Cookies unlimited user tracking across the web by Karsten Rendemann, cookieinformation.dk Held at EAAA on January 28th, 2016

Similar documents
Vyve Broadband Website Privacy Policy. What Information About Me Is Collected and Stored?

FLASH DELIVERY SERVICE

Privacy Policy - LuxTNT.com

BUSINESS CHICKS, INC. Privacy Policy

Measurabl, Inc. Attn: Measurabl Support 1014 W Washington St, San Diego CA,

Privacy Policy. If you have questions or complaints regarding our Privacy Policy or practices, please see Contact Us. Introduction

FOUR BLOCK FOUNDATION, INC. PRIVACY POLICY November 6, 2015

1 Which of the following questions can be answered using the goal flow report?

Privacy Policy GetYou

PRIVACY POLICY. I. Introduction. II. Information We Collect

Paladin Computers Privacy Policy Last Updated on April 26, 2006

How to set up a campaign with Admedo Premium Programmatic Advertising. Log in to the platform with your address & password at app.admedo.

Privacy Policy. This includes data you provide to other users when communicating with them on websites and games operated by TRAVIAN GAMES.

Sitecore E-Commerce OMS Cookbook

WHAT INFORMATION IS COLLECTED AT MOTOROLA.COM.VN AND/OR MOTOROLA.VN AND HOW IS IT PROCESSED AND USED?

Privacy Policy. Last Update: January 28, 2016

girlsdrivebetter.com is a trading style of Policywise Ltd, a limited liability company registered in England and Wales number

FitCause Privacy Policy

COMCAST.COM - PRIVACY STATEMENT

Privacy Statement. Privacy Practices and Feedback

Deep analysis of a modern web site

Index. AdWords, 182 AJAX Cart, 129 Attribution, 174

Google Analytics Guide

Leonardo Hotels Group Page 1

H&R Block Digital Tax Preparation, Online, and Mobile Application Privacy Practices and Principles

Cookie Policy. Introduction About Cookies

Use of cookies. 1. Directive

Privacy Policy. You can access the Privacy Policy at any time at.

1. The information we collect and how we collect it.

WEBSITE PRIVACY POLICY. Last modified 10/20/11

As you review the following Model Privacy Disclosures, keep these key points in mind:

How We Use Your Personal Information On An Afinion International Ab And Afion International And Afinion Afion Afion

Digital media glossary

PRIVACY POLICY. Introduction

SKoolAide Privacy Policy

Privacy Policy (as of )

Privacy Policy GEM Payment Services - Privacy Policy, effective 2012

Information Collected. Type of Information Collected. We may collect two general types of information when you use the Site:

Lifesize Cloud Privacy Statement

Maximum Global Business Online Privacy Statement

Cookies and Your Privacy

(BETA DRAFT)PRIVACY DISCLOSURES

All SABMiller websites, as defined in this document should have Google Analyitcs implemented as a mandatory requirement.

Privacy Policy I. THE INFORMATION WE COLLECT AND HOW WE USE IT

If you have any questions about our privacy practices, please refer to the end of this privacy policy for information on how to contact us.

Our collection of information

Infinity Call Tracking

Full and detailed technical cookies disclosure

WHITEPAPER / GOVERNMENT. Web Analytics Traffic Metrics Best Practices for Government Agencies

Zep Inc.: Global Online Privacy Notice

Getting Starting with Google Analytics. Summer Durrant IUPUI University Library Indiana Library Federation Conference November 14, 2012

Privacy Policy/Your California Privacy Rights Last Updated: May 28, 2015 Introduction

User Guide FOR TOSHIBA STORAGE PLACE

Pick and Mix Services

Privacy Policy Last Updated September 10, 2015

1.1 Personal Information is information about an identifiable individual such as your name, address, telephone number and address.

TargetingMantra Privacy Policy

The terminology used in this document is presented below: a limited company registered in Finland. BI:

Privacy Policy. MSI may collect information from you on a voluntary basis when you:

DentalTek Privacy Statement

Digital marketing services

Instructions for Configuring Your Browser Settings and Online Security FAQ s. ios8 Settings for iphone and ipad app

Ad Tech for Privacy Counsel November 5, Marc M. Groman, President & CEO Network Advertising Initiative

How we use cookies on our website

Is Your Google Analytics Data Accurate?

Johnson Controls Privacy Notice

Seashore Point Privacy Policy and Terms of Service

Curate Your Own Online Marketplace

ChangeIt Privacy Policy - Canada

Google Analytics for Robust Website Analytics. Deepika Verma, Depanwita Seal, Atul Pandey

Privacy Policy. What is Covered in This Privacy Policy. What Information Do We Collect, and How is it Used?

Opt/Net Consulting BV Privacy Policy

SmarterStats vs. Google Analytics

Evaluating the impact of research online with Google Analytics

Privacy Policy. Peeptrade LLC ( Company or We ) respect your privacy and are committed to protecting it through our compliance with this policy.

Technical Brief: Dynamic Number Insertion

Quick Start Guide. Installation and Setup

GlobePartners Limited. Privacy Policy

SILK Using the Remote Desktop Scheduler

looking beyond the last click P2C

Google Analytics Access for Bentley Employees

AMC PRIVACY POLICY INFORMATION COLLECTION

Privacy Policy. 1. Principle

PRIVACY POLICY Effective Date:, INTRODUCTION AND OVERVIEW

DISCLOSURES WEB PRIVACY POLICY

Cookie Policy. Introduction About Cookies

You can manage these cookies yourself and decide whether your computer accepts them.

Search Engine Optimisation (SEO)

About Google Analytics

HOW DOES GOOGLE ANALYTICS HELP ME?

Cookie Policy. Introduction About Cookies

Web Beacons Guidelines for Notice and Choice

Green Pharm is committed to your privacy. We disclose our information practices below and we agree to notify you of:

LinkedIn. Lead-Generation. Kim Plesner-Jacobsen, Vertic Trine Tirsgaard, Microsoft. Twitter: #SMWLinkedIn

Google Analytics Basics

Privacy Policy...1. We Respect Your Privacy...1. What information do we collect about internet users?...2

Website analytics / statistics Monitoring and analysing the impact of web marketing

Privacy Policy EMA Online

Web Analytics. FAQs MONITOR, ANALYZE, TRACK. Page 1

Google Analytics Audit. Prepared For: Xxxxx

Transcription:

Cookies unlimited user tracking across the web by Karsten Rendemann, cookieinformation.dk Held at EAAA on January 28th, 2016

References 1. Author of the Technical Guide part of Cookievejledningen 2. Advisor to DI regarding GDPA (Persondataforordningen) 3. Deliver the cookie declaration on 1,000 websites

Deliver data to many media

What is a cookie? A cookie is data (text or binary data) that is - received from a domain, - stored in the browser and - send data back to that same domain. Cookies is actually Cookies and other tracking technologies like: HTTP- and Javascript cookies, HTML5, Local Storage, Flash Local Shared Object, Silverlight Isolated Storage, web beacons, pixel tags etc. Can be loaded from any element on any page of a website - The CMS-system, scripts, photos, forms etc,

Where can I see a cookie? - even in a gif Google Chrome: Right click on mouse, Examine, Resources, Cookies 1. Name 2. Value - yes/no, a time stamp, encrypted ID 3. A domain that receive the data 4. A duration Can be connected with your IP address, where you are (GPS), who you are (via login on social media), etc.

Purposes of cookies 1 NECESSARY Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies. 2 PREFERENCES Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in. 3 STATISTICS Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously. 4 MARKETING Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

So what is a cookie declaration?

What if I look for cookies on eaaa.dk?

Different methods varying quality Google

What are data used for? - collected about users using eaaa.dk Preserves users states across page requests. Registers a unique ID that is used to generate statistical data on how the visitor uses the website. Optimises ad display based on the user's movement and various advertisers bids for displaying user ads. Used by Google AdSense to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user. Registers a unique user ID that recognises the user's browser when visiting websites that show ads from Adform. The purpose is to optimise display of ads based on the user's movement combined with the ad bids placed by various advertisers.

What are data used for? - from eaaa.dk Bevarer brugertilstand på tværs af sideforespørgsler. Who receives data? Registrerer et unikt ID, der anvendes til at føre statistik over hvordan den besøgende bruger hjemmesiden. - from eaaa.dk Optimerer visning af annoncer ud fra brugerens adfærd kombineret med forskellige annoncørers 1. bud adform.net, på at vise annoncer for brugeren.. 2. doubleclick.net 3. youtube.com Anvendes af Google AdSense til at registrere og rapportere om hjemmesidebrugerens 4. handlinger eaaa.dkefter at have set eller klikket på en af annoncørens annoncer. Formålet er at måle effekten af en annonce samt at målrette annoncer til brugeren. Registerer et unikt bruger-id, som genkender brugerens browser ved besøg på hjemmesider, der viser annoncer fra Adform. Formålet er at optimere visning af annoncer ud fra brugerens adfærd kombineret med forskellige annoncørers bud på at vise annoncer for brugeren.

Example: Let us start with a script-tag which makes it possible to track the user

The scriptet runs on all pages, sets a tracking cookie and gather information about the user

Every time the user does anything this is sent to the 3. party who can record it via a unique user ID

Information about each page URL, referrer URL, geograhy, browser and device is automatically captured.

Data about the user is recorded across ANY device and MULTIPLE websites

It is easy to track events from both ios and Android mobile applications

The user ID of each of the users devices are associated and creates an aggregated user profile

Live recording: Tracking of a user across multiple websites and multiple devices

Some makes a semantic analysis of each page url, so they know what the text is about

Each page is then analyzed to create Content Profiles with information from Tags and free text incl author, people, places, companies and sometimes combined with 3. party data

This one particular application track more than one billion (1.000.000.000) active user profiles based on more than 12 billion unique user IDs

Example user profile: Long term interests, intentions, context, key words, segments, categories and event stream

Why is this a problem? Price discrimination during on-line purchases Staples (Office supply) Women are exposed to fewer adds for high salary jobs Adds on your screen reflects what others expect that you are interested in Also at school and at your job

From script to add When you go to another website an ad tag associates to you and checks which segments you belong to.

The System respond with a list of segments.

The Ad tag sends the segment information to the ad server and finds a matching add.

Demo: How a man will see a campaign targeted to men

Demo: A woman will see an add targeted to women

Various performance data are logged

They can be used to targeted recommendations and targeted offers

Look alike modelling: How it is spread to others with the same profile as me

Data from 3. parties can be used e.g. Social Media, questionaires etc.

And then the adds can be displayed to all similar people

Syndication data sharing Many data are shared across 100s of partners Nogle af LiveRamps 200 partnere Has also cookies placed on e.g. www.digst.dk LiveRamp (Cxense subsidiary) is the leader in data connectivity, helping the world s largest brands use their data to improve customer interactions on any channel and device. LiveRamp help marketers eliminate data silos and unlock greater value from the tools they use every day. By connecting disparate marketing platforms at the data layer, we enable brands to use new generation of datadriven marketing strategies for ROI measurement, targeting, one-to-one marketing, and more. On 40% of all cities websites

How did cookies get on eaaa.dk? You ALWAYS do something yourself. Eaaa.dk line 313-323, adform script

Beware of free scripts like AddThis Free scripts often get the browser to visit various domains in the background. Up to 23 is documented. Example: Initiator: Script tag, kildetekst line number 493: http://player.qbrick.com/playerembed.js The users browser is then directed to: http://dpm.demdex.net/id?d_rtbd=json&d_ver=2&d_orgid=b58f1cfe533095470a 490D45%40AdobeOrg&d_cb=s_c_il%5B0%5D._setMarketingCloudFields From where the cookie demdex is set. Purpose: Via a unique ID used for semantic analysis of content, the users navigation on the website is registred and associated with offline data from surveys and others with the objective of delivering targetted advertising.

What does the law say? New General Data Protection Regulation (Persondataforordning) as of eof 2017 1. Data handler responsibility for 3. party cookies 2. Documentation 3. Fine - 20 mio or 4% of turn over Cookielaw (already existing) 1. Examine your website 2. Remove unwanted cookies 3. Declare cookies and get Consent

Commercial benefits

AND IT S ABOUT TRUST = PREDICTABILITY = CORRELATION BETWEEN WHAT YOU WRITE AND WHAT YOU DO TO YOU AND YOUR WEBSITE

HOW TO ACHIEVE COMPLIANCE

1 COOKIE SCREENING Identify all cookies Produce documentation Find all cookies from all 3. parties - Our scanner analyse all pages pretending to be a user in all the ways that can result in cookies being set: various screen sized, operating systems, browsers etc. Documentation Domain name of data receipient Date for screening (36% of cookies change every month) Name of each cookie Name of the 3. party that receive data Explain with the 3. party use the data for Duration of the cookie in the users browser

1 COOKIE SCREENING Identify all cookies Produce documentation 2 DECLARATION AND CONSENT Add a true Cookie Declaration Describe usage Update banner

1 COOKIE SCREENING Identify all cookies Produce documentation 2 DECLARATION AND CONSENT Add a true Cookie Declaration Describe usage Update banner Change the text on the cookie banner - Make it reflect what cookies are truly set - Before eof 2017: make it withhold 3. party cookies until consent is given

1 COOKIE SCREENING Identify all cookies Produce documentation 2 DECLARATION AND CONSENT Add a true Cookie Declaration Describe usage Update banner 3 REMOVE UNWANTED COOKIES Remove the scripts that set unwanted cookies.

1 COOKIE SCREENING Identify all cookies Produce documentation 2 DECLARATION AND CONSENT Add a true Cookie Declaration Describe usage Update banner 3 REMOVE UNWANTED COOKIES Færdig kode Alle sprog Individuelt branded 4 KEEP UPDATED Monthly 36% of all cookies change

1 COOKIE SCREENING Identify all cookies Produce documentation 2 DECLARATION AND CONSENT Add a true Cookie Declaration Describe usage Update banner 3 REMOVE UNWANTED COOKIES Færdig kode Alle sprog Individuelt branded 4 KEEP UPDATED Monthly 36% of all cookies change 5 WEB PORTFOLIO Cover all domains, subdomains and login-areas Also w/wo www, http(s)

Questions?

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information