Is data privacy an oxymoron? An EU initiative addresses growing concerns
When it came into force in 2018, the General Data Protection Regulation (GDPR) established a new global standard for the protection of personal and private data by serving as a base model for non-EU countries as well. However, it also introduced massive uncertainty about compliance amid growing concerns in society relating to data privacy issues. Enter the EU-funded CSI-COP project that investigates GDPR compliance to better understand how far cookies may track users of internet websites and apps on mobile devices. Project partners have recently launched a tracking-free website “to persuade others to adopt a privacy-by-design website philosophy to stop tracking website visitors, and to rethink ‘legitimate business’ purpose and stop passing navigation and other visitor data to third-parties,” as explained in a Coventry University press release. The website aims “to build trust between the CSI-COP researchers and the citizen scientists who will become part of the team investigating digital cookies and the extent of online tracking by default,” it adds. The same press release by CSI-COP project coordinator Coventry University states: “The CSI-COP project … will enlist the participation of citizen scientists to address the growing concerns in society around privacy issues, and the methods that attempt to ensure integrity in the collection and use of data.”
Examining cookies
Cookies, a tool within browsers that allows website operators to save data about users, can either be stored on a user’s device when they visit any website or be placed by a third party like an advertiser or an analytic system. These third-party cookies give access to user data and activity related to one website to other parties, forming the basis of how ads target users. Considering the amount of personal data that cookies may contain, they can be subject to the GDPR, making it crucial to improve users’ understanding of what information is tracked online. Thanks to the CSI-COP project there will be “accessible opportunities to gain informal education on ‘Human rights in the digital age’, by training citizen scientists on GDPR compliance and how to investigate cookies in websites and apps,” as noted in the news release. “This will be delivered through the creation of a massive online open course (MOOC), and through workshops organised by CSI-COP consortium partners.” A presentation on the project summarises how the CSI-COP consortium will “collaborate with AI research scientists, technology and privacy lawyers, gender experts, historians, philosophers, digital humanities and open science experts to build a web-based open-access knowledge-resource detailing the extent of tracking-by-default.” It will also “reveal types of trackers (third-party, Facebook) and targeted profiles (children playing digital games, teenagers seeking friends, women’s and men’s health problems) across a range of websites and in smartphone apps.” The CSI-COP (Citizen Scientists Investigating Cookies and App GDPR compliance) project will run until June 2022. Its community of citizen scientists will be recruited from across Europe and beyond, and their findings will be systematically mapped by the CSI-COP consortium to produce a taxonomy of trackers that will be used in an online repository. This open-access knowledge resource on trackers embedded in cookies and apps will be a useful tool for a variety of stakeholders, ranging from data protection researchers and GDPR compliance regulators to parents, teachers and libraries. For more information, please see: CSI-COP project website
Keywords
CSI-COP, data privacy, GDPR, cookies, tracker