1D-9-Online Privacy
Online Data Collection
A huge amount of data is collected online every day. Some of this data is collected automatically, often without the user's knowledge. This automatic collection of user data is commonly referred to as Passive Data Collection. Passive data collection can take many forms. For example, and as noted above, web server logs often will record information regarding a visitor's IP address and the type of browser the visitor is using, among other information. All of this data is collected automatically, and often without express consent. Information that is collected online with a user's knowledge, referred to as Active Data Collection, is generally collected through the use of web forms. A Web Form is a part of a webpage that allows users to input data in a text field, dropdown menu, radio buttons, or other means and then "submit" that information to a web server to process information or store that information in a database. One common field in a web form is a text box, which is a field that allows users to type out text. Radio buttons allow a user to select one option among several presented, and check boxes allow users to select multiple choices from a list presented. If web forms are not used appropriately, they have the potential to create significant security vulnerabilities because they provide the opportunity for users to submit data directly to a server or database. Text boxes are perhaps the most vulnerable element of a web form. Therefore, it is important to consider any limitations placed on text fields in order to ensure that they are used as intended. For example, a text box requesting a credit card number should be limited to 16 characters and only accept numbers. While text fields are often a single line, web forms may also use scrolling text boxes for larger text. Scrolling text boxes should be used with caution. There are a number of best practices to follow when using web forms. A developer should only include fields that are necessary for the intended purpose of the web form. Similarly, a web form should identify which fields are optional and which are required. Where a web form is presented to a user, a functioning link to a company's privacy notice should be included somewhere on the same page, which is a principle referred to as "notice at the point of collection" or a "just in time" notice. Web forms should disable autocomplete functionality (though, modern web browsers have circumvented this limitation to some extent), and password fields should never be pre-populated. If the webform is a sign-in function, and only one sign-in is required per session, the session should be set to expire or automatically time out within a reasonable time.
iv. Web Servers, Logging, Cache, and Other Concepts
A Proxy Server is an intermediary web server that provides a gateway to the web. Using a proxy server can mask what occurs behind a firewall, be used to log each user's interactions, and as an added security measure. These are commonly used in large organizations. A closely related technology is a Virtual Private Network ("VPN"). A VPN establishes an encrypted connection known as a "tunnel" through which data can travel between a user and a proxy server. While a proxy server may keep a log of a web user's activity, individual web servers may also create a record of visitors to a requested web page. Such records are saved to what is called a Server Log(sometimes also called a "web server log" or "web log"). A web server log will generally include information regarding a visitor's IP address, the date and time of page request, the URL of the requested file, the visitor's browser type, and the URL visited immediately prior to accessing the URL (called the "referring page"). The referring page is determined based upon the user clicking aHyperlink, which is a connection or link to another website or another page from the same website. Another important web concept is Cache. Cache is a copy of downloaded content that is stored locally on a web client. By relying on content stored in cache, a web client may eliminate the need to download the same content again from the web server. When a user visits a website that contains numerous images, for example, the web client must download those image files from the web server in order to display them to the user. By storing those images in cache, the web client can avoid the need to download those same images the next time that the user visits that website. This allows for the internet and the specific website to work more economically, which results in the appearance of a faster process from the perspective of the user. As a general rule and best practice from a privacy perspective, caching should be disabled and prohibited for pages that display personal information. A complete list and explanation of words, phrases, and concepts related to web-based interactions is beyond the scope of this study guide. What is noted above provides a solid foundation for understanding how online activity may affect the protection of personal information.
iii. IP Addresses and the Internet "Phonebook"
An Internet Protocol Address ("IP Address") is a unique number assigned to each device connected to the internet, including web servers. There are both dynamic and static IP addresses. A Dynamic IP Address is created when an Internet Service Provider ("ISP") assigns a new IP address upon the beginning of each new web session. A Static IP Address, on the other hand, is where an IP address remains constant over time for a particular device or server. Static IP addresses are becoming more and more common. From an information privacy perspective, a static IP address is much more likely than a dynamic IP address to be considered personal information by regulatory authorities because a static IP address is more easily associated with a specific individual. The most recent version of the IP protocol is called IPv6, which is slowly being phased in to use. The move away from IPv4 was necessary to ensure the availability of IP addresses as the number of internet-connected devices continues to increase. A Uniform Resource Locator ("URL") is a domain name and web address of files and other materials located on a webserver. Each URL is associated with an IP address that points to a specific web server. In order for a web client to find the IP address associated with a particular URL it must be processed through a Domain Name Server ("DNS"), which converts the domain name to the associated IP address. Think of the DNS as the telephone book of the internet.
Online Security and Cyber Threats
Any online activity by definition requires interacting electronically with third parties or across a network accessible by others. As a result, this provides an opportunity for bad actors to gain access to an organization's data. The legal consequences of a data breach and how to respond to such a breach are covered elsewhere in this study guide. Here, we discuss the more practical aspects of online security. To understand how to prevent or minimize the likelihood of a data breach, it is important to know some of the common types of threats that exist to online privacy. Organizations should train staff to recognize these common security threats: • Spam: The term Spam refers to unsolicited commercial emails or messages. Spam messages often contain viruses and other malware or direct a user to a website containing such malware. • Malware: Malware is software that is designed for malicious purposes, such as disrupting or damaging a computer, or obtaining data stored on a server. This is a broad, catch-all term; there are a number of specific types of malware. • Spyware: Spyware is a specific form of malware that is downloaded covertly and without the consent or understanding of the user. • Ransomware: Ransomware is another form of malware that permits a malicious actor to lock a user's operating system or encrypt data on a device, thereby preventing access by the user to his or her files. After locking or encrypting the system, the malicious actor demands a ransom to allow the user to access the data. There has been a large increase in the amount of ransomware attacks that have occurred in the past several years. • Phishing: Phishing refers to communications that are designed to trick users into believing that they should provide information to the sender (e.g., a password).While these communications often are sent through email, unlike spam, which are emails sent to many people indiscriminately, phishing attacks are usually more targeted. And unlike spam, which is perfectly legal (so long as it is done in compliance with applicable law), any attempt at phishing is a crime. Like malware, the term phishing is a broad catch-all term. Spear Phishing is a phishing attack directed at one individual person. Another common term is Whaling, which is a specialized type of spear phishing that is targeted at important individuals such as company executives, politicians, or celebrities. • Structured Query Language ("SQL") Injection: An SQL Injection occurs when a malicious actor attempts to provide a database command to a web server through input fields contained in a web form on a website.60 For example, an SQL injection may occur if a hacker inserts an SQL command into the "name" field of a web form that is designed to pull all user passwords. • Cross-Site Scripting ("XSS"): A XSS Attack is when malicious code is injected into a webpage.61 While such an attack does not directly target a website or application itself, an XSS attack usually results in unauthorized content appearing on a webpage or tricks a user into thinking that the site is corrupted. • Cookie Poisoning: Cookies are discussed at length below. Cookie Poisoninghappens when a cookie is modified in order to gain unauthorized access to information about the user or towards some other nefarious end. • Unauthorized Access: There are many ways in which a person might obtain unauthorized access to an organization's data. While data might be accessed through the fraudulent use of credentials, it might also result from neglecting to use adequate security controls. These are just some of the multiple ways in which personal information or an organization's data may be compromised through online interactions. A legion of other types of attacks and threats occur online. To minimize the risk associated with these types of security concerns, organizations should have comprehensive security measures in place that implement best practices. Website infrastructure should be designed and set up in accordance with strict technical security and access policies. The more sensitive data a website interacts with, the more security measures should be put in place. For example, an organization might consider implementing Two-Factor Authentication(sometimes called "dual-factor authentication" or "multi-factor authentication"), in which a user is required to provide more than one form of authentication, such as both a password and unique token sent to the user via text message. When accepting information through webforms, either as part of a sign-in procedure or otherwise, it is important to both validate and sanitize information. Data Validation is the process of ensuring that data conforms to identified requirements and quality benchmarks. If you are obtaining a user's email account, for example, data validation would ensure that the input field contains an "@," as well as some characters both before and after, among other requirements. Data Sanitization, on the other hand, takes the data input by a user and modifies it by removing potentially harmful input characters. Validation and sanitization are related but distinct concepts that provide different levels of security. Take, for example, a situation where a website expects a user to input a phone number. After that user submits the data, it can be validated to ensure that it contains only numerals and that it is ten digits long. If the input field contains letter characters, it will not be validated and therefore the submission process would be stopped. That data, however, can also be sanitized to remove all letter characters before it is submitted to the database. Both processes prevent the user from submitting data that does not conform with what is expected, but they accomplish that goal in different ways. Encrypting data during transit is increasingly becoming the norm across the internet and serves as another best practice. This includes using TLS and HTTPS, rather than the deprecated SSL and HTTP, discussed above. While all internet-based communications present security threats, certain types of communication present unique threats. Website access and email communications face many of the same types of threats, and therefore they share many of the same best practices. Email systems, however, also often have additional security measures in place that are uniquely tailored to this form of communication, including: (1) antivirus systems; (2) antispam systems; (3) HTML tag removal; (4) script removal; and (5) a system to block certain attachments based upon the file type. Likewise, mobile devices may also have specific security threats that are not applicable to other methods of web-based communications. In particular, mobile devices are susceptible to threats arising from geolocation tracking, especially because geolocation is particularly hard to anonymize. Location-Based Services ("LBSs") are continuing to expand rapidly. And while LBSs present new business opportunities, they also create new privacy risks and best practices have not fully developed in this area.
Introduction to Web-Based Programming Languages
As discussed above, a web client communicates with the internet using HTTP or HTTPS. But how do users interact with the web client? This is where web-based programming languages come into play. Programming languages are used to create a list of commands to be executed by a specific server or client. This list of commands, or the file in which the commands are saved, are referred to as programming Scripts. When a script is retrieved from a web server located at a URL (or IP address), what is displayed to a visitor to the website is not the script itself. Rather, the user sees the result of what is returned upon execution of the script, or put differently, the user sees how the browser has interpreted the script after it has run (sometimes called "rendering"). There are both "browser-side" (sometimes called "client-side" or "front-side") programming languages and "server-side" (sometimes called "back-end") programming languages. Most modern websites make use of both browser-side and server-side scripts. Browser-Side Languages are contained in scripts run by the web client (i.e., the user's computer or web browser) after a script has been downloaded off of the web server. Therefore, running a script with a browser-side language does not interact at all with web server—it is merely downloaded from storage on the web server. Browser-side languages handle the aspects of webpages related to user interaction, such as how a webpage is rendered (i.e., displayed) to the user or how the website responds to user interactions. The main browser-side programming languages to be aware of include the following: • Hypertext Markup Language ("HTML"). HTML is the programming language used to create the structure of webpages. HTML files are interpreted by web browsers to determine how content should be rendered to the user. The most recent version of HTML is HTML5. HTML5 includes new capabilities, such as the ability to run media directly from a website (without a plug-in). Additionally, HTML5 increases security and allows information to be stored offline. With the advent of HTML5, the internet-based Flash has become obsolete, which should no longer be used due to the significant security issues Flash presents. • Cascading Style Sheets ("CSS"). CSS is the web-based language used to dictate the presentation of a webpage, such as what color background appears to the user or the font size of text. CSS and HTML are separate from each other but work hand-in-hand. • Extensible Markup Language ("XML"). An XML file is a static file, like an HTML or CSS file, that is used mainly to store data. Because it is a static file, it contains all the necessary data and does not require a database call to retrieve information. XML files are often used to transport, create, retrieve, and store data over the Internet. • JavaScript. JavaScript (not to be confused with Java, a different programming language) is a language that allows for interactive websites; it dictates how a website responds to user interactions. For example, JavaScript is used to make the box below move when you click on it. Server-Side Languages, unlike browser-side languages, are run by and interact directly with web servers; a web server will generally run a server-side script before sending any browser-side script to the web client. A server-side script is executed by the web server, not the web client. What this means practically is that the web client never actually sees the underlying script being executed. Instead, the web client sees only what is sent after the script has already been run. Server-side languages are used when dynamic content is needed for a webpage. For example, a server-side language would be used for a website displaying the latest real estate listings because this list is constantly changing. By using a server-side language, the website can be programed to permit a database call to obtain the most recent listings stored on a web server and then present those to the user. The alternative approach that does not use a server-side script would require the domain manager to manually update the list directly in the front-end script. This would be unreasonably cumbersome and time consuming, as well as create a host of other issues beyond the scope of this study guide. The most popular server-side language is PHP, which is a recursive acronym for "PHP: Hypertext Processor." PHP is a general-purpose programming language originally designed for web development. Scripting of PHP relies upon both HTML and CSS, as well as a database programming language called Structured Query Language ("SQL").
Introduction to Web-Based Concepts
For those that have come to the field of information privacy from a background in legal, accounting, or other non-technical field, understanding how online technologies operate may feel a bit intimidating at first. But having a firm grasp of how information moves across the internet—and the risks that accompany that movement—is both indispensable knowledge in practice and specifically tested as part of obtaining CIPP/US certification. Below is a brief overview of key concepts related to the sharing of information online.
Key Points
Internet: A global electronic communications network that connects computers and devices and allows for instantaneous access from anywhere; this is different from the world wide web Web Client: The internet connected device (or hardware) and the software used to connect to the internet (i.e., web browser) Web Server: A computer that stores files that may be accessed via the internet Data is sent over the internet via small "packets," which allows many different users to download files simultaneously Protocols: The ground rules for how servers and clients communicate (e.g., HTTPS, TCP/IP, and TLS) Internet Protocol Address: A unique number assigned to each device connected to the internet, including web servers; can be either static or dynamic Uniform Resource Locator: A domain name and web address of files and other materials located on a webserver - Each URL is associated with an IP address, which is found by using a Domain Name Server ("DNS"), which is the "phone book" of the internet Cache: A copy of downloaded content that is stored locally on a web client There are both browser-side and server-side programming languages A huge amount of data is collected online both passively (e.g., server logs) and actively (e.g., web forms) When visiting a website, users are usually interacting with multiple web servers (e.g., APIs, web widgets, iFrames, banner ads) Activity online by necessity requires communications accessible by third parties, which leads to cyber threats (e.g., spam, malware, spyware, ransomware, phishing, SQL injection, XSS, cookie poisoning) Human error is a primary cause of many security incidents and steps should be taken to help minimize these errors - Social Engineering: When a malicious actor attempts to manipulate a person into creating a security vulnerability or providing confidential information Behavioral Advertising: Targeted advertising based upon information associated with an individual Users can be tracked as they move across the internet and change devices or environments (e.g., deterministic and probabilistic tracking, web beacons, cookies) Location-based monitoring occurs through the use of Wi-Fi connections, GPS, and Bluetooth beacons Web Cookie: A small text file placed on the hard drive of a device by a web server - May be a session or persistent cookie and a first-party or third-party cookie - E.U. Cookie Directive - Information stored in a cookie is considered personal information under the GDPR; thereby requiring user consent - General FIPs should be applied when using cookies Online privacy of children presents unique problems; both state (California and Delaware) and federal law (COPPA) attempt to address some of these problems
The Role of Human Error
No discussion of online security would be complete without discussing the role that human error often plays in security mishaps. There is no amount of technical protection that can prevent a data breach if individuals within an organization do not act responsibly. Steps therefore should be taken to help minimize the possibility that human error will result in a security lapse. Login passwords should be unique; not shared across users, websites, or applications; and regularly changed. Antivirus and firewall systems should be updated regularly. Employees should be instructed to use only secure, familiar wi-fi networks (e.g., not a coffee shop Wi-Fi network) when accessing an organization's systems or data, and the use of public computers should be avoided (such as in hotels). Public charging stations should not be used to connect mobile or USB ports, as the automatic syncing software may inadvertently cause the device to download malware. While some human error is likely unavoidable, employees should be encouraged to remain vigilant in their data security practices. The term Social Engineering describes how a malicious actor attempts to manipulate a person into creating a security vulnerability or providing confidential information. For example, a malicious actor might call the target of a spear phishing attempt pretending to be an employee in his or her organization's IT department. The malicious actor will state that they need the user's password and that they will be sending an email with a secure link (though in reality that link with contain malicious code) to confirm the password. This is intended to lull the target into a false sense of security, such that when they receive the email, they are more likely to click on the malicious link that is sent.
ii. Web Cookies
Online advertisers also track users by the implementation of web cookies—a topic that requires its own separate discussion. A Web Cookie is a small text file placed on the hard drive of a device by a web server. In the context of digital advertising, this allows third parties to link that device to a prior activity through tracking cookies. Not all cookies should be thought of as bad or used solely for advertising purposes; cookies may be used for numerous functions, such as user authentication and personalization of web content. Cookies can be categorized in a number of ways. First, cookies may be characterized according to their persistence—i.e., how long they remain active. A Session Cookie is one that is stored only while a user is connected to a specific web server and is deleted when the user closes his or her web browser.84 A Persistent Cookie, on the other hand, is one that is set to expire at some point in the future according to a pre-defined time. A persistent cookie is the type used by websites to identify a particular device for purposes of user authentication. Cookies may also be categorized based upon who sets the cookie. A First-Party Cookie is one that is set and read by the web server that is hosting the website being visited. In contrast, a Third-Party Cookie is one set and read by a party other than the web server hosting the visited website, such as an online advertising network. While flash was once in common use, security concerns have caused flash to be replaced by more modern alternatives. One of the reasons that flash is considered unsecure is the use of flash cookies.Flash Cookies are a type of cookie that is stored outside of an internet browser's control, instead being controlled and accessed by Adobe Flash. Flash cookies are difficult for users to delete, do not expire, and users are not provided notice of their use. A flash cookie might be used to "respawn" a deleted standard HTML cookie, which are sometimes called "zombie cookies." Cookies themselves may in some instances be considered personal information. This is especially true where a cookie is connected with additional information known about a user by the organization. The EU, in what is commonly referred to as the "Cookie Directive," has taken the position that information stored in a cookie is personal data, thereby requiring user consent before a cookie can be placed on a user's device. Modern web browsers allow users to set how cookies are permitted and also allow a user to delete the cookies that have been placed on a user's hard drive. There are a number of best practices to follow with respect to the use of cookies. First, and most importantly from a security perspective, because cookies are accessible and readable by third parties, cookies should never be used to store unencrypted personal information. Additionally, persistent cookies should be used only where necessary and they should be set to expire after a reasonable length of time. Users should be provided notice of when cookies are being used—indeed, the General Data Protection Regulation requires this—and organizations should disclose third-party cookie providers, as well as provide an opt-out function where practical. In other words, general FIPs should be followed when dealing with the use of cookies.
ii. Internet Protocols and Communication
The Internet Protocol Suite is a conceptual model of how data is transferred across the internet. A full explanation of the Internet Protocol Suite is beyond the scope of this study guide or what is tested on the CIPP/US Exam. It is important, however, to understand some of the basic concepts. Below is a simplified explanation of this model of communication. How a client and server communicate and the ground rules for transferring data over the internet are referred to as Protocols. Hypertext Transfer Protocol ("HTTP") is a simple application-level protocol. It can be thought of as the language by which a web client interfaces with the internet, or the network- and transport-layers of the internet. Recently, a large shift has happened on the web. Hypertext Transfer Protocol Secure ("HTTPS") has become the predominate application-level protocol. It is functionally the same as HTTP, with one important difference: HTTPS transfers data over an encrypted connection. Search engines now heavily penalize websites using HTTP, and some web browsers refuse by default setting to present file data over HTTP. The Transmission Control Protocol and Internet Protocol ("TCP/IP") are the main communication protocols of the internet. In other words, TCP/IP is the system of rules that facilitate communication and information sharing. Broadly, the TCP/IP protocol allows two devices to establish a reliable data connection, which permits the streaming of data. At its most basic level, TCP protocol is used to break information down into packets and address them to the appropriate location.11 These packets then travel across the internet from router to router according to the IP protocol, which interfaces with the physical infrastructure of the internet (sometimes called the datalink or physical layer). TCP protocol is then used to reassemble the packets of data before being received by the client or server. Transport Layer Security ("TLS") is another protocol that provides communication security by allowing a web user (or web client) to remain private from a web server, and vice-versa. TLS secures a connection between a web server and a web client to prevent third parties from intercepting or interfering with that connection. When the client contacts a server, a "handshake" occurs, which allows the client and server to authenticate each other and select an encryption algorithm. Once this handshake is complete, transfer of data can be done securely.17 Prior to the modern-day use of TLS, a legacy protocol system called Secure Sockets Layer ("SSL") was used. Although SSL is still in use, it has been deprecated, meaning that it is disapproved of and being replaced by a newer system (i.e., TLS) with the intent that the prior system in use will be made obsolete and technologically unsupported in the near future. Below is a diagram showing how the TCP and TLS create a secure connection. Most of the details of this diagram are beyond the scope of what is tested on the CIPP/US Exam, but this provides a sense of the process that web clients and web servers go through in order to make a secure connection.
i. How the Internet Works
The Internet is a global electronic communications network that connects computers and devices and allows for instantaneous access from anywhere. While many people use the term internet as being synonymous with the world wide web, these terms refer to two different things. The World Wide Web (the "web") refers to a collection of information that is accessed via the internet; it is the system most people use to access the internet. Computers that are connected to the internet are called either clients or servers. A Web Client may refer to both the internet connected device (or hardware), as well as the software used to connect to the internet. The software that is used to connect to the internet and interpret files in order to present them to a user is called a Web Browser. A Web Server is a computer that stores files that may be accessed via the internet. These files form the basis for websites and applications. A web client downloads files off of a web server, which are then interpreted and displayed by the web browser to the user. The transfer of files over the Internet occurs through the transmission of small chunks of data calledPackets.4 Data is sent via many small packets in order to allow many different users to download files simultaneously; if each web client was placed in line, permitted to download large files and had to wait until those in line ahead of them had completed their download, it would slow the internet to a halt.
Consumer Tracking and Online Advertising
The targeting of advertisements to users online is becoming more and more sophisticated. This type of targeted advertising based upon information associated with an individual is called Behavioral Advertising. From a privacy perspective, the largest concerns associated with online advertising are that consumers often do not know what information is being collected and how it is being used, and they also are often not aware of how to opt-out or opt-in from the collection of their personal data. A number of government entities have stepped in to address concerns about behavioral advertising. In the United States of America, the FTC has recently suggested that a "Do Not Track" approach should be implemented so that consumers can make a single choice to opt-out of targeted online advertisements. The Digital Advertising Alliance ("DAA") has undertaken a self-regulatory effort to develop an icon, called AdChoices, that permits consumers the ability to exercise choice with respect to behavioral advertising. In the European Union, Directive 2009/136/EC (the "EU Cookie Directive") requires that users give consent before having a cookie placed on their computers, thereby preventing cookie tracking without consent.
Children's Online Privacy
The use of the internet by children raises particular privacy concerns because children are often not aware of what information is being collected about them, are more susceptible to criminal behavior, and cannot provide legal consent in most countries (until the age of 18). Many websites not designed for children are set up to prohibit access by children, such as through requiring credit card confirmation or other proof of sufficient age. There are a number of laws that are specifically applicable to the use of online services and websites by children. The Children's Online Privacy Protection Act of 1996 ("COPPA") is federal legislation designed to protect children under the age of 13 who are using the internet. COPPA is discussed in more detail in Module II.A.4. While COPPA only protects children under the age of 13,94 at least two states have adopted laws specifically intended to protect teenagers between the age of 13 to 18. The Privacy Rights for California Minors in the Digital World Act provides individuals under 18 years old with the right to request removal of information posted by them online, subject to certain limitations. This law also prohibits online advertising of products that children are not legally permitted to purchase, such as alcohol or firearms, and restricts advertising practices based on the use of a minor's personal information. The Delaware Online and Personal Privacy Protection Act provides similar protections.
i. Tracking Users Across the Internet
Users are tracked as they move across the internet in multiple distinct ways. The practice of Cross-Device Tracking is the process of mapping a user as he or she moves between devices, such as from a laptop computer to a mobile device. This is accomplished through several methods. First, Deterministic Tracking is a method that allows an organization to track a user's devices based upon where he or she logs into the services. When a user logs into one computer to purchase a product from a company and then logs onto a different device to order another product from the same company using the same account, that company would then be able to tell that both of those devices are associated with the same user. Because deterministic tracking is a means of tracking based upon user logins, it allows an organization to identify an individual, rather than more general information associated with just a known user. Put differently, the information collected through this method is much farther on the identified-person end—rather than the identifiable-person end—of the identified/identifiable continuum of personal information discussed in Module I.A.2. Another method of cross-device tracking is called Probabilistic Tracking, which connects a user's devices based upon an assessment of probabilities and proprietary algorithms drawn from information collected on multiple devices. In addition to tracking users across devices, advertisers also map user activity as they move between different online environments. For example, a digital advertiser may be able to track users as they move from a social media site to a news media site. This is done through a number of mechanisms, including tracking cookies (discussed below) and web beacons. A Web Beacon is a clear, one-pixel-by-one-pixel graphic image delivered by a web server whose purpose is to record a consumer's visit to a web page. Likewise, web beacons are used by digital advertisers to measure digital advertising performance. Providing notice to users of web beacons is particularly important because they are invisible to users. Another method of tracking users is through Adware, which is software that monitors an end user's behavior so that advertisers can better target advertisements toward a user. Because mobile devices contain GPS receivers that are accurate to within a radius of just a few feet, advertisers are now able to leverage location data to target individuals via Location-Based Advertisements. Location-based advertisements can rely upon more than just a mobile device's GPS receiver. Mobile devices also send location data through their Wi-Fi and Bluetooth functions. For example, the Wi-Fi function on a mobile device is constantly searching for new Wi-Fi networks to connect to, and Wi-Fi routers pick up data when a mobile phone attempts to identify it. Each Wi-Fi router transmits a unique device identifier, called a MAC address. Advertisers may purchase maps of these MAC addresses, along with the data of what devices are trying to connect. Because Wi-Fi routers have a limited range, this method is able to identify the location of a specific device that may already be associated with a unique individual. A similar process occurs with Bluetooth Beaconing, which is a process whereby a low-energy Bluetooth signal is sent from a beaconing device. This signal is then picked up by a mobile device, setting in motion a process that will eventually display something (often an advertisement) to the owner of the mobile device.80 This process works in reverse of the way Wi-Fi tracking operates, as it is the beacon that sends out a message that is received by a mobile device, rather than a mobile device searching for a Wi-Fi router to connect with. Another means by which users are identified is through Digital Fingerprinting, which is a technique used to identify an individual based upon information collected automatically when a user visits a website, such as the user's IP address, the referring URL page, the browser type being used, etc. Because this information is usually logged each time a website is visited, it allows the organization operating that website to "fingerprint" a device, so that it may be recognized at a later time. While many of these identification techniques are used for advertisement purposes, digital fingerprinting can have many additional uses that promote security. For example, if a user attempts to log on to a web service but the organization does not recognize the "fingerprint" of that device, it may then ask for further proof of authentication. Social media and search engines present a somewhat unique way to identify user interests and personal information. People often share a great deal about themselves on these platforms, which can be used by digital advertisers to target advertisements toward them. When a user searches their own name in a search engine (known as a "vanity search"), for example, it becomes possible to connect that user's name to a specific device. The same is true for any information posted to a social media site; whatever device was used to post that information is now directly associated with a specific user and a potentially huge amount of personal information about the user. Advertisers use all of these methods to target individuals with advertisements tailored to their interests.
Third Party Website Interactions
When browsing across the world wide web, many users do not realize that when they visit one specific website, they are not having a private interaction with just that website or (more acurately) that website's server. Rather, when visiting most websites, users are also viewing, providing information to, or otherwise interacting with numerous third-party servers and websites. There is a litany of ways that this third-party interaction occurs. At the most basic level, some websites contain Syndicated Content, which is content that is developed by a third party and then purchased or licensed for presentation directly by the host site. In other words, it is content that is not created directly by the host site. It is at times possible for syndicated content to contain malicious code that collects data in different ways than what is set forth in the host site's privacy notice. A similar and somewhat recent development are co-branded websites. Co-Branded Websites are partnerships between two organizations whereby both provide content or services on a single website. Generally, co-branded sites should have their own privacy notices so that it is clear to users that the content belongs to, and users are interacting with, both partner entities. Likewise, the privacy notice should indicate how each partner will be using the information collected by the site. Technology can also be leveraged to include third-party content on a website in ways that are not as obvious to users. Web Services is a term commonly used to refer to a program contained within a website that allows two organizations to directly communicate between their computers or servers. This is often done through an Application Programming Interface ("API"), which is "a set of protocols, routines, functions and/or commands that programmers use to develop software or facilitate interaction between distinct systems." An API allows a website or other program to request services from a separate program. One example that most users are aware of is when a website displays a web widget. The term Web Widget describes a graphical interface on a website that is controlled by a third party, such as when one website displays a posting on Twitter (a "tweet") to users on a different website. While the website has programmatically included that tweet so that it is viewable to users in a specific location on the site, how that tweet is rendered and appears to the user in that location is controlled entirely by Twitter. Thus, if that tweet was deleted on Twitter's database, it could no longer appear on that third-party website. Similar to web widgets, an iFrame (short for "inline frame") is an HTML element that permits an external webpage to be directly embedded into a website. While the website itself controls where on the website the iFrame is located, the website does not in any way control the content of the third-party website. Many websites also contain third-party marketing. The ads that appear on webpages are often (though not always) controlled by Online Advertising Networks. These networks connect online advertisers with website owners who host advertisements on their website. Online advertisement is a highly important issue in the field of privacy and therefore discussed separately and in more depth below.