ARTICLES PRODUCT UPDATES,
SEO TIPS & INDUSTRY INSIGHTS

Keep Your Website Secure and Customer Data Private with Campaign Sherpa

A total of 1001 cases of data breaches were reported in the United States in 2020. These breaches resulted in the exposure of data belonging to more than 155.8 million individuals on various websites, with a whopping 36 billion records exposed due to data breaches in the first three quarters of 2020.

Data breaches can be quite costly both for individuals and businesses. Organizations need to protect themselves from cybercriminals, and security remains a top concern for anyone online – including customers who want to keep their data safe. 

Organizations also must comply with data privacy laws which are become increasingly more stringent. These regulations ensure optimum privacy and protection of individuals’ personal identifiable information (PII) on the internet, and it is imperative for business to follow them.

Google Analytics violates privacy laws, now banned in Austria

The Austrian Data Protection Authority (DPA) has ruled that Google Analytics (GA) violates the European Union (EU) data privacy laws. By implication, any Austrian website provider that continues to use GA violates the EU’s General Data Protection Regulations.

The DPA decided its verdicts on complaints leveled against an Austrian health website due to its use of Google Analytics. This ruling affects Google and several other United States cloud services providers operating in Austria and other EU countries, or collect data on its citizens. Companies who choose to ignore the rulings going forward may find themselves in big trouble, just like the Austrian business caught in the cross-hairs in this ruling.

According to the facts of the case, the website in question, a health-focused site known as netdoktor.at, was accused of inadvertently exporting the data of visitors to its website to the United States due to its use of Google Analytics.

The user data specifically involved included IP addresses and other identifiers. Since IP addresses now fall under the purview of personal data based on new GDPR laws, the DPA found netdoktor.at to be in contravention of the General Data Protection Regulation (GDPR), which concerns data transfers out of the EU. While the ruling did not result in any direct implications for Google, the website in question was slammed with a fine of €20 million or 4% of its global turnover.

The Data Protection Agency is not alone in its ruling. The European Data Protection Supervisor (EDPS), the agency in charge of many of the top EU institutions, recently gave a similar verdict by sanctioning the European Parliament for using US service providers like Google Analytics and Stripe on one of their Internal websites.

What does this mean if you are using Google Analytics?

From this ruling, it is now obvious that big tech companies can no longer bury their heads in the sand regarding these court rulings. Businesses in Austria and other EU countries and those collecting data on its citizens will have to take action to avoid getting slammed by discontinuing their usage of Google Analytics and other US cloud service providers.

Keep your website secure and customer data private

Organizations can protect the safety of user data transmitted on their website, and ensure security and privacy across their technology stack with Campaign Sherpa. Campaign Sherpa’s Website Audit Report performs a scan of your website and flags pages that are not following these basic security principles:

1. Using Hypertext Transfer Protocol Secure (HTTPS)
2. Having a Secure Socket Layer (SSL) Certificate

Campaign Sherpa also has the ability to scan a website for Analytics Vendors, to identify which technologies are in place, and ensure they are functioning correctly.

Use HTTPS to Protect Your Website

Web Servers use a protocol called Hypertext Transfer Protocol or HTTP to communicate with browsers. However, this protocol is no longer a safe option as it puts user data at risk. Hackers can use relatively simple software to intercept the data exchanged between a website and a visitor. This can be a serious breach of security as the information can be sensitive or reveal personal data. For example, banking information could be intercepted when it is entered it on a website that uses HTTP.

The easiest way to avoid such risks is to use the secure version, Hypertext Transfer Protocol Secure (HTTPS). It encrypts the data exchanged between a website and a visitor. As a result, any intercepted data would appear as strings of illegible text and numbers. HTTPS also ensures data integrity, ensuring nobody can edit or change customer data in transit.

How to Implement HTTPS on Your Website

A Secure Sockets Layer or SSL certificate is required to implement HTTPS on a website. Once HTTPS is implemented, a secure sign of a padlock beside your website URL on browsers will appear, allowing you to gain trust from website visitors and customers. Many web hosting providers offer plans with SSL certificates, and it is possible to obtain SSL certificates from various issuers. 

What is an SSL certificate?

SSL is a security protocol that helps create encrypted links between a browser and a web server. An SSL certificate authenticates a website and encrypts its data. SSL protects your website data from modification or reading by a third party as it is being transferred between the browser and the server. Having your website secured with an SSL certificate ensures that it does not transmit data in a way that can be easily viewed or modified by someone snooping around on the network. Communications done over an HTTP protocol appear as plain text. Hence, they’re easily accessible to anyone. Data on a secure network, on the other hand, is encrypted first before being passed along. This makes them less vulnerable to attacks as they’re being transmitted.

Use Campaign Sherpa to Identify Website Security Issues

Campaign Sherpa flags security issues on your site, and identifies if your website is exposed to risks. Detailed reports also provide recommendations to fix the issues that are found, including those related to analytics vendors. Request your Free Audit to get started today.

Further Reading:

• https://matomo.org/blog/2022/01/google-analytics-gdpr-violation/
• https://fortune.com/2022/01/13/austria-gdpr-google-analytics-max-schrems-noyb-edps/
• https://techcrunch.com/2022/01/12/austrian-dpa-schrems-ii/
• https://www.cloudflare.com/learning/ssl/what-is-https/
• https://developers.google.com/search/docs/advanced/security/https
• https://transparencyreport.google.com/https/overview?hl=en
• https://www.kaspersky.com/resource-center/definitions/what-is-a-ssl-certificate
• https://www.ssl.com/