GDPR and Browser Fingerprinting Turn the Table for Web Trackers
General Data Protection Regulation (GDPR) gives consumers control of their personal data. GDPR and browser fingerprinting do not seem to be on the same page. Thanks to cookies becoming more conspicuous, companies are with the Hobson’s choice of fingerprinting appear to be a hard nut to crack. It is dubious and arduous to alter the browser: websites apply tracking technique without detection, and it is painstaking to modify browsers.
Fingerprinting implies tracking people; consider the analogy of a crime scene. Bulk fingerprints are taken at the crime scene to match against a fingerprint database in order to track down the culprit. Browser fingerprinting is also very much similar to this. In both types of fingerprinting, the identity of the people is unknown. It will undoubtedly unravel the same person performing different activities.
Suggested Read: The GDPR: Challenges and Solutions
By Ozan Karaduman, Partner, Gün + Partners
Browser fingerprinting keeps an eagle eye on users, though the users might not put up with it. Companies should have a valid and ethical reason to process personal data; every company processing personal data must have a legitimate reason to do so. They should abide by the law taking “legitimate interest” into consideration. The concept of legitimate interest is framed as a settlement between privacy advocates and business interests.
The Article 5(3) of the ePrivacy directive mandates companies to initially get the consent of users. The logic behind fingerprinting is to keep transparency and accountability at arm’s length and make tracking undoable to control. Fingerprinting robs people of transparency and privacy. The term coined “legitimate interest” sounds nebulous. Data protection is the need of the hour. To get away with the punishment, fingerprinting companies should be upfront about the practices.
You may like: Getting to grips with GDPR
By Nicole Vreeman, Risk Advisory Manager, Deloitte and Annika Sponselee, Partner, Head of privacy team, Deloitte