Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Unmanaged Tags - Data Protection in the Age of Mindless Proliferation

532 Aufrufe

Veröffentlicht am

Slides for my talk at the Digital AnalyMeetups in Berlin Nov 2017.

Video is here: https://www.youtube.com/watch?v=iFDiRbcmP34&feature=youtu.be&t=1h23m (unrehearsed, sp please excuse the less than graceful delivery).

Veröffentlicht in: Daten & Analysen
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

Unmanaged Tags - Data Protection in the Age of Mindless Proliferation

  1. 1. Unmanaged Tags Data Protection in the Age of Mindless Proliferation 14/11/2016 Digital Analytics Meetup Berlin
  2. 2. Digital Analytics Meetup Berlin So what is he talking about §  Legal Guidelines, of limited usefulness §  Tag Management, or, I think it would be a great idea §  Should we even care, or, of course, but why §  What do we do next, to make the world a little better Digital Analytics Meetup Seite 2
  3. 3. Digital Analytics Meetup Berlin Legal Guidelines EU Directives Other Rules National Laws Digital Analytics Meetup Seite 2 WTF?
  4. 4. Digital Analytics Meetup Berlin Digital Analytics Meetup Seite 4 Legal Guidelines EU Directives  §  informed consent as guiding principle §  not a „cookie law“ National Laws §  Bundesdatenschutzgesetz, Landesdatenschutzgesetz §  Telekommunikationsgesetz („Datensparsamkeit“) Other Regulations §  Vendors‘ terms of service §  Communiqués by privacy officers §  International agreements (e.g. Privacy Shield)
  5. 5. Digital Analytics Meetup Berlin Digital Analytics Meetup Seite 5 Legal Guidelines Laws provide guidelines §  It tells in broad terms what we can do or can‘t do §  If it‘s the same for all it puts us all on even footing But there is always a but §  Figuring out specifics might take legal counsel §  Most of these rules apply only to personally identifiable data §  But definitions are unclear and prone to change (e.g. IP-addresses might be PII or not, depending on whom you ask)
  6. 6. The Problem §  Developers are missing from that description §  Marketers and even „webmasters“ are not necessarily tech savy §  Ease of use invites abuse Digital Analytics Meetup Berlin Digital Analytics Meetup Page 6 Tag Management
  7. 7. Digital Analytics Meetup Berlin Digital Analytics Meetup Seite 7 Tag Management, dangers of TMS are Javascript Injectors §  They have been described as „XSS as a Service“ §  This is not actually funny Injected Tags run in the Page Context §  They have access to all page data (forms, cookies, user data) §  They can send data anywhere Other Problems §  Tags may break SSL encryption §  They may overwrite variables §  They may load heaps of other stuff
  8. 8. Digital Analytics Meetup Berlin Digital Analytics Meetup Seite 8 Tag Management and 3rd party tags §  Many marketing tags are container tags §  They may load other tags ... §  ... which may load other tags ... §  ... which may load even more tags ... §  (You see where this is going) §  Proliferation of tags makes control of data impossible
  9. 9. Digital Analytics Meetup Berlin Digital Analytics Meetup Seite 9 Tag Management – Stop-gap measures Set Permissions §  Exclude marketing from publishing (no offense meant) §  Let developers do vetting of tags §  Listen to them when they decline a tag Use Whitelists §  Some TMS (e.g. GTM) allow to whitelist/blacklist tags §  You should prefer whitelists §  If possible limit yourself to image tags and iframes §  But if you allow custom HTML tags and js variables you might as well not bother Kick Publishers Butts §  Why do they load 3rd party stuff anyway
  10. 10. Digital Analytics Meetup Berlin Digital Analytics Meetup Seite 10 Tag Management – Stop-gap measures Browser Testing §  Step manually through your site to see which tags are loaded §  Ghostery lists all tags that are loaded §  WASP Inspector displays dependencies between tags Continuous Testing §  Ghostery offers an (expensive) business solution §  For a homegrown solution, capture requests with a headless browser §  (Automating everything is a PITA, so mock your page with just empty HTML, a datalayer and the TMS code)
  11. 11. Digital Analytics Meetup Berlin Digital Analytics Meetup Seite 11 Tag Management – Stop-gap measures Content Security policies §  CSPs originally designed to combat XSS §  But then we know TMS are XSS as a service §  CSPs set „allowed origins“ for scripts and other ressources §  They prevent forms from being hacked, ensure SSL-encryption etc. Problems with CSPs §  No support by IE, limited support by Edge §  Notoriously difficult to manage
  12. 12. Digital Analytics Meetup Berlin Digital Analytics Meetup Page 12 Tag Management – Stop-gap measures Implementation of CSPs §  CSPs are supposed to be set as http headers §  So for full support they need to set on the server §  However some features can be set via <meta> tags §  So you can do some basic prototyping within your TMS
  13. 13. Digital Analytics Meetup Berlin Digital Analytics Meetup Seite 13 Tag Management – Stop-gap measures
  14. 14. Digital Analytics Meetup Berlin Digital Analytics Meetup Seite 14 Tag Management – Stop-gap measures
  15. 15. Digital Analytics Meetup Berlin Digital Analytics Meetup Page 15 Why do we care ? §  Because we are fundamentally good people §  Do unto others as you would have them do unto you Jesus (attr.) §  Act only according to that maxim whereby you can at the same time will that it should become a universal law without contradiction Immanuel Kant §  However in real life ethics often takes the back seat
  16. 16. Digital Analytics Meetup Berlin Digital Analytics Meetup Page 16 Why do we care ? §  „Every action has an equal and opposite reaction“ Isaac Newton §  Ex.: A single lawsuit took down Safe Harbor §  EU tightens regulations §  People are getting worried and angry §  Reaction might be very well rather disproportionate
  17. 17. Digital Analytics Meetup Berlin Digital Analytics Meetup Seite 17 What do we do now ? Transparency  §  Brilliant example: http://www.bbc.com/usingthebbc/cookies/ §  Problem: people prefer complaining over educating themselves Advocacy §  We do expert meetups. Why don‘t we do „layperson“ meetups ? §  Problem: This might be viewed as lobbyism Doing a better job §  Do more with less data §  More respect for user preferences §  Hold up our end of the bargain
  18. 18. Digital Analytics Meetup Berlin Digital Analytics Meetup Page 18 Who am I §  Eike Pierstorff §  Senior Implementation Consultant with e-dynamics §  Job: e.pierstorff@e-dynamics.de §  Casual: eike@diebesteallerzeiten.de §  Blogging about Analytics here: http://www.flesheatingarthropods.org/

×