Successfully reported this slideshow.
Unmanaged Tags
Data Protection in the Age of Mindless Proliferation
14/11/2016
Digital Analytics Meetup Berlin
Digital Analytics Meetup Berlin
So what is he talking about
§  Legal Guidelines, of limited usefulness
§  Tag Management, ...
Digital Analytics Meetup Berlin
Legal Guidelines
EU
Directives
Other
Rules
National
Laws
Digital Analytics Meetup
Seite 2
...
Digital Analytics Meetup Berlin
Digital Analytics Meetup
Seite 4
Legal Guidelines
EU Directives 
§  informed consent as gu...
Digital Analytics Meetup Berlin
Digital Analytics Meetup
Seite 5
Legal Guidelines
Laws provide guidelines
§  It tells in b...
The Problem
§  Developers are missing from that description
§  Marketers and even „webmasters“ are not necessarily tech sa...
Digital Analytics Meetup Berlin
Digital Analytics Meetup
Seite 7
Tag Management, dangers of
TMS are Javascript Injectors
§...
Digital Analytics Meetup Berlin
Digital Analytics Meetup
Seite 8
Tag Management and 3rd party tags
§  Many marketing tags ...
Digital Analytics Meetup Berlin
Digital Analytics Meetup
Seite 9
Tag Management – Stop-gap measures
Set Permissions
§  Exc...
Digital Analytics Meetup Berlin
Digital Analytics Meetup
Seite 10
Tag Management – Stop-gap measures
Browser Testing
§  St...
Digital Analytics Meetup Berlin
Digital Analytics Meetup
Seite 11
Tag Management – Stop-gap measures
Content Security poli...
Digital Analytics Meetup Berlin
Digital Analytics Meetup
Page 12
Tag Management – Stop-gap measures
Implementation of CSPs...
Digital Analytics Meetup Berlin
Digital Analytics Meetup
Seite 13
Tag Management – Stop-gap measures
Digital Analytics Meetup Berlin
Digital Analytics Meetup
Seite 14
Tag Management – Stop-gap measures
Digital Analytics Meetup Berlin
Digital Analytics Meetup
Page 15
Why do we care ?
§  Because we are fundamentally
good peo...
Digital Analytics Meetup Berlin
Digital Analytics Meetup
Page 16
Why do we care ?
§  „Every action has an equal and
opposi...
Digital Analytics Meetup Berlin
Digital Analytics Meetup
Seite 17
What do we do now ?
Transparency 
§  Brilliant example: ...
Digital Analytics Meetup Berlin
Digital Analytics Meetup
Page 18
Who am I
§  Eike Pierstorff
§  Senior Implementation Cons...
Nächste SlideShare
Wird geladen in …5
×

Unmanaged Tags - Data Protection in the Age of Mindless Proliferation

385 Aufrufe

Veröffentlicht am

Slides for my talk at the Digital AnalyMeetups in Berlin Nov 2017.

Video is here: https://www.youtube.com/watch?v=iFDiRbcmP34&feature=youtu.be&t=1h23m (unrehearsed, sp please excuse the less than graceful delivery).

Veröffentlicht in: Daten & Analysen
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

Unmanaged Tags - Data Protection in the Age of Mindless Proliferation

  1. 1. Unmanaged Tags Data Protection in the Age of Mindless Proliferation 14/11/2016 Digital Analytics Meetup Berlin
  2. 2. Digital Analytics Meetup Berlin So what is he talking about §  Legal Guidelines, of limited usefulness §  Tag Management, or, I think it would be a great idea §  Should we even care, or, of course, but why §  What do we do next, to make the world a little better Digital Analytics Meetup Seite 2
  3. 3. Digital Analytics Meetup Berlin Legal Guidelines EU Directives Other Rules National Laws Digital Analytics Meetup Seite 2 WTF?
  4. 4. Digital Analytics Meetup Berlin Digital Analytics Meetup Seite 4 Legal Guidelines EU Directives  §  informed consent as guiding principle §  not a „cookie law“ National Laws §  Bundesdatenschutzgesetz, Landesdatenschutzgesetz §  Telekommunikationsgesetz („Datensparsamkeit“) Other Regulations §  Vendors‘ terms of service §  Communiqués by privacy officers §  International agreements (e.g. Privacy Shield)
  5. 5. Digital Analytics Meetup Berlin Digital Analytics Meetup Seite 5 Legal Guidelines Laws provide guidelines §  It tells in broad terms what we can do or can‘t do §  If it‘s the same for all it puts us all on even footing But there is always a but §  Figuring out specifics might take legal counsel §  Most of these rules apply only to personally identifiable data §  But definitions are unclear and prone to change (e.g. IP-addresses might be PII or not, depending on whom you ask)
  6. 6. The Problem §  Developers are missing from that description §  Marketers and even „webmasters“ are not necessarily tech savy §  Ease of use invites abuse Digital Analytics Meetup Berlin Digital Analytics Meetup Page 6 Tag Management
  7. 7. Digital Analytics Meetup Berlin Digital Analytics Meetup Seite 7 Tag Management, dangers of TMS are Javascript Injectors §  They have been described as „XSS as a Service“ §  This is not actually funny Injected Tags run in the Page Context §  They have access to all page data (forms, cookies, user data) §  They can send data anywhere Other Problems §  Tags may break SSL encryption §  They may overwrite variables §  They may load heaps of other stuff
  8. 8. Digital Analytics Meetup Berlin Digital Analytics Meetup Seite 8 Tag Management and 3rd party tags §  Many marketing tags are container tags §  They may load other tags ... §  ... which may load other tags ... §  ... which may load even more tags ... §  (You see where this is going) §  Proliferation of tags makes control of data impossible
  9. 9. Digital Analytics Meetup Berlin Digital Analytics Meetup Seite 9 Tag Management – Stop-gap measures Set Permissions §  Exclude marketing from publishing (no offense meant) §  Let developers do vetting of tags §  Listen to them when they decline a tag Use Whitelists §  Some TMS (e.g. GTM) allow to whitelist/blacklist tags §  You should prefer whitelists §  If possible limit yourself to image tags and iframes §  But if you allow custom HTML tags and js variables you might as well not bother Kick Publishers Butts §  Why do they load 3rd party stuff anyway
  10. 10. Digital Analytics Meetup Berlin Digital Analytics Meetup Seite 10 Tag Management – Stop-gap measures Browser Testing §  Step manually through your site to see which tags are loaded §  Ghostery lists all tags that are loaded §  WASP Inspector displays dependencies between tags Continuous Testing §  Ghostery offers an (expensive) business solution §  For a homegrown solution, capture requests with a headless browser §  (Automating everything is a PITA, so mock your page with just empty HTML, a datalayer and the TMS code)
  11. 11. Digital Analytics Meetup Berlin Digital Analytics Meetup Seite 11 Tag Management – Stop-gap measures Content Security policies §  CSPs originally designed to combat XSS §  But then we know TMS are XSS as a service §  CSPs set „allowed origins“ for scripts and other ressources §  They prevent forms from being hacked, ensure SSL-encryption etc. Problems with CSPs §  No support by IE, limited support by Edge §  Notoriously difficult to manage
  12. 12. Digital Analytics Meetup Berlin Digital Analytics Meetup Page 12 Tag Management – Stop-gap measures Implementation of CSPs §  CSPs are supposed to be set as http headers §  So for full support they need to set on the server §  However some features can be set via <meta> tags §  So you can do some basic prototyping within your TMS
  13. 13. Digital Analytics Meetup Berlin Digital Analytics Meetup Seite 13 Tag Management – Stop-gap measures
  14. 14. Digital Analytics Meetup Berlin Digital Analytics Meetup Seite 14 Tag Management – Stop-gap measures
  15. 15. Digital Analytics Meetup Berlin Digital Analytics Meetup Page 15 Why do we care ? §  Because we are fundamentally good people §  Do unto others as you would have them do unto you Jesus (attr.) §  Act only according to that maxim whereby you can at the same time will that it should become a universal law without contradiction Immanuel Kant §  However in real life ethics often takes the back seat
  16. 16. Digital Analytics Meetup Berlin Digital Analytics Meetup Page 16 Why do we care ? §  „Every action has an equal and opposite reaction“ Isaac Newton §  Ex.: A single lawsuit took down Safe Harbor §  EU tightens regulations §  People are getting worried and angry §  Reaction might be very well rather disproportionate
  17. 17. Digital Analytics Meetup Berlin Digital Analytics Meetup Seite 17 What do we do now ? Transparency  §  Brilliant example: http://www.bbc.com/usingthebbc/cookies/ §  Problem: people prefer complaining over educating themselves Advocacy §  We do expert meetups. Why don‘t we do „layperson“ meetups ? §  Problem: This might be viewed as lobbyism Doing a better job §  Do more with less data §  More respect for user preferences §  Hold up our end of the bargain
  18. 18. Digital Analytics Meetup Berlin Digital Analytics Meetup Page 18 Who am I §  Eike Pierstorff §  Senior Implementation Consultant with e-dynamics §  Job: e.pierstorff@e-dynamics.de §  Casual: eike@diebesteallerzeiten.de §  Blogging about Analytics here: http://www.flesheatingarthropods.org/

×