Difference between revisions of "EUGDPR Home Page"

From Market Ruler Help
Jump to: navigation, search
 
(11 intermediate revisions by the same user not shown)
Line 5: Line 5:
 
To read more about the regulations, please review the [https://www.eugdpr.org/ Official EUGDPR] website.
 
To read more about the regulations, please review the [https://www.eugdpr.org/ Official EUGDPR] website.
  
== MarketRuler and EUGDPR ==
+
Review the [[Market Ruler EUGDPR Privacy Statement]], suitable for inclusion in your site's privacy statement.
 +
 
 +
== Market Ruler and EUGDPR ==
  
 
How [[EUGDPR]] regulations will affect [[Analytics|analytics]] providers is to be seen, but the law itself is largely targeted at those providers who have a presence in the '''European Union''' (specifically [[Social Media]] providers) and would be subject to sanctions for non-compliance.  
 
How [[EUGDPR]] regulations will affect [[Analytics|analytics]] providers is to be seen, but the law itself is largely targeted at those providers who have a presence in the '''European Union''' (specifically [[Social Media]] providers) and would be subject to sanctions for non-compliance.  
Line 15: Line 17:
 
Unfortunately, the burden on each individual analytics provider is fairly great. Requiring each analytics provider to receive opt-in consent when visiting a web page would ultimately make the '''user experience terrible'''; as well it would require more intensive compute resources if providers were to deliver one type of tracking for [[EU]] visitors and another type of tracking for non-[[EU]] visitors.  
 
Unfortunately, the burden on each individual analytics provider is fairly great. Requiring each analytics provider to receive opt-in consent when visiting a web page would ultimately make the '''user experience terrible'''; as well it would require more intensive compute resources if providers were to deliver one type of tracking for [[EU]] visitors and another type of tracking for non-[[EU]] visitors.  
  
From a technical perspective, the only "personally identifiable" information ConversionRuler collects (aside from '''form or action data which you may submit to us''') is the [[IP address]], which, oddly, '''must be disclosed first to any website before consent to use it is granted.'''
+
From a technical perspective, the only "personally identifiable" information ConversionRuler collects by default (aside from '''form or action data which you may submit to us''') is the [[IP address]], which, oddly, '''must be disclosed first to any website before consent to use it is granted.'''
  
So we push this burden onto each individual website and assume that your site will only install or use the ConversionRuler [[Tracking Snippets]] in adherence with the [[EU]] regulations and requiring '''consent''' from all parties who visit your site before tracking them using [[ConversionRuler]].
+
'''The determination of the [[IP address]] as personal data is still being settled in the European courts''' and has only be determined to be '''personal data''' when paired with actual personal data such as an email address or full name.
 +
 
 +
So we push this burden onto each individual website and assume that your site will only track personal data using ConversionRuler [[Tracking Snippets]] in adherence with the [[EU]] regulations and requiring '''consent''' from all parties who visit your site before tracking personal data using [[ConversionRuler]].
  
 
== Personally-identifiable Data ==
 
== Personally-identifiable Data ==
Line 25: Line 29:
 
That said, [[ConversionRuler]]'s focus for [[EUGDPR]] data will be on:
 
That said, [[ConversionRuler]]'s focus for [[EUGDPR]] data will be on:
  
* [[Action]] data, specifically '''text''' data associated with  
+
* [[Conversion Action|Action]] data, specifically '''text''' data associated with [[Conversion Action|Actions]]
  
 
== Understanding the EUGDPR ==
 
== Understanding the EUGDPR ==
 +
 +
The [[EUGDPR]] law, explained section-by-section, with how [[Market Ruler]] supports or is planning to support the new law.
  
 
=== Lawful basis of processing ===
 
=== Lawful basis of processing ===
  
 
* '''What it means''': Sites need to have a legal reason to use visitor data: Via consent (see next section), notification, performance of a contract, or legitimate interests (e.g. visitor is a customer).
 
* '''What it means''': Sites need to have a legal reason to use visitor data: Via consent (see next section), notification, performance of a contract, or legitimate interests (e.g. visitor is a customer).
* '''How MarketRuler supports this aspect of the law''': We do not support the determination of the lawful basis for processing, but leave this to customers to do prior to sending personal data to Market Ruler's systems. There are many tools which can be used to gather consent. '''Our code supports installation and opt-in-only versions which only track visitors who have granted consent to be tracked.'''
+
* '''How Market Ruler supports this aspect of the law''': We do not support the determination of the lawful basis for processing, but leave this to customers to do prior to sending personal data to Market Ruler's systems. There are many tools which can be used to gather consent. '''Our code supports installation and opt-in-only versions which only track visitors who have granted consent to be tracked.'''
 
* '''Status''': Implementation is left to individual customers.
 
* '''Status''': Implementation is left to individual customers.
  
Line 39: Line 45:
 
* '''What it means''': As outlined above, a lawful basis to process personal data is with the visitor's consent. In order for a visitor to grant consent, they must be notified and told what they are consenting to; and consent must be, by default, opt-out. In addition, consent must be granular such that a visitor can consent to receive emails, but not phone calls.  
 
* '''What it means''': As outlined above, a lawful basis to process personal data is with the visitor's consent. In order for a visitor to grant consent, they must be notified and told what they are consenting to; and consent must be, by default, opt-out. In addition, consent must be granular such that a visitor can consent to receive emails, but not phone calls.  
 
** Businesses must log evidence of what notice was given, what was consented to, and when consent was given.
 
** Businesses must log evidence of what notice was given, what was consented to, and when consent was given.
* '''How MarketRuler supports this aspect of the law''': Given the determination of the lawful basis above, [[ConversionRuler]] supports tracking ''only after consent is given'' and can also support the third-party logging of the consent using a special action once consent is given.
+
* '''How Market Ruler supports this aspect of the law''': Given the determination of the lawful basis above, [[ConversionRuler]] supports tracking ''only after consent is given'' and can also support the third-party logging of the consent using a special action once consent is given.
 
* '''Status''': Currently available [[Implementing EUGDPR in ConversionRuler|by following our guides]].
 
* '''Status''': Currently available [[Implementing EUGDPR in ConversionRuler|by following our guides]].
  
Line 45: Line 51:
  
 
* '''What it means''': Visitors should be able to withdraw their consent at any time. Withdrawing consent needs to be as easy as giving consent.
 
* '''What it means''': Visitors should be able to withdraw their consent at any time. Withdrawing consent needs to be as easy as giving consent.
* '''How MarketRuler supports this aspect of the law''': [[ConversionRuler]] suggests that individual providers link to [[ConversionRuler EUGDPR Management]] pages for their sites to enable visitors to withdraw consent and optionally anonymize or remove their personal data. These links '''will be''' available from the site's [[Snippet Installation]] page if the [[EUGDPR Setting]] is configured for your tracking site.
+
* '''How Market Ruler supports this aspect of the law''': [[ConversionRuler]] suggests that individual providers link to [[ConversionRuler EUGDPR Management]] pages for their sites to enable visitors to withdraw consent and optionally anonymize or remove their personal data. These links '''will be''' available from the site's [[Snippet Installation]] page if the [[EUGDPR Setting]] is configured for your tracking site.
* '''Status''': ''In progress.''
+
* '''Status''': [[MarketRuler Privacy Application]] enables visitors to request deletion of their data or opt-out of all future tracking.
  
 
=== Using Cookies ===
 
=== Using Cookies ===
  
 
* '''What it means''': Visitors need to be given notice that cookies are used to track them, in their native language. Consent is also required here.
 
* '''What it means''': Visitors need to be given notice that cookies are used to track them, in their native language. Consent is also required here.
* '''How MarketRuler supports this aspect of the law''': Business providers should optionally load the [[Tracking Snippets]] until consent has been given. See [[Implementing EUGDPR in ConversionRuler|the implementation guide]].
+
* '''How Market Ruler supports this aspect of the law''': Business providers should optionally load the [[Tracking Snippets]] until consent has been given. See [[Implementing EUGDPR in ConversionRuler|the implementation guide]].
 
* '''Status''': Currently available [[Implementing EUGDPR in ConversionRuler|by following our guides]].
 
* '''Status''': Currently available [[Implementing EUGDPR in ConversionRuler|by following our guides]].
  
Line 57: Line 63:
  
 
* '''What it means''': Visitors have the right to request what personally identifiable data is stored in business databases.  
 
* '''What it means''': Visitors have the right to request what personally identifiable data is stored in business databases.  
* '''How MarketRuler supports this aspect of the law''': [[ConversionRuler]] suggests that individual providers link to [[ConversionRuler EUGDPR Management]] pages which will allow for the download of data in both human and machine-readable formats.
+
* '''How Market Ruler supports this aspect of the law''': [[ConversionRuler]] suggests that individual providers link to [[ConversionRuler EUGDPR Management]] pages which will allow for the download of data in both human and machine-readable formats.
* '''Status''': ''In progress.''
+
* '''Status''': [[MarketRuler Privacy Application]] enables visitors to review and retrieve all data associated with their browser.
 +
 
  
 
=== Right of deletion ===
 
=== Right of deletion ===
  
 
* '''What it means''': Visitors have the right to request the deletion of their data from records stored in business databases. In most cases, requests must be responded to within 30 days. The right to deletion is '''not absolute''' and can depend on many factors.
 
* '''What it means''': Visitors have the right to request the deletion of their data from records stored in business databases. In most cases, requests must be responded to within 30 days. The right to deletion is '''not absolute''' and can depend on many factors.
* '''How MarketRuler supports this aspect of the law''': [[ConversionRuler]] suggests that individual providers link to [[ConversionRuler EUGDPR Management]] pages which will allow for requests for data deletion ''or'' conversion of the data to non-personally identifiable data (e.g. [[Anonymization]])
+
* '''How Market Ruler supports this aspect of the law''': [[ConversionRuler]] suggests that individual providers link to [[ConversionRuler EUGDPR Management]] pages which will allow for requests for data deletion ''or'' conversion of the data to non-personally identifiable data (e.g. [[Anonymization]])
* '''Status''': ''In progress.''
+
* '''Status''': [[MarketRuler Privacy Application]] enables visitors to request deletion of their data.
  
 
=== Right of modification ===
 
=== Right of modification ===
  
 
* '''What it means''': Visitors have the right to request the modification or correction of their data stored in business databases.  
 
* '''What it means''': Visitors have the right to request the modification or correction of their data stored in business databases.  
* '''How MarketRuler supports this aspect of the law''': [[ConversionRuler]] currently supports the searching and modification of [[Action Data]] via the [[Browse Actions]] aspect of the management tool.  
+
* '''How Market Ruler supports this aspect of the law''': [[ConversionRuler]] currently supports the searching and modification of [[Conversion Action|Action Data]] via the [[Browse Actions]] aspect of the management tool.  
 
* '''Status''': Currently supported.
 
* '''Status''': Currently supported.
  
Line 75: Line 82:
  
 
* '''What it means''': The [[GDPR]] requires a variety of data protection safeguards, from encryption of personal data when stored in databases, as well as access controls to data, and data [[Anonymization|anonymization]].  
 
* '''What it means''': The [[GDPR]] requires a variety of data protection safeguards, from encryption of personal data when stored in databases, as well as access controls to data, and data [[Anonymization|anonymization]].  
* '''How MarketRuler supports this aspect of the law''': For [[EU]] website which are already adhering the the [[GDPR]] laws - [[ConversionRuler]] ''already'' transmits user information securely to our server using best security practices.  
+
* '''How Market Ruler supports this aspect of the law''': For [[EU]] website which are already adhering the the [[GDPR]] laws - [[ConversionRuler]] ''already'' transmits user information securely to our server using best security practices.  
 
** In addition, [[ConversionRuler]] will be enhancing our security measures and the security of our data tracking as well as the security of our administrative interface.  
 
** In addition, [[ConversionRuler]] will be enhancing our security measures and the security of our data tracking as well as the security of our administrative interface.  
 
** These changes will be made in the coming year.
 
** These changes will be made in the coming year.
* '''Status''': Currently supported, and in progress.
+
* '''Status''': Currently supported.
 +
 
 +
== Supporting the EUGDPR via [[Anonymization]] ==
 +
 
 +
Businesses may opt to skip support for the [[EUGDPR]] by:
 +
 
 +
# Only tracking using [[ConversionRuler]] when consent is given by (or other lawful basis exists for) visitors
 +
# Anonymizing data prior to sending to [[ConversionRuler]]
 +
 
 +
If these steps are taken, then '''no personally-identifiable''' data is ''ever'' sent to [[ConversionRuler]] and therefore, no issues arise with '''access''', '''deletion''', or other records.
  
 
== See also ==
 
== See also ==
  
 
* [[EUGDPR]]
 
* [[EUGDPR]]
 +
* [[MarketRuler Privacy Application]]
 
* [[Implementing EUGDPR in ConversionRuler]]
 
* [[Implementing EUGDPR in ConversionRuler]]
 +
* [[Market Ruler EUGDPR Privacy Statement]]
 +
 +
[[Category:ConversionRuler]]
 +
[[Category:ConversionRuler Features]]
 +
[[Category:Privacy]]

Latest revision as of 15:30, 26 June 2018

The EUGDPR regulation begins enforcement among software providers starting May 25, 2018.

ConversionRuler is committed to supporting and providing tools to enable our customers to adhere to the EUGDPR regulations.

To read more about the regulations, please review the Official EUGDPR website.

Review the Market Ruler EUGDPR Privacy Statement, suitable for inclusion in your site's privacy statement.

Market Ruler and EUGDPR

How EUGDPR regulations will affect analytics providers is to be seen, but the law itself is largely targeted at those providers who have a presence in the European Union (specifically Social Media providers) and would be subject to sanctions for non-compliance.

Market Ruler, LLC is based in the United States; and we do wish to support the law in the most comprehensive way possible.

The ConversionRuler data we collect ultimately belongs to our customers; we currently do not harvest, manipulate, collate, or publish it in any way.

Unfortunately, the burden on each individual analytics provider is fairly great. Requiring each analytics provider to receive opt-in consent when visiting a web page would ultimately make the user experience terrible; as well it would require more intensive compute resources if providers were to deliver one type of tracking for EU visitors and another type of tracking for non-EU visitors.

From a technical perspective, the only "personally identifiable" information ConversionRuler collects by default (aside from form or action data which you may submit to us) is the IP address, which, oddly, must be disclosed first to any website before consent to use it is granted.

The determination of the IP address as personal data is still being settled in the European courts and has only be determined to be personal data when paired with actual personal data such as an email address or full name.

So we push this burden onto each individual website and assume that your site will only track personal data using ConversionRuler Tracking Snippets in adherence with the EU regulations and requiring consent from all parties who visit your site before tracking personal data using ConversionRuler.

Personally-identifiable Data

The EUGDPR is focused on what is known as Personally Identifiable Data, that is, data which can identify an individual. Unfortunately, the law is still not clear on whether they consider IP addresses as personally-identifiable (see this news article on WhiteCase.com from December 2016. What that court case does identify, however, is that IP addresses in conjunction with personally-identifiable data (such as name, email addresses and phone numbers) is considered personally identifiable.

That said, ConversionRuler's focus for EUGDPR data will be on:

Understanding the EUGDPR

The EUGDPR law, explained section-by-section, with how Market Ruler supports or is planning to support the new law.

Lawful basis of processing

  • What it means: Sites need to have a legal reason to use visitor data: Via consent (see next section), notification, performance of a contract, or legitimate interests (e.g. visitor is a customer).
  • How Market Ruler supports this aspect of the law: We do not support the determination of the lawful basis for processing, but leave this to customers to do prior to sending personal data to Market Ruler's systems. There are many tools which can be used to gather consent. Our code supports installation and opt-in-only versions which only track visitors who have granted consent to be tracked.
  • Status: Implementation is left to individual customers.

Consent

  • What it means: As outlined above, a lawful basis to process personal data is with the visitor's consent. In order for a visitor to grant consent, they must be notified and told what they are consenting to; and consent must be, by default, opt-out. In addition, consent must be granular such that a visitor can consent to receive emails, but not phone calls.
    • Businesses must log evidence of what notice was given, what was consented to, and when consent was given.
  • How Market Ruler supports this aspect of the law: Given the determination of the lawful basis above, ConversionRuler supports tracking only after consent is given and can also support the third-party logging of the consent using a special action once consent is given.
  • Status: Currently available by following our guides.

Withdrawal of consent

  • What it means: Visitors should be able to withdraw their consent at any time. Withdrawing consent needs to be as easy as giving consent.
  • How Market Ruler supports this aspect of the law: ConversionRuler suggests that individual providers link to ConversionRuler EUGDPR Management pages for their sites to enable visitors to withdraw consent and optionally anonymize or remove their personal data. These links will be available from the site's Snippet Installation page if the EUGDPR Setting is configured for your tracking site.
  • Status: MarketRuler Privacy Application enables visitors to request deletion of their data or opt-out of all future tracking.

Using Cookies

  • What it means: Visitors need to be given notice that cookies are used to track them, in their native language. Consent is also required here.
  • How Market Ruler supports this aspect of the law: Business providers should optionally load the Tracking Snippets until consent has been given. See the implementation guide.
  • Status: Currently available by following our guides.

Right of access

  • What it means: Visitors have the right to request what personally identifiable data is stored in business databases.
  • How Market Ruler supports this aspect of the law: ConversionRuler suggests that individual providers link to ConversionRuler EUGDPR Management pages which will allow for the download of data in both human and machine-readable formats.
  • Status: MarketRuler Privacy Application enables visitors to review and retrieve all data associated with their browser.


Right of deletion

  • What it means: Visitors have the right to request the deletion of their data from records stored in business databases. In most cases, requests must be responded to within 30 days. The right to deletion is not absolute and can depend on many factors.
  • How Market Ruler supports this aspect of the law: ConversionRuler suggests that individual providers link to ConversionRuler EUGDPR Management pages which will allow for requests for data deletion or conversion of the data to non-personally identifiable data (e.g. Anonymization)
  • Status: MarketRuler Privacy Application enables visitors to request deletion of their data.

Right of modification

  • What it means: Visitors have the right to request the modification or correction of their data stored in business databases.
  • How Market Ruler supports this aspect of the law: ConversionRuler currently supports the searching and modification of Action Data via the Browse Actions aspect of the management tool.
  • Status: Currently supported.

Security Requirements

  • What it means: The GDPR requires a variety of data protection safeguards, from encryption of personal data when stored in databases, as well as access controls to data, and data anonymization.
  • How Market Ruler supports this aspect of the law: For EU website which are already adhering the the GDPR laws - ConversionRuler already transmits user information securely to our server using best security practices.
    • In addition, ConversionRuler will be enhancing our security measures and the security of our data tracking as well as the security of our administrative interface.
    • These changes will be made in the coming year.
  • Status: Currently supported.

Supporting the EUGDPR via Anonymization

Businesses may opt to skip support for the EUGDPR by:

  1. Only tracking using ConversionRuler when consent is given by (or other lawful basis exists for) visitors
  2. Anonymizing data prior to sending to ConversionRuler

If these steps are taken, then no personally-identifiable data is ever sent to ConversionRuler and therefore, no issues arise with access, deletion, or other records.

See also