End user privacy out of the box

Regarding the EU privacy regulation, one should NEVER automated collect any data that is not necessary for providing your product.
I incorporate this as basement in all of my web projects.

What about third party services?

Just avoid as much as you can, look for local developers who can if you can’t.

  • Want a webfont? Host it local on the server, dont use google font service.
  • Want a share button? Dont use Facebooks javascript snippet or even worse, a sharer service. I use my own, there are different concepts for it.
  • Want nice stats? Do serverside logging instead of javascript based unless you have the permission to. If you dont mind the precise country data you can mask the IP directly before it wents to the stats server. Opt out of google analytics and use an „on premises“ stats server.
  • Want to embedd a Youtube video? Do you know the technology of „click to play“? This is the way: make a play button and add a litte text: „Click an it connects to youtube, read our privacy policy(link to youtube paragraph)“. This is also true for stats and other fancy stuff you like to add, if it connects to a third party.
  • Want to use plugin ABC on CMS XYZ? You cant. You first need to check it for privacy flaws or other bad behaviour or if you need to add something for click to play and the privacy policy. Dont forget!

Did i mention cookies?

No. You NOT ask for cookie permissions. You ask for (third party) service connection permissions. If the connection is permitted, the cookie permission is included.

I see websites listing tons of cookies their website never uses or only on the admins when they log in. In addition to it every little web based third party is listed i know and others i never heard of. Often for features that are easily to develop with little time effort.

Did i mention to ask for a local developer (like me)? If you dont know how much time it would be, you may get an offer with a little more information on the time (5h vs 150h). Asking more then one developer costs you little more time but can take you a large step further.

List the cookies each directly to the service it belongs. Since every service gets a single permission, the related cookies are always listed beside.

What is the benefit for the website owner?

Its legal! Simple story bro. I believe that all other pages that are behaving different are always with one foot in the near of privacy flaws. You have the chance to improve your customers trust and expierience on the website. It brings an „AHA“ effect when users check that „NOW“ happens this and „THEN“ happens that.

Otherwise: A hacked third party would be more then enough and thats no fantasy plot and you would have to inform the privacy office and maybe your customers.

Discussion (No comments)

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.

2 × 1 =