TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Privacy Tech | New website scanning, cookie compliance tool for IAPP members Related reading: Op-Ed: Australian businesses need a culture shift around privacy

rss_feed
Webcon_PA_300x250_ad_November_2017-ThomsonReuters_use
iapp-privacycore
GDPR-Ready_300x250-Ad

In a continued build-out of the IAPP-OneTrust platform of privacy tools, we are releasing today the new IAPP-OneTrust Website Scanning and Cookie Compliance Tool. It is freely available for IAPP members and is as of today available in the sidebar and on the welcome screen if you’re already a user of the IAPP-OneTrust platform, alongside the GDPR/data transfer readiness assessment tool and the PIA automation tool.

People attending the sold-out Data Protection Intensive in London this week will be able to get demonstrations of its abilities on the exhibit floor.

Leveraging the technology OneTrust acquired with U.K. firm Optanon back in September, the Website Scanning and Cookie Compliance Tool allows users to input any website for scanning and quickly get a detailed dashboard readout of cookies, tags, forms, and policies contained on the site. Further, it then allows users to create a bespoke cookie notice, attendant cookie policy language, and a visitor preferences center where users can manage their cookie preferences as they visit the site. Privacy pros just have to take the code and walk it over to the web team, where they can quickly update their site.

“Privacy professionals can use this to inform them about what cookies they have on their site,” said Richard Beaumont, CIPM, product manager at OneTrust and the developer of the scanning technology while he was a Optanon. “But it’s also part of a governance program. Should we have these still? Should we be removing them?” Organizations can now get quick insight into what’s on their site, which sometimes can be surprising or a stark reminder.

Nor does the tool only identify cookies. It flags forms that it thinks might be collecting personal information, tracking tags, and anything that looks like a privacy policy or notice of some kind. “When we find a form on the web site, we look at the qualities of the form in terms of what data it’s looking to capture from the visitor,” Beaumont said. “Then we make a judgment call, based on the names of the fields or the labels to say whether we think that’s personal data or not.” Eventually, this will also be hooked into OneTrust’s data mapping capabilities to be automatically cataloged and sorted.

The tool is essentially a robot that simulates a real user browsing the web site via Firefox’s browser.

The tool is essentially a robot that simulates a real user browsing the web site via Firefox’s browser. Then it visits the pages — the default is to go 1,000 pages deep — and sorts out what it finds. “It’s all publicly available data,” Beaumont said. “Really, it’s not that different from Google’s bot coming in and scanning your site.”

You can also target certain subdomains or folders, which enables you to drill down into your site as far as you’d like. It’s also designed to dedupe links, recognize when pages are essentially built on the same template and group them, and avoid replicating the same information if it’s not instructive or useful.

Privacy pros can then take the information compiled by the scanning tool and make sure that what they find is reflected in their privacy policy and notice, and use the tool, if they’d like, to create a new cookie notice (both a banner and text notice) and a portal with which users can manage their cookie preferences.

Having created the technology to respond to the ePrivacy Directive, Beaumont noted that it’s “used on thousands of websites and with millions of impressions,” so the technology is well veted and mature. “With the volatility based on the newly drafted ePrivacy Regulation, the aggressive implementation timelines proposed in the regulation, and the potential dramatic fines of 4 percent of global turnover,” he said, “it’s more important than ever that the global privacy community have access to tools to help them prepare and educate their internal teams.”

Comments

If you want to comment on this post, you need to login.