cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

Google Analytics cops a European GDPR fine

Hi All

 

Interesting that the Austrians have fined the continuous use of Google Analytics as violating the European Privacy legislation - GDPR.

 

https://www.pymnts.com/google/2022/ruling-google-analytics-violates-privacy-law/

 

It should be an interesting case.  Apparently the case will have a profound effect on US Cloud Services.

 

Regards

 

Caute_Cautim

3 Replies
JKWiniger
Community Champion

This has always been something I have always seen both sides on. On the one side, my IP is so I can get to where I want to be, so it should not be used against me. During these times how many of us have simply turned on a VPN and had Google hit us with a captcha just to do a simple search. Or had other sites not allow us entirely? This is uncalled for. On the other side, from a security standpoint, the IP address aides in incident response and finding who or what may have done a bad thing. So where is the line between a company monitoring an IP for security and one that monitors for their own internal benefit? 

 

With the sites that block you for using a simple popular VPN to try to protect yourself don't seem to really care about YOUR security or safety, just theirs! While I do understand how monitoring and blocking certain IP address can seem to reduce a companies attack surface I just believe there has to be far better ways that do not reduce a person's security.

 

Thoughts?

 

John-

Caute_cautim
Community Champion

@JKWiniger    I would agree with your point of view and perspective.

 

However, IP addresses can easily be spoofed, masqueraded, so additional measures are required to ensure you are who you state you and that you are actually authorised to have access to that system, web site, data source etc etc.

 

Perhaps we should introduce identity as a pillar, not just user, but application level too or even device, network level - are they authorised to access the particular system i.e. data, application, server, network etc.

 

VPNs are also going out of fashion, and being replaced with Secure Access Service Edge, which is based on application requests rather than IP addresses.

 

If organisations process or control private data, then they must have the appropriate controls in place to ensure a) you are authorised to access it, b) your identity can be proven beyond reasonable doubt - human level, but now we should add additional levels i.e. network, application - no matter where your data exists.

 

Because we have technology capabilities to fake humans, machines and systems - so we need additional measures to provide increased reassurance.

 

Regards

 

Caute_Cautim

 

 

JKWiniger
Community Champion

@Caute_cautim

 

First, it seems I have let SASE slip by me a bit and now have it on my, more things to learn list. It gets to be a long list and I am realizing I need to reprioritize things on that list!

 

By current use of a VPN stems more from not wanting my ISP from monitoring where I go. Not long ago I had a conversation with a rep from AT&T and wanted to know why I was required to pay a fee and use their equipment when my equipment was better. I was told so they could better monitor me! Clearly the rep was not very tech savvy because when I mentioned that I run everything through a VPN he thought they could still fully monitor, but I digress.

 

I guess the question that is finally being answer is, what is private data? In a sense, I see an IP address much like your mailing address. The place something needs to go to get to you. If you deal it to be fully private then how will anything get to you, but if it’s too public you might get a lot of junk mail. A lot of this simply stems from monetization. Where a cookie should just be used for things like state persistence and session preferences they are used to track you and target ads to you. A lot of this has started to be handled on the server side but the cookie will still remain to track us. A good Joke is Google saying they will no longer use cookies. What they should have said is we will no longer use cookies because we have much better ways to track you like finger printing your canvas!

 

We need to look more at what is at each end of the connection and forget about what’s in the middle. Should it matter if I connect with my cell phone and it connected through my WiFi opposed to the cell tower?

 

Kinda lot my train of thought in there. Bottom line, IP addresses and other items are used far less for security reason than they are for tracking and monetization, and that needs to stop.

 

John-