An example is the GDPR’s Recital 26 that states that the principles of data protection does not apply to anonymized or pseudonymized data, which cannot be traced back to an identifiable individual. In other words, the GDPR does not concern anonymous information – e.g. for statistical or research purposes.
Examples of GDPR software that specialize in this aspect are Boxcryptor – that encrypts data from popular cloud services like Google Drive and Dropbox – and Cloud Tokenization – a SaaS security platform that “swaps sensitive data with a randomized number” so that the data becomes anonymous.
This way, companies and organizations can secure GDPR compliance in their work with sensitive personal information.
Another example is the GDPR’s requirement in Article 35 for companies to conduct data protection impact assessments, when a type of processing is likely to result in risks to the rights and freedoms of EU citizens.
GDPR software specializing in compliance with this part of the GDPR is e.g. Logicgate, who do secure data storage for protection requirements, as well as handle a company’s response to data breaches (concerning Article 33).
A third example is Article 30 of the GDPR that specifies that data controllers must maintain a record of processing activities under its responsibility, hereunder the purpose of processing, the categories of personal data processed and the recipients to whom the personal data have been or will be disclosed.
GDPR software tailored to this specific requirement is Keepabl that lets companies create data maps in order to obtain compliance with the Article 30.
Consent management tools are another essential GDPR software. If you have a website, you probably need a consent management tool for controlling the cookies and tracking in operation on it and securing proper consent from your users.
Try our free website scan and find out what cookies and tracking are in operation on your website.
Website cookies and trackers collect and process data about its users. This means that a website in the EU or a website that processes data from EU citizens (regardless of where in the world the website is located) must comply with one of the conditions for lawful processing, specified in Article 5 of the GDPR.
Consent is the first condition for processing of personal information in the GDPR, which means that websites have to obtain clear and unambiguous permission from their users before any collection and handling can take place of user data.
There are quite a lot of different GDPR consent tools for obtaining compliance in this area. Some require manual deployment on site at a company, others are cloud-based.
When choosing a consent solution for your website, you need to make sure that the solution of your choice enables valid consent. If it doesn’t, it’s not compliant. For a consent to be valid, make sure that the consent solution as a minimum…
Cookiebot is the most employed consent solution – a GDPR manager that websites around the world are using to obtain compliance with the EU GDPR, ePrivacy, and similar data legislation to secure the privacy of their end-users and avoid the steep fines that follow non-compliance.
GDPR software is a vital component in the privacy sandboxes crafting our new digital landscapes.
The Cookiebot GDPR software solution works through –
Because of these core functions of our product, some of which are pioneering and unique in the privacy industry, we are able to offer simple and real compliance to a much greater degree than most other consent solutions.
We all love technology. It improves our lives in so many ways and we are not willing to give it up. That’s why that friend who quits Facebook usually returns again shortly after.
Technology is not a trend. It shapes new digital infrastructures that are transforming how we connect, meet, speak, eat, sleep, live and die.
Most website users don’t have time or the technical skills to inform themselves of their self-defense options, which is why we’ve argued that self-defense tools (like privacy enhancing browsers or ad blockers) are not a viable solution to the structural change needed compared to GDPR privacy software.
Most users aren’t ready to ditch the technology they dis, which results in this weird limbo where users rightfully fear for their privacy yet carry on using the same technologies that instill this fear in them to begin with.
Tools that empower users to take privacy protection into their own hands are not hard to find on the Internet.
They include –
These are helpful and their intentions are good: enabling people to opt out of the pervasive tracking and data abuse abundant on the web.
The problem is that these self-defense tools don’t really push back on the tech giants, trackers and data abusers.
Instead, they push forward the idea that it is up to the users to opt out of being tracked, rather than opting in.
This goes against the notion of privacy by design in the GDPR that mandates companies to develop software that has privacy as the default setting, so that users have to opt in to marketing cookies and other tracking technologies – not opt out of them to begin with.
"The more indispensable an internet connection becomes, the less choice we have, which means we have less and less autonomy, a key element in being capable of exercising control over our lives. It’s difficult to expect someone to gain control over something they’ve never had the option to control in the first place" – Colin Horgan, writer for the tech magazine OneZero.
Not obeying the privacy by design clause in the GDPR, but letting the responsibility fall on the end-users’ shoulders to opt out of being tracked is a big problem.
It frees the tech companies from changing practice and being held accountable, when users are left to fend for themselves.
Self-defense tools are also not thorough and solid in their protection, since e.g. news sites like the New York Times explicitly bypasses “do not track” settings in browsers like Safari and Firefox.
These tools often break websites and lessen the user experience and flow on a domain, exactly because they do not discriminate based on nuanced scanning technology.
That’s why self-defense tools are only band-aid solutions – something the end-users can utilize for extra protection, but unable to constitute real, structural change.
And that is where GDPR software and compliant consent solutions come in.
Cookiebot is in the world to protect the privacy of users across the web, all over the world. We do this because we believe a free, private future of the Internet is absolutely vital to ensure, and to fight for.
Cookiebot enables the website owner to respect and protect their visitors from unwanted tracking. We do this because privacy laws are complicated and hard to understand for most website owners.
The GDPR is not to be ignored – it is literally setting the standard across the planet for how privacy protection will look like in the decade to come.
A perspective of the GDPR’s impact on the privacy landscape of the Internet becomes clear when looking at how much tracking is taking place on news sites online in the US versus the EU.
Timothy Libert, creator of the open-source tracking scanner webXray and faculty member in computer science at Carnegie Mellon University, used this tool to scan a New York Times article titled “Can An Abortion Affect Your Fertility?” in both the US and the EU.
The GDPR is changing the basis of the commercial Internet by defending privacy.
The scan revealed that in the US, the article harbored over 100 third-party cookies with nearly 50 different ad tech companies present and ready to track the article’s readers, including companies like Oracle BlueKai, who amasses massive amounts of users data into sensitive categories (such as “health conditions” and “medical terms”), which they use to offer Cambridge Analytica-like services for targeted and personalized marketing campaigns.
But the scan also revealed a second significant find: the article, when loaded inside the EU, had “only” 28 third-party cookies from 16 different ad tech companies imbedded. This is still a lot for an article that is sensitive to reveal the readers’ political convictions or medical situation.
But it also shows the significance that the GDPR is bringing to the changing landscape of the Internet.
The GDPR is literarily changing that landscape, and the technology that follows must be GDPR software that supports these structural changes.
The Internet was one thing twenty years ago, it is now another thing entirely.
The universal spark that infused the Internet of the 90s has been replaced by dense commerciality and tiered structures, where users are the commodity of the great, hidden ad tech machinery at work in the countless levels underground, sucking out their data for profit and many other unknown purposes.
Flat, open and endless: the Internet of the 1990s.
This evolution is perhaps most clearly visible when comparing Google’s original mission, formulated in the late 90s as “to organize the world’s information, making it universally accessible and useful” against the company in 2019 and its practices of behavioral advertisement and profiling – their main source of revenue that have been deemed unlawful and out-of-control by the British data protection authority ICO.
From the dream of an Internet that was equal, flat, infinite and universally democratic, we have entered a trance-like commercial Internet full of massive data abuse, breaches, misinformation and algorithmically controlled echo chambers.
Jagged, perilous and owned: the Internet of the 2010s.
From a flat, open landscape to a serrated, hazardous terrain, all users now walk with their self-defense tools in hand fending for themselves on steep cliffs and sharp rock faults, never knowing what dangerous creature might lurk in the next cave they pass, ready to devour their private, inner lives.
This is not how we at Cookiebot envision the future of the Internet.
Rather, we see clearly that the responsibility of safeguarding the ability to live private and autonomous lives rests in the hands of those who jeopardize that ability in the first place: the tech industry.
The way to think about it is that in these hazardous, uneven digital lands we live in today, it is the responsibility of governments and lawmakers to regulate and force the tech industries to change their practices. It is their responsibility to carve out of the sharp, jagged rocks new structures that can protect the users, who travel through these landscapes.
The General Data Protection Regulation does just that, and the coming ePrivacy Regulation – with its specific focus on electronic communication – will undoubtably go further.
The GDPR is unambiguous when it comes to settling the responsibility of protecting privacy – it is not up to the users themselves, but up to the website owners, operators, controllers, as well as the tech industry as a whole to develop privacy by design.
The privacy laws that are springing up all around the world mirror the GDPR. It is the website owners and tech companies who must shape a private future, not the users.
The technologies that push the Internet in the direction of privacy and autonomy, democracy and universality must then reflect these laws and the efforts they intent.
Exactly how the landscape of the Internet will come to look in ten or twenty years is very hard to say. But if we do nothing, it’s easy to imagine a landscape that is impenetrable to most, owned by few, costly and unsafe.
However, there are other possible futures for the digital lands. Cookiebot actively pushes towards these. It is in our very DNA to work towards wider, freer, safer digital plains.
Sandboxes in bloom: the Internet to come.
Ones where the hazards and inequalities have been tamed and leveled to once more reflect the early days of the terrains –flat, open and infinite.
Ones where humanity can flourish in the sandboxes of the digital.