content.docx

Full Transcript

We're all familiar with **website cookies**. But what are they?

A cookie is a **[small text file]** that is created by a
website when you visit it. This text file is saved onto your device
(e.g. laptop, mobile phone) and contains information about your visit to
the website.

When you visit the website again, the cookie is sent back to the
website, allowing it to recognize your device and remember certain
information about you (e.g. login credentials, shopping cart items,
preferences that you have set on the website).

Cookies can be either \"session cookies\" or \"persistent cookies.\"

- **Session cookies** are temporary and are deleted when you close
your browser;

- **Persistent cookies** remain on your device for a longer period of
time, even after you close your browser.

Cookies can be used by websites to provide a more personalized
experience for you. But they can also be used to collect data for
analytics and marketing purposes.

**Local storage** is another way for websites to store data on your
device. Again, a website saves **[a file on a specific part of your
device's hard drive]** (typically in a folder called "local
storage").

While local storage is similar to cookies, there are differences:

- Local storage allows websites to store larger amounts of data than
cookies do;

- Data is not sent back to the website every time you visit it;

- Local storage is faster and more secure than cookies are, simply
because data does not need to be sent through the internet each time
you visit a website;

The type of data stored via local storage is fairly similar to that of
cookies.

It is important to note that the data that a website has stored in your
local storage is not accessible to other websites or applications.

**Heat maps** are a way for an organization to see how visitors are
interacting with their website (e.g. what they click on, where they
scroll, where they spend the most time, what they ignore, etc.).

Unlike cookies and local storage, heat maps -- generally -- don't save a
specific file onto your digital device. Instead, they are simply **part
of the code that creates the website experience\
(e.g. JavaScript).**

The data that the JavaScript code collects on user activity is then
visualized by software. This software assigns a color to each area of
the page based on how often users engaged with that area (e.g. by
clicking, scrolling, typing). Areas of a website that visitors engage
with very frequently are shown in red, whereas areas of the website that
visitors do not interact with are shown in green.

The purpose of heat maps is to identify which areas of the website are
most popular and engaging for users, as well as areas that may need
improvement.

Further, heat maps are used by organizations to test and refine
different design elements on their websites. For example, they can
compare the engagement levels of two different page layouts or button
designs to see which one performs better.

A **web beacon** - or \"**tracking pixel**" -- is a **[tiny
image]** (1 pixel \* 1 pixel) or code snippet that has been
embedded in a website or an email. Unlike cookies or local storage, web
beacons are more difficult to spot.

When you visit the website or open the email, the web beacon **[sends a
message to a server]**. This message allows the sender to
track certain information about your online activity.

Web beacons collect the same time type of information as cookies and
local storage. However, they are far better at tracking your activity
across multiple websites and platforms. This allows them to develop a
more complete profile of you as a user.

When organizations embed web beacons in emails, these are typically used
to track whether the recipient opened the email, how long they spent
reading it, and whether they clicked on any links. This information can
be used to measure e.g. the effectiveness of an email campaign.

Due to their 'invisible', difficult-to-detect nature, they are
unfortunately often used by hackers as conduits to installing malware on
their victims' digital devices.

**Digital fingerprinting** draws upon one or more of the previous
techniques (e.g. cookies, web beacons) in combination with your web
browser.

Unlike the previous three web tracking techniques, the main purpose of
digital fingerprinting is **[to identify individuals based on their
online behavior and device information]**.

The data that has been collected on a user is used to create a **[unique
digital profile of the user]**, which can be used to track
their online activity across multiple devices and websites.

Digital fingerprinting is often used for targeted advertising and
personalization. However, it is also the basis for online identity theft
-- and for tracking users without their consent.

After you've come home from work or university, you will -- presumably
-- close

the front door behind you. At that point, people outside your home will
not be

able to observe your behavior unless you want them to. The choice is
yours.

We've just seen in the section on web tracking that the same cannot be
said for our online behavior. Both our behavior and the resulting data
can be tracked without us even being aware of it. This might bother us.
Or it might not. But as we spend more and more of our lives online, we
should be given the same choice to "close the front door behind us" that
we have in the physical world. And that's where **data privacy** comes
in.

Data privacy involves protecting personal information (e.g. names,
addresses, financial details, health records) from people -- or
organizations - who have no right to access that information. It
involves regulating and controlling **(a)** who has access to personal
data, **(b)** how that data is collected, **(c)** how it is used, and
**(d)** how and where it is stored, and making sure that these areas are
handled in a manner that is consistent with the basic ethical and legal
principles of our society.

Every organization has an Enterprise Information System. This means it
handles lots of sensitive information on customers, employees,
suppliers, and other stakeholders. It is the responsibility of every
organization to ensure data privacy by implementing strong security
measures. Otherwise, lives may be ruined.

Many organizations assume their Digital Responsibility automatically.
For those that

don't, lawmakers have introduced strict laws requiring them to protect
data privacy.

The most important of these in the EU is the General Data Protection
Regulation (GDPR).

The **General Data Protection Regulation** (**GDPR**) is a

European Union law that aims to protect digital privacy rights.

It was introduced in 2018 and **[applies to all organizations
that]**

**[process the personal data of individuals residing in the
EU]**. This includes companies, non-profits,

public authorities, and online service providers (e.g. social media
platforms, e-commerce websites).

The GDPR states that members of the groups listed above must

**(a)** be transparent with users about how they collect and use their
personal data; and

**(b)** follow strict rules on what types of information can be
collected, how it can be used

and how it must be stored.

These requirements apply to all personal data - regardless of whether
it\'s stored on paper

or electronically. Organizations found to be in violation of the GDPR
face penalty fines of

up to €20 million or 4% of global sales revenues.

Data becomes particularly sensitive wherever financial transactions are
involved. If someone hacks your Instagram account, it's bad. But if
someone hacks your bank account and password, it's worse. Probably.

Because of this, financial institutions protect their customers' data
with many of the security measures we've just seen:\
multifactor authentication, firewalls, encryption, and intrusion
detection systems.

However, there is a further technology that can be used to protect
financial transactions between two parties called\
**blockchain technology**. Blockchain was originally developed in
context of the first digital currency, Bitcoin. But in the meantime, it
has advanced to a level where it is used to safeguard many transactions
that have nothing to do with cryptocurrencies.