05/2019 Tracking Cookies - Currently still illegal!
• The banners show an overview of all processing operations requiring consent, which can be explained and activated in function.
• Access to privacy and imprint may not be prevented by cookie banners.
• Before and while the banner is being displayed all further scripts from a website or web app are blocked if they can potentially capture user data. Only after approval, the data processing may actually take place.
• A consent must be revocable as simple as possible.
As of late Cookie banners have been appearing almost everywhere. For most of the time they cover the content when visiting a website and require an "accept" or "ok". This could be seen as a direct implication of the General Data Protection Regulation which was released at the end of May 2018. Accordingly, this task should first have been taken over by the European E-Privacy Regulation, which still does not exist. Thus, shortly before the entry into force of the GDPR, a position paper was published which required explicit consent of users regarding site tracking mechanisms. Through creating a user profile these mechanisms are able to track the behavior of people on the internet. According to the position paper the informed consent must "be obtained in the form of a statement or other clearly confirming act before the data processing"(https://www.ldi.nrw.de/mainmenu_Datenschutz/submenu_Technik/Inhalt/TechnikundOrganisation/Inhalt/Zur-Anwendbarkeit-des-TMG-fuer-nicht-oeffentliche-Stellen-ab-dem-25_-Mai-2018/Positionsbestimmung-TMG.pdf). From the beginning this special route of consent solution was very controversial.
By examining 40 websites of larger providers in early 2019, the Bavarian data protection authority found out that not one provider meets all the strict requirements. Many of the currently displayed banners are clearly unlawful. Especially the missing option of rejecting cookie usage is a common problem. In addition, operators must present the processing of data to users in a transparent and comprehensible manner. In addition to a listing of the individual forms of processing, the function of a specific consent to individual forms of data processing is often absent. Only then will it be possible for users to make decisions with the complete knowledge of the specific situation and to understand the scope of the consent. It has to be acknowledged that in specific cases, the interest of the website provider has to be weighted with the interest and the fundamental rights and freedoms of the individual user. Even after a year, there is still much legal uncertainty in this area.
04/2019 Copyright reform – What you should know
The Internet is no longer unknown territory. This basic consensus also prevailed in the European Parliament as it initiated the negotiations on a copyright reform. Now a decision has been made. On the final vote for the copyright reform 19 states voted in favor, six against and three abstained. As a conclusion the EU member states collectively approved the copyright reform.
Through the reform authors of texts, pictures and videos should be better protected and fair payment should be ensured. The intention is to balance the claims of right-holders on one hand and users and online providers on the other hand.
The package contains a total of 23 articles, two of those are highly controversial: Article 15 (formerly 11) and Article 17 (formerly 13):
- Article 11/15 – also known as ancillary copyright for publishers – is intended to establish a so-called ancillary copyright law which prohibits the use of protected works or parts of them without the consent of the authors. So all of those, who want to use the smallest excerpts of journalistic content on the web, need the publisher's license.
- Article 13/17 explicitly deals with user-generated content and thus with all websites where internet users can upload something. The article intends that these websites are forced to review any uploaded content for copyright infringement or to authorize them. In order to meet the simple abundance of content with software, it is feared that an upload filter must be introduced.
- Exceptions apply to platforms that are less than three years old or gain a maximum of 10 million € per year.
- In the protocol statement of the vote the Federal Government promises to interpret the definition of affected platforms in such way that Article 17 applies only to market-dominant platforms such as YouTube or Facebook.
It is still unclear how the requirements of copyright reform can be transposed into national law. It will take some time until the users will feel the change as the members of the EU have two years to implement them.
02/2019 – Two Factor Authentication
Again and again, millions of users are affected by security vulnerabilities. Two factor authentication can help to reduce the occurrence of identity theft, phishing attacks or other online scams. Because even if the password was cracked, hackers can be locked out and sensitive data is protected.
The proof of identity of the user is determined by a combination of two independent components, which must be used correctly. The three most common factors are usually specified as something that you know (Pin code) you have (bank card, physical key) and that you are (fingerprint, human voice). The combination does not necessarily have to consist of factors of different categories, but these must never be stored in the same place. Most often, one of the features is a physical token, while the other one is such as a security code, for example the combination bank card - PIN.
On secure computers it can be set to be asked for the code only the first time, for example at home on your PC or laptop. For sensitive accounts we recommend at least to establish the two factor authentication and thus to increase the protection of your data significantly.
01/2019 – Static vs. dynamic website - which one is the right for your company?
Static or dynamic website? That's the basic question your company has to face when creating the own website. However, there is no general answer for better use, both solutions have their advantages and disadvantages, the input has to be weighed up from project to project.
On static websites, a HTML document is technically presented on the web server, which is written and designed like a kind of prospect.
- No special technical requirements,
- requires no database connections,
- low and fast creation effort,
- cost-saving creation,
- low running costs,
- low memory capacity.
- Usually, content can only be changed with the appropriate knowledge or software and requires a lot of time,
- the larger the pages, the more confusing the source code.
→ Target group: If you only plan a small website that has to be updated irregularly, a static website is sufficient – for example a simple web business card with address and opening hours.
Dynamic websites communicate with the server and are actively generated at the moment of their request.
- Flexibility: Content can easily be expanded online without special knowledge and software,
- Individuality: Content and design can be changed independently,
- Multi-user operation: Multiple users are responsible for different parts of the website,
- easy design of multilingual websites,
- current content will be found by search engines.
- Higher overhead, because servers and possibly database required,
- higher startup costs,
- higher running costs,
- larger storage space requirement.
→ Target group: Who plans a larger webiste, which should be maintained continuously with current content, such as search queries, ordering systems or form.
We would be happy to help you personally to find the ideal solution for your company.
10/2018 – Informational self-determination – the concept of decentralisation as an alternative to powerful data gathering companies
Maintaining a complex social network if hardly no one uses it and recently revealed a tremendous security breach? For the technology giant Google this is no longer up for discussion. In ten months, in August next year, the plug will be pulled. Googles in-house social network is going to be shut down. Google+ users will still be able to download their stored data and transfer them to other platforms.
But what are the alternatives? A switch to Facebook or other data gathering companies, platforms that earn money with our data and – using the example of Facebook – cannot even guarantee safekeeping for it? The question should rather be if we would like to leave our data to private companies. Anyone who refuses to do so, anyone who would like to regain control and responsibility over their own data and counteract a cultural constriction, currently has only one concrete option: open-source based networks. The data can be stored at home on your own computer or at a trusted provider. The advantages are obvious: Control of a video, for example, is completely retained – it can be removed at any time. And anyone who wants can even control who is allowed to see it. This of course applies to all types of data – texts, information and photos.
We present you two alternatives that set an uncommercial concept against the authoritarian-organized social networks.
Since 2010 diaspora* has offered its users the option to set up local servers anywhere in the world or to join existing servers. Decentralization is the keyword here – however it is still possible to connect seamlessly with the global community. In addition, the network offers its users the freedom to modify the source code and thus the possibilities of use and to adapt it to their own use. Just like the profile itself. Creativity can be given free rein, the real identity does not have to be used. The data are also not used to make money by evaluating interaction and advertising based on it, only for the possibility of global networking and user interaction. The user can specifically allow who can see posts and who cannot. As a result of individual privacy control, it is up to the user how private or public his profile may be. Even if your own contacts are not yet represented on diaspora*, your own account can be linked to other social networks and an extensive network can take place. More information about diaspora* is available at https://diasporafoundation.org/.
Mastodon is also an open source network that exists since 2016. As with diaspora*, there is no central server here, but a multitude of private ones, which are merged into a large network. Similar to Twitter, there is a limit of 500 characters for texts. Again, the user comes to the fore, there is no collection of data, no commercial use. A little insight and further information can be found at https://mastodon.social/about.
Curious? There are currently 23 projects at https://the-federation.info/, including diaspora* and mastodon, which are based on decentralized open-source software. Nodes connect these individual projects, allowing them to communicate with each other. Anyone who wants to reinvent and shape their right to informal self-determination has to be right here.