The issue of personal data processing by websites and applications is very delicate and controversial. On the one hand, there are often excessive concerns that this information can be used to spy on us. On the other hand there is the need to collect it for the delivery of services or for marketing and advertising needs.
It is true that there are fraudulent websites that try to take hold of people’s sensitive data to make scams and to enter their profiles illegally. To stop these scammers, however, a good knowledge of good cybersecurity practices and a lot of attention are enough.
However, we must not confuse the malicious use of personal data with the completely legitimate use of it by companies that operate on Internet to provide us with services or sell us products. On the contrary, consent to personal data often allows us to live a better online and even offline experience.
Which sites and applications collect your personal data
Theoretically all websites and apps collect and treat personal data. Just think of the Google Analytics script that tracks the traffic on the website: it is collecting user data through cookies. Like buttons from social media collect personal data because they connect directly to Facebook. The same social media collect personal data (here the guide on how to read Facebook statistics).
In the case of a website there is a regulation (GDPR) that establish the notification of personal data and that we will see later. As for smartphone apps you can see what data is collected by reading the information from the score before downloading. However, it is also possible to deny consent to the processing of certain data later. But it must be taken into account that some of the data may be necessary for the application to work.
GDPR and consent to personal data processing
The GDPR (General Data Protection Regulation) is the European Union Regulation No. 2016/679 2016/679 with regard to personal data and privacy processing. Adopted on 27 April 2016, it was published in the Official Journal of the European Union on 4 May 2016, came into force on 24 May 2006 and became operational on 25 May 2018.
The GDPR is aimed at organisations, companies, individuals, companies, public and other entities (including non-profit) based in the European Union and offering goods or services (also free of charge) to EU citizens. All of these individuals should clearly state what personal data they are collecting and how the processing takes place. Instead, the user must have the option to deny consent. To simplify, let’s think about that dark block that we often see on a website and that asks us if we want to accept and continue with the navigation.
Those who have a website and want to comply with the European Union GDPR regulations can use Iubenda (with this link you can get the 10% discount).
Difference between anonymised and pseudonymised personal data
What does those who process our personal data really know? To answer, we need to better understand what anonymous data means, what are the purposes of the treatment and what is the difference between anonymized and pseudonymized personal data.
Anonymized personal data is collected in a process that makes it impossible for anyone to reconstruct the complete information. In practice, we are nothing more than numbers for those who collect them. Let’s think about Google Analytics collecting website traffic data. You will never know that I, Luigi Nervo,visited your site: you will know for example how many men have visited your site from Turin (Italy) using an Android smartphone. I can be part of this group, but there are also many other people with these characteristics, so you are not able to trace me if the data is treated anonymously.
Pseudonymised personal data may allow the reconstruction of the complete information by some authorized persons. This is the case with a contact form, booking form or quote request. If you contact me for advice, I want to know your full name, phone number and email to call you back. So I’m going to have access to this data. I will not provide your personal data to a collaborator who will therefore not be able to fully reconstruct the information.
How personal data is used by advertising
As mentioned before, those who advertise do not care about the individual as a person. It may sound cynical, but we are all numbers that are offered targeted advertisements in line with personal, geographical and interesting characteristics. Thanks to profiling based on anonymous personal data, we can receive targeted advertising based on our interests,so we receive more consistent messages and our online experience is much better. From the entrepreneur’s point of view, profiled advertising is a very powerful tool because it allows you to maximize the results of the campaigns.
In other words, we should not be afraid of the processing of personal data if this happens correctly respecting the GDPR: everyone wins, from entrepreneur to user.