On February 2, 2019, the Spanish Data Protection Agency (AEPD) published a Survey on Device Fingerprinting. (“Survey“)
“Device fingerprinting is the systematic gathering of information on a specific remote device with the aim of identifying, singling out and, thus being able to monitor its user’s activity for the purpose of profiling.” The data set extracted from the user’s terminal device allows that device to be unequivocally uniquely identified.
The APD estimates that there are around 4 billion computers, smartphones and other terminal devices in the world, and all of them could be identified with digital fingerprinting.
“The impact of the use of these techniques on the rights and freedoms of users has never been analysed by the data controllers of device fingerprinting models, nor have they provided information on the measures established to minimise the risk and to prevent any breach in security.” Survey at 21.
The processing of data using device fingerprinting techniques is subject to Regulation 2016/679/EU (the General Data Protection Regulation, GDPR) when the scope of Article 3 is met.
The ADP describes several of these digital fingerprinting techniques. Survey at 6-8. There are a number of particularly advanced techniques that may be used to obtain digital fingerprinting of a device, such as canvas fingerprint, canvas font fingerprint, webRTC fingerprint or audio fingerprint which allow for very precise profiles to be obtained.
The Survey gives users some recommendations on how to protect their privacy (Survey at 16-19), such as:
- use of the browser’s Do Not Track (DNT) option;
- installation of blockers (browser extensions , allowing the user to elude advertising and user tracking);
- alternating browser;
- execution of access to internet in virtual machines.
Finally, the ADP provides some recommendations for the industry. Survey at 19-20
The ADPT notes how digital fingerprinting tecniques might be may be legitimate. For example, being part of multiple factor authentication mechanisms. However, they may also be used to monitor users during their web browsing and compile information on their habits and interests without the user being conscious of it.
The Survey on Device Fingerprinting is available at https://www.aepd.es…
More on cookies is available at https://www.technethics.com…
For more information on how EU privacy may impact your business, contact Francesca Giannoni-Crystal. Thanks to Federica Romanelli