Companies decided to slink even further behind the curtain and hope

Companies decided to slink even further behind the curtain and hope What are the General Data Protection Regulation (GDPR) laws for websites using sneaky web trackers such as browser fingerprints to profile visitors? Privacy experts agree that fingerprinting is illegal.

Why browser fingerprinting is illegal?

Using the HTML5 framework, websites can identify users (or browser image) not through cookies, but through the unique features of a browser such as fonts, SVG widgets, and WebGL — for starters. The technique is called browser fingerprinting or canvas fingerprinting. Websites exploit the browser data to produce a single, unique identifier to track users across multiple websites without any actual identifier persistence on the user’s machine. Under the new GDPR, companies that use browser fingerprinting should first reveal the fingerprinting before it is executed and then wait for users to give their informed consent. Sites that relied on fingerprinting would also need to lay out a "legitimate interest argument for end users," which means proving that their interest in tracking does not the override users' rights to data privacy.

What is the penalty?

Up to €10 million, or 2% annual global turnover – whichever is higher; or up to €20 million, or 4% annual global turnover – whichever is higher. Google recently received a €50 million fine. Fortunately for them, it is much lower than the European Privacy Law maximum penalty, which is 4% of global revenue. For Google, that would be more than $4 billion.

What are their options?

"That path won’t be easy for browser fingerprinters to get the green light by EU regulators", said the EFF said in its post. “Looking at how web fingerprinting techniques have been used so far, it is very difficult to imagine companies moving from deliberate obscurity to full transparency and open communication with users,” said Bill Budington, senior staff technologist at the EFF. “Fingerprinting companies will have to do what their predecessors in the cookie world did before now: face greater detection and exposure by coming clean about their practices, or slink even further behind the curtain, and hope to dodge European law.” said Katarzyna Szymielewicz, co-founder and president of the Panoptykon Foundation.

There is no option?

When cookies and Browser Fingerprinting are no longer viable, and when vendors are thinking about switching on the dark side, there is still faith. F8th is the smart cybersecurity solution that is 100% GDPR compliant. F8th uses biometrics generated on the vendor's network to directly protect the client and the vendor simultaneously. The biometrics are meaningless and cannot be used on any other networks than the one that has generated the biometrics.

Published: April 8th, 2019