Why becoming aware of 3rd parties on your site may influence the future of your business. A conversation you should have with yourself that leads you to self-inspect your site and take action based on new knowledge.
The easy-peasy-question to answer
If you ask yourself
do I have 3rd parties my site?
would you say "yes"?
You would probably say:
yes, I guess that is very likely.
The not-so-easy-question to answer
If you also ask yourself
can I name all the 3rd parties running on my site?
would you then be able to name all the 3rd parties?
You may believe you could.
In fact you would often be able to name only a handful.
So, you might correctly say
no, I guess that is not likely
Why?
There’s a bunch of reasons why. I'll mention a few:
- To begin with, you may use multiple 3rd parties on your site to add functionality to your site. Examples include web analytics, campaign analytics, audience measurement, personalization, ad servers, retargeting, and conversion tracking, etc. The Lumascapes charts can give you an idea about which 3rd parties that run on websites (the charts group 3rd parties into categories such as marketing, content marketing etc). Additionally, sites often use a tag management system to help integrate 3rd parties into and manage them on the site.
- Next, your organisation or your outsourced IT service has no control of who allows 3rd parties on your site while you have no unified overview of all 3rd parties on your site.
- Moreover, many 3rd parties allowed on your site often pull in other 3rd parties on your site.
- As well, 3rd parties may appear on your site triggered by specific events since 3rd parties can pop up based on the individual profile of your site visitors and/or based on the location from which your site visitors interact.
The complicated-question to answer
If you additionally ask yourself
which IFrames, tracking pixels, scripts and cookies does each 3rd party place on my site and where on my site?
then you would probably say
I'm clueless.
The over-complicated-question to answer
If you also ask yourself
what are the 3rd party tracking pixels, scripts, cookies etc doing on my site?
then you would possibly say
how can I possibly be aware?
The possible-to-answer-question
On top of these questions, you baffle yourself by asking
do the 3rd parties collect personal data from my site visitors (when they visit my site)?
then you would in all likelihood say that
maybe. The 3rd parties probably see at least the IP address of my site visitors.
Is ignorance bliss?
You may think
should I be largely ignorant to seek answers to such bewildering questions?
Or you may think
which reasons are so important that I should become aware of which 3rd parties that are on my site?
Reasons to combat ignorance
A few important reasons that justify you becoming aware of 3rd parties on your site are, to name a few:
- requirements in data protection laws
- you leak data to competitors
- you risk damage to your reputation
- you risk add fraud
How to?
Signatu has developed Trackerdetect (which is a self-serviced cloud service) that helps you detect and monitor 3rd parties on your site.
Trackerdetect is used by site owners, Data Protection Officers, legal counsel, lawyers, consultants etc working with data protection, data leakage and brand reputation.
Other blogposts on Trackerdetect
In other blogposts about Trackerdetect on
- Oh heck, do I have a lot of 3rd parties on my website?
- Keep a record of all 3rd parties on websites?
- Inform about all 3rd parties on websites in Privacy Policy?
- Inform about 3rd parties on websites in Access Request response?
- Notify 3rd parties on websites of site visitors' request to exercise rights?
- Classify 3rd parties on websites as Controllers, Processors etc?
- Assess risk of having 3rd parties on websites?
- Internal policies for having 3rd parties on websites?
- Is having unauthorised 3rd parties on a website a personal data breach?
- Must I have a tool to identify and record 3rd parties on my website?
we have explained reasons why you should become aware of 3rd parties on your site and how Trackerdetect automatically detects and builds a record of 3rd parties that are on your website to
- help you meet the record keeping requirements in GDPR Article 30.1.
- help you meet the information and transparency requirements in GDPR Article 13.
- help you respond to your website visitor's Access Request in GDPR Article 15.
- equip you with their contact details so you can communicate to those 3rd parties that your website visitor requests to exercise his/her right.
- enable you to classify 3rd parties to determine whether or not you are required to enter into an agreement with the detected 3rd parties, as required in GDPR (data processing agreement (GDPR Article 28), joint controller agreement (GDPR Article 26), controller to controller agreement).
- help you identify all 3rd parties on your website so that you can assess whether your website-3rd parties' processing operations pose risks to the rights and freedoms of your website visitors and whether a DPIA is necessary, in accordance with GDPR.
- help you understand how 3rd parties appear on your website so that you can adopt internal data protection policies for having 3rd parties on your website, as required by GDPR Article 24.
- help you to identify whether unauthorised disclosure of your website visitors’ personal data have occurred and whether you need to notify the personal data breach to the supervisory authority and your website visitors.
- help you to be able to demonstrate that you have the technological measures to detect and record 3rd parties on websites, as required by the GDPR Articles 24.1, 30.1(d) and Recital 87.
Reach out to us
If you have an interest in Trackerdetect, please send us an email to hello@signatu.com.