‘Supercookies’ have alarmed privacy experts

‘Supercookies’ have alarmed privacy experts: TrustPid, which Vodafone claims, means that each partner website generates a different token for the same user, reducing the potential for user data to be triangulated across websites to create broad profiles of user interests—a major concern of internet stalking on the web. Targeted advertising. “The technology is built following a privacy-first design and is compliant with all GDPR requirements and relevant legislation,” Poulter said.

The TrustPid pilot comes as the face of online advertising is changing, Harmer said. “On the one hand, you’re looking at a lot of privacy measures to be against the competition,” he says. “You have a lot of talk about customer data being bled and leaked very openly on the Internet.” Vodafone believes it can solve both problems, giving advertisers the confidence to spend money online while protecting customers over their data.

Vodafone says it has informed the appropriate regulatory bodies about the trial, adding that it has met twice with the German Federal Commissioner for Data Protection and Freedom of Information (BfDI). BfDI spokesman Christoph Stein said: “The organization was informed by Vodafone about the trial of TrustPid technology with Deutsche Telekom, as we are the responsible data protection authority for those telco companies.” Stein also pointed out that establishing Trustpid as a separate company in the UK means that the data authority responsible for Trustpid will be the UK’s Information Commissioner’s Office (ICO). ICO spokeswoman Deborah Biasutti told WIRED that “any proposal that facilitates cross-web tracking without placing users firmly in control is unlikely to address the privacy concerns prevalent in online advertising.” Harmer confirmed that TrustPid has not interacted with the UK Data Protection Authority.

Stein confirmed that the BfDI had not been approached by the independent firm that runs TrustPid. As for whether it complies with data protection rules, the BfDI says TrustPid can argue that its unique, pseudonymous network identifier is a value-added service. EU’s ePrivacy Directive.

The key word is “could.” “Informed and voluntarily given consent is the only acceptable basis for using this technology,” Stein said. “Higher standards must be set here, and we doubt that current compliance will meet that goal.”

Stein said the BfDI had not yet made a final decision about data processing in the German trial. The GSM Association, an industry body with more than 1,200 members including Vodafone’s German and UK arms, said it had not been contacted about the TrustPid trial but would ask its technical teams to look into how data was handled.

However, a former GSMA privacy director has made up his mind. “It’s very disappointing that mobile operators are behaving this way,” said Pat Walshe, a data protection and privacy adviser who worked at the GSMA between 2009 and 2015. “They’re supposed to be the guardians of the privacy of your communications and your data—but it’s clear here that these operators see you as another source of revenue by mining your personal data and treating you as a digital billboard.” Walshe sees this as particularly problematic after a decade of writing.

Leave a Reply