Illustration of external services by Namogoo
There’s a hidden problem with managing personal data.
It’s that the keepers of the data aren’t just websites and apps, but the dozens — sometimes hundreds — of third-party services that also handle the data to target and track ads, manage tags, present content, provide embedded social functions and so on. And those services sometimes have their own subcontractors, who act as fourth-party services.
To help address this hidden ecosystem, Boston-based Namogoo is today launching a new service. Called GDPR Insights, it tells websites which services are running in the background, which ones are collecting and sharing personal data, what data is being sent to remote servers, the impact of that collection/sharing on site performance and so on.
The General Data Privacy Regulation (GDPR) launched in late May, and it requires sites to acquire consent for collected or shared personal data from European Union citizens. Under GDPR, publishers share responsibility for what contracted services collect and share on their sites.
Compliance and verification service The Media Trust, for instance, has said that GDPR will show publishers that they “have to be afraid of their own assets,” including the many outside services involved on their sites.
And anti-ad-blocking solutions provider PageFair contends that it is simply not possible for publishers to control this kind of data leakage to outside services.
Although Namogoo describes the collected data as PII, or personally identifiable information, it means “personal data” as used by GDPR.
Although both terms are somewhat flexible, PII is a term often used by US vendors to mean name, address, Social Security number, phone number and a few other confidential pieces of info. Personal data, on the other hand, includes PII but also can include IP address, browsing history and other non-confidential data that, when put together, could identify a single individual.
The premium service determines what data is stored in cookies, is collected/shared in the browser or is sent to remote servers. Here’s a typical screen: