Data sharing can bring many benefits to users, but it also comes with its own set of problems. Two of the main issues are privacy and security.

Data Sharing Principles:

  • Everyone should be able to access the data they need.

  • There should be no barriers preventing people from getting that data.

  • Data should be organized and structured so that anyone can access, understand, and use it easily.

Privacy and Security Conflict:

  • Privacy involves giving people control over their personal information.

  • Security involves protecting it from unauthorized access.

Privacy and security standards are enforced through regulations such as the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the United States.

Key Strategies: Managing privacy and security risks can be achieved by implementing some key strategies. To protect personal information, it is important to invest in proper documentation and establish clear agreements for data sharing. Additionally, implementing access controls and adhering to data minimization practices can help mitigate security risks and ensure the security of confidential information.

A. Privacy When sharing our personally identifiable information, it is natural to want to keep it private. Privacy involves having control over what information is shared, with whom, and why.

Purpose Limitation:

  • Process personal information for specific, explicit, and legitimate purposes.

  • Communicate these purposes to the data subject before collecting the data.

Data Sharing Agreements: The solution is data sharing agreements in which personally identifiable information is identified and marked as such in the database. The purpose for which it was collected and the specific use to be made of it must then be specified.

Context Enrichment: Enriching each field of the identification data with the appropriate context ensures that everyone is aware of its purpose. This way, various teams accessing the data can legally use it according to the purpose limitation principle.

B. Security: Security refers to measures implemented to protect personal information. Data needs protection against unauthorized access, use, disclosure, disruption, modification, or destruction. One of the most important security rules of the GDPR is the principle of integrity, which states that personal data must be protected against unauthorized access, alteration, or destruction.

Access Control and Data Minimization: The more people have access to the data, the more opportunities there will be for unauthorized persons to access it. The solution is access control and data minimization, meaning that when it comes to sharing data, we strive to strike the right balance between access and security.

Access Controls: Access controls involve ensuring that only the right people have access to the data. This can include elements such as setting up user roles with different levels of access, using authentication methods like passwords, and monitoring who accesses the data and when.

Data Minimization: Data minimization is about keeping the amount of shared data to a minimum. By sharing only the essential data, you can minimize the amount of information circulating.


Understanding Cookies and Their Impact on Data Exchange

Everyone has seen website banners asking if they allow or deny cookies in their browser. But what does this mean exactly, and what are these cookies? Cookies are essential for the modern Internet experience, being a necessary part of web navigation and helping web developers provide a more personalized and convenient website visit.

In summary, cookies allow websites to remember your logins, shopping carts, and more. However, they can also be a treasure trove of private information and a serious vulnerability to your privacy, as they are text files with small pieces of data, such as a username and password, used to identify your device when you browse the Internet. Specific cookies are used to identify specific users and enhance the web browsing experience.

Due to the European Union's General Data Protection Regulation (GDPR), many websites must now request permission to use certain cookies with your browser and provide information on how those cookies will be used.

The data stored in a cookie is created by the server when connected. This data is tagged with a unique identification for you and your device. When the cookie is exchanged between your device and the network server, the server reads the identification and knows what information to provide specifically for each session.

A "session" is the term used to define the amount of time you spend on a site. During this time, the web server sends a brief stream of identification information to your web browser in the form of cookies. The web browser stores them locally to remember the data that identifies you. Thus, when you return to the website, the web browser returns the cookie data to the website's server, and the retrieval of your data generated and collected in previous sessions is triggered.

This optimizes the internet browsing experience. Without cookies, you would have to log in each time you leave a site or refill your shopping cart if you accidentally close the page.

To be more concise, cookies are intended to be used for:

  • Session Management: For example, cookies allow websites to recognize users and remember their individual login information and preferences, such as sports.

  • Personalization: Personalized advertising is the primary way cookies are used to customize sessions. You may see certain elements or parts of a site, and cookies use this data to help create targeted ads that you may enjoy. They are also used for language preferences.

  • Tracking: Shopping sites use cookies to track items users viewed earlier, allowing sites to suggest other products they might like and keep items in shopping carts while they continue shopping elsewhere on the website. They also track and monitor performance analytics, such as how many times you visited a page or how much time you spent on a page.

While this is primarily for the user's benefit, web developers also gain a lot from this setup. Cookies are stored locally on your device to free up storage space on a website's servers. In turn, websites can customize content and, at the same time, save money on server maintenance and storage costs.

Types of Cookies and Their Impact on Data Exchange

There are different types of cookies:

  • Session Cookies: Used only while browsing a website, stored in random access memory, and never written to the hard drive. Session cookies are automatically deleted when the session ends, and they help the "back" button function in your browser.

  • Persistent Cookies: These remain on a computer indefinitely, though many include an expiration date and are automatically deleted when that date is reached. Persistent cookies serve two main purposes:

    • Authentication: These cookies track whether a user has logged in and with what username. They also optimize login information so that users don't have to remember site passwords.

    • Tracking: These cookies track multiple visits to the same site over time. Online merchants, for example, use cookies to track visits by specific users, including pages and products viewed. The information obtained allows suggesting other items that might interest visitors, creating a profile based on a user's browsing history on that site.

Moreover, internet cookies can be further categorized into two types: first-party and third-party.

  • First-Party Cookies: Created directly by the website you are using. They are generally more secure, as long as you navigate reputable sites that have not been compromised by a data leak or recent cyberattack.

  • Third-Party Cookies: More concerning, generated by websites different from the pages users are currently browsing, usually because they are linked to ads on that page. Third-party cookies allow advertisers or analytics companies to track an individual's web browsing history across any site containing their ads. Allowing third-party cookies to access your browser is now optional in many countries due to new data protection laws. Additionally, most browsers have started to eliminate them (Google has announced the end of third-party cookies in Chrome by 2024). Many websites still function well and remember preferences without using third-party cookies.

  • Zombie Cookies: A form of persistent third-party cookie that installs permanently on users' computers. They have the unique ability to reappear after being "deleted" from the device. They are also called "flash cookies" or "supercookies" and are extremely difficult to remove. Like other third-party cookies, web analytics companies can use zombie cookies to track the browsing histories of unique individuals. Websites can also use zombies to ban specific users. However, in some cases, hackers can manufacture these cookies and use them to infect systems with viruses and malware.

  • Essential Cookies: Now synonymous with the pop-up that asks for your cookie preferences when you visit a website for the first time. Essential cookies are first-party session cookies necessary to run the website or services you requested while browsing that site.

Some cookies may be optional when you enter a website; for example, you can limit which cookies end up on your computer or mobile device. Nowadays, this is commonly done when you visit a website, and you have the option to enable or disable third-party (or others) cookies. To allow cookies, follow these steps:

  1. Look for the cookie section, usually in Privacy Settings.

  2. Click the boxes to allow cookies. Sometimes the option says to allow "local" data.

  3. If you don't want cookies, you can simply uncheck them.

Deleting cookies can help mitigate privacy breach risks. Deleting regular cookies is easy but might hinder navigation on certain websites. Without cookies, you may have to re-enter your data on every visit.

Regardless of how you manage cookies, it's best to stay vigilant and clean them regularly.



Modifié le: lundi 13 novembre 2023, 22:04