Search Engines Not Tracking You
In stead of following the 90% of Europe you could install a different search engine on your computers than Google. There are lots of them: The Dutch Startpage, French Qwant, Swiss Hulbee, American Duckduckgo or Danish FindX - none of them track users down to the individual or store all searches. Some of them sell ads based on search terms- but not on personal digital footprints.
Alternative Webstatistic Tools
The vast majority of websites use analytic tools to measure traffic and get data on their visitors. Google Analytics (GA) is by far the most common. But more and more companies and public institutions realize that 'free' means paying with data and that they lose control over data. In other words they pay Google with customer or citizen data. Statistic tools, where you have control over your own data, are for instance the open source based Piwik, who proclaims “100% data ownership”. You will need a bit of programming work to use that, and thus paid for alternatives are the Danish Netminers or SiteImprove, the German Webtrekk, the Dutch Mixpanel, French AT Internet, where you don't pay with data but money.
Cool feedback tool
In stead of using Surveymonkey (US company that uses Google Analytics to track visitors) switch to Typeform (a Spanish company, doesn't use GA in surveys, much nicer product) to collect event feedback
Secure Social Networks
Alternatives to LinkedIn: The German social network Xing is pretty big and a professional network that markets itself up against social media competitors in the US. At Xing they talk about zero-tolerance when it comes to privacy and data security. All data is stored on servers in Germany and the strict German data laws are adherd to. Also Diaspora is a good alternative.
Alternatives to Social Plugins
Maybe you should not use big data companies' social logins. At least not if you want to stay in control of data and prevent tracking of your customers. Do consider if social share bottoms are really useful to use - do you get more out of it than you give? Most people share in other ways, eg by copy/pasting the URL. Alternative solutions could be SocialSharePrivacy. They prohibit the hidden tracking of your users, because they don't track them, as long as they don't click on the share bottom.
In stead of share bottoms you can use statistical links. For Twitter, for example, you can just make a simple link to Twitter and use the Twitter icon as the share button. The same with Facebook. That way you don't participate in any tracking on your site and your users can still share your content. Typically, you can't show the number of shares on your site, but you can implement it, if you find it useful.
Third-party Cookies or Not
Talking about third-party cookies... maybe that is something you should not have on your website?
- if you don't have advertising on your site
- if you are a public institution
- if you don't want to let your competitors get data on your customers.
- if you want truly valid data
There are many reasons for considering getting rid of all third-party trackers. Especially if you deal with data, many consider sensitive like health, finance and politics.
Alternatives to Facebook Groups
Many non-profits, public authorities and smaller companies choose to use groups on Facebook instead of using their own websites or a secure alternative – even with sensitive data like health data. One good alternative is Groupcare that is based in Denmark and has a free and a paid version. All their data is based on centers in Denmark and you retain ownership of the data you share. Australian Groupbox also sound like a privacy-focused alternative.
Secure Cloud Solutions
Yes, Amazon is all over and very cheap. But more and more ask for storage in the privacy-aware Europe, so here are some alternatives: The German T-Systems (whom Microsoft also works with) and Tresorit, Danish Rushfiles or French Cozy just to mention a few. Or you can choose to build your own company cloud, which according to privacy advocates is the very best choice.
Professional Privacy Tools
Wired Relations. Software for dataflow analysis - made in Denmark.
Ethics Canvas: Helps you structure ideas about the ethical implications of the projects you are working on, to visualise them and to resolve them.
PrivacyPerfect: Dutch privacy governance tool for DPOs.
DPOorganizer: Swedish tool for DPOs to control company data.
OneTrust: A Privacy Management Software Platform to comply with data privacy regulations across sectors and jurisdictions, including the EU GDPR and Privacy Shield.
Alternative to Skype
You can trust Wire - 'protected by European data law' - for group chats and group calls.
Best Practice Privacy Policies
This list of tools for companies is not a certification from DataEthics and we cannot take responsibility for any use of the tools. It is a list of tips for tools, we believe are trying to handle data ethically.
Generally we recommend VPN-services with headquarters based in Europe. One of the better ones is VyprVPN from Switzerland.
Basic questions to ask yourself on handling customers data
- Why do we collect these customer data?
- Who has access (staff, sales persons, sub-contractors)?
- How are they handled (access, use, deletion)?
- How are they stored?
- How do we protect them?
- Are we living up to our promises of transparency and privacy?
Do's & Dont's
- Drop automatic renewal of a service. Most people want to actively chose if they want to renew, and doing it automatically destroys trust among those who did not want to continue. Differentiate yourself from all others and tell why you do not use automatic renewal, but, of course, make it very easy to actively renew
- Drop 'Sneak into basket'-tactic meaning sneaking stuff into a shopping basket and making it hard to remove it again
- Make it easy to leave you - it really enhances trust.
- Use opt-in instead of opt-out, for instance when people sign up for newsletters. Don't sign up people automatically.
- Be honest in your offers: 'Only two rooms left' should only be used, when there are two rooms left.
- Don't make your customers compromise the privacy of their friends. LinkedIn insists that you should get your friends to sign up for LinkedIn by asking for all your contacts and then automatically send the offer for all your friends. Very unethical and LinkedIn also had to pay a huge compensation in a class action suit.
- Make it very clear and easy to find who is behind your website, where is your headquarter and how to get in contact with you.
- Avoid 'evil-by-design', that is manipulative webdesign.
- Be grateful, and thank your customer. It works.
How to Distinguish Between Tools' Trustworthiness
- What does the company live from? Selling product or services you have to pay for with money or data in disguise of 'free services'?
- Does it sell data to third-parties?
- Is it honest about the data it collects? Compare it with the data they will have to need for their service?
- Does the company have a privacy-seal like the German Europrise or American Trustee? (not widespread yet but will be in the wake of the new EU data regulation i 2018)
- How does the company stand at different ranking services on privacy like Ranking Digital Rights, TOSDR, TermsOfConditions and Electronic Frontier Foundation's various rankings.
- Can you see who is behind a website, and how to get in contact with them?
- Can the users interact with each other? What do they say about the product or service? Also check out social media.