An open debate on ePrivacy and GDPR compliance

Why do we do this?

You will no doubt wonder: Why would these guys put together COMPLY.ORG at their expense and risk? What do they get?

We certainly have our reasons - and we do indirectly benefit from an adequate enforcement of current privacy laws. We also have a plan moving forward.

Both our reasons and roadmap follow below, as a sort of "open agenda":

The thinking process that led to COMPLY.ORG

At PrivacyCloud we aim to replace what is today known as AdTech (tracking-based Advertising Technology) with a new relationship between individuals, businesses, and media that is built on extreme transparency - in full alignment with the EU regulatory framework for personal data protection.

We have encountered a few obstacles along the way, some of them expected, others not:

  • A vast majority of consumers (or individuals at the receiving end of the ad-supported Internet) remain completely unaware of the manner in which their data is collected, stitched together, used, or traded. Furthermore, they tend to care little if shown, in the absence of a threat that their confidential information may be exposed.
  • Even when marketing or digital transformation leaders are fully aligned with privacy ethics, transparency, or the long-term vision to embrace true customer-centricity (with individuals taking control of their data), their organizations have fallen prey to short-term goals and "business as usual", even if that entails a completely unrealistic interpretation of the new regulatory framework, which few will dare to question in view of: a) its impact on existing processes; and b) the competitive landscape ("everybody is doing it"). Only major crises lead to the exceptional change of course, and they include a reputational threat, or the loss of a trusted relationship with their customers.
  • The said unrealistic interpretation has, in the case of cookies or mobile apps, boiled down to assuming valid consent in the most untenable circumstances.
  • Individuals have been left worse off as a result of this concerted effort to fake compliance (as well as transparency): they now face the constant, additional burden of having to put up with cookie banners, consent-request pop-ups and other annoyances that pretty much do away with the user experience (as well as content accessibility for the disabled) on mobile devices.
  • Proper GDPR/ePrivacy enforcement has not yet arrived. A multi-layered legal framework (meant to be adaptable, future-proof, and technology-neutral) results in additional complexity, providing a perfect excuse for inaction - as well as arbitrary enforcement. When the most questionable practices seem to get off the hook with a mere reminder, the global marketing community finds an incentive to avoid change.
  • Media have been caught in the chain reaction of fake compliance, eventually giving in to AdTech demands for blanket consent-gathering requests, in the process putting a strain in their most valuable asset: a direct relationship with the end user.
  • The small minority of individuals who do seek full control of their personal information lack enough muscle or leverage to either see the laws enforced or go about their lives with their rights not being constantly violated.

In view of all of this we simply decided it was high time to let people (anyone!) do three things at once, in an effortless way:

  1. Remove those annoying cookie banners: browse the internet without interruptions
  2. Decline requests for uninformed, ambiguous, not specific, not freely-given consent
  3. Flag websites which, in the absence of consent (ie. as a result of inactivity) go ahead and serve non-exempted cookies, sending such websites to a public "hall of shame"

The Consent Manager browser extension was launched on August 14th 2018 facilitating all three. COMPLY.ORG was later made available to provide it with the enough teeth for individuals to have a real impact.

But, as a "hall of shame", COMPLY.ORG had to count on enough guarantees for individuals and website owners to trust it as a barometer of effective compliance levels. Any websites reported via the Consent Manager extension needed to have access to a manual verification system (by accredited privacy professionals), and their owners had to be able to contest their listing. Hence the additional features you will find on this platform: a "verifier" program, an appeals workflow, and hopefully constructive exchanges between verifiers and website operators (new business opportunities for specialized lawyers and privacy consultants?).

The roadmap: What's next?

The Consent Manager browser plug-in is great for websites, but people are even more exposed through the apps they install on their mobile devices.

A key piece of the PrivacyCloud ecosystem is WeRule, a consumer application that allows its users to take control of their data by:

  • Evaluating the manner in which apps currently installed on their phone use or sell their data, as well as the tools they provide for individuals to exercise their rights
  • Building a single, secure profile that is subsequently used to access multiple third-party services without need for further registration (as a Single Sign-On: "Login with WeRule")
  • Deciding which information they want to add to such profile in order to: a) receive highly tailored proposals, and b) share it with brands willing to build mutually-beneficial "one-to-one" relationships in exchange for media subscriptions and third party services accessed through the Single Sign-On - this brokerage pays for the entire thing.

We plan to build a link between the discoveries people make through the WeRule app with regards to the manner in which the most popular apps use personal data, and a new section on COMPLY.ORG that can make this available to others, if WeRule users so choose it.

So, in a way, you could call this entire website a huge piece of "native" advertising for our WeRule app. But at least it is not incurring in stealth data collection to achieve its purpose, and it is clear in its methods.

Would you like to join us in any way? Drop us a line: [email protected].