Data Ethics Tools for Companies and Organisations

Search Engines Not Tracking You

In stead of following the 90% of Europe you could install a different search engine on your computers than Google. There are lots of them. Some of them sell ads based on search terms- but not on personal digital footprints.

• Brave Search (US)
• xayn.com (german)
• Startpage (Dutch/US)
• Qwant (French/German)
• Mojeek (British)
• Duckduckgo (US)
• Searx.me (meta search engine for the nerds)
• Ecosia (German. Focus on tree planting)
• Metager.de/en (German)
• Hulbee (Swiss)
• Neeva.com  (US)
• Kagi.com (US) – paid for

Browsers and AdBlockers

In stead of using Chrome, the browser still tracking you by default with third-party cookies, there are browsers who by default block for tracking:

• Safari US
• Firefox, US
• Brave, US
• Vivaldi, Norwegian

Once all browsers tracked you but today most don’t (just like the TOR browser, but it is not good on mobile).  If you insist on using Chrome, you can block for tracking and ads (incognito mode is mainly deleting your web history). The tools block for third-party or marketing cookies – and for ads.

• uBlock Origin (not just uBlock) for Chrome
• The app AdblockPlus is best for mobile. It can also be used on the computer.

Chat Apps

• Signal (US)
• Wire (US/CH)
• Siilo.com (Dutch) for health professionals
• Telegram (Russian)

Alternative Maps

Apple Maps is better than Google Maps, when it comes to privacy. But the very best is either Dutch Here We Go (with a cool app) or open source Open Street Map. If you use Google Maps, here’s a great guide on how to not feed Google with all your data.

If you need to embed a map on your website Umap is excellent.

Alternative Translation

In stead of using Google Translate, this European translation service, which can also be used for free, is excellent, DeepL Translate.

Alternative Site Search

In stead of using Google Search on your website for internal search, you could switch to Cludo. Here you can get a data processing agreement, and they also give you the opportunity of not using cookies and anonymising you users’ IP.

Alternative Collaborative tools

Instead of Google Docs you could use:

• Nextcloud.com (German)
• Trello.com (Australian)
• Dreambroker One (Finnish with servers in Finland)
• Microsoft Teams (US) (not really ‘alternative’ but to be constructive, this is better than Google Docs when it comes to privacy)

Video and webinar platforms

• Studio from Dreambroker (Finnish)
• Whereby (Norwegian)
• Jitsi Meet (Australian)
• Skype for Business On-premise are okay, but Skype, Skype for Business Online and MS Teams are all in the cloud (see this cloud guide)
• Wire (US/CH)- ‘protected by European data law’ – for group chats and group calls
• Apples Facetime is also okay.

See more here

Alternative Webstatistic Tools

The vast majority of websites are using analytic tools to measure traffic and get data on their visitors. Google Analytics (GA) is by far the most common. But more and more companies and public institutions realize that ‘free’ means paying with data and that they lose control over data. In other words they pay Google with customer or citizen data. Alternative statistic tools are:

• Etracker (Germany)
• Matomo (formerly Piwik)
• Plausible (Estonia)
• Simple Analytics (The Netherlands)
• Wide Angle Analytics (Germany)
• AesirX Analytics (US open source)

Other alternatives are the Danish SiteImprove, the German Webtrekk and the French AT Internet, where you don’t pay with data but money.

Alternative Captcha

In stead of Google’s captcha, this hCaptcha is said to be privacy preserving

Cool feedback tool

In stead of using Surveymonkey (US company that uses Google Analytics to track visitors and stores data with Amazon in the US) switch to open source LimeSurvey (a German company storing data in Europe) to collect event feedback or try the EU Survey from the EU which we believe will be GDPR compliant.

Alternative Newsletter Tools

Alternatives to the US provider Mailchimp are:

• Sendinblue (Germany) (thanks Johnny Lüchau).
• Cleverreach form Germany is also good
• Revue from Holland can be recommend – recently bought by Twitter and thus on our observation list.

We have also traditionally recommended Mailjet from France (which we have used for years at DataEthics as it was GDPR compliant) and Marketingplatform from Denmark – but both are using Google as hosting platform, so they’re also on our observation list, and we’re waiting for another solution from them.

Secure VPN

Generally we recommend VPN-services with headquarters based in Europe. There are many, here are some of them (see this guide for example):

• ProtonVPN (Switzerland)
• F-Secure (Finland)
• Cyberghost (Rumania) lots of servers

Alternative Chatbots

• SupWiz (Danish) Article about SupWiz now using European Cloud

Secure Social Networks

LinkedIn has become the professional social network. It is controlled by Microsoft and it is hard to find alternatives that can match it. But If so, there is Mastodon, a German developed Twitter-like social media. The German social network Xing is pretty big and a professional network that markets itself up against social media competitors in the US. At Xing they talk about zero-tolerance when it comes to privacy and data security. All data is stored on servers in Germany and the strict German data laws are adherd to. Also Diaspora is a good alternative.

Alternatives to Social Plugins

Maybe you should not use big data companies’ social logins. At least not if you want to stay in control of data and prevent tracking of your customers. Do consider if social share bottoms are really useful to use – do you get more out of it than you give? Most people share in other ways, eg by copy/pasting the URL. Alternative solutions could be SocialSharePrivacy. They prohibit the hidden tracking of your users, because they don’t track them, as long as they don’t click on the share bottom.
In stead of share bottoms you can use statistical links. For Twitter, for example, you can just make a simple link to Twitter and use the Twitter icon as the share button. The same with Facebook. That way you don’t participate in any tracking on your site and your users can still share your content. Typically, you can’t show the number of shares on your site, but you can implement it, if you find it useful.

Third-party Cookies or Not

Talking about third-party cookies… maybe that is something you should not have on your website? A growing number of users use adblockers because they are fed up with ads and tracking.

• if you don’t have advertising on your site
• if you are a public institution
• if you don’t want to let your competitors get data on your customers.
• if you listen to your customers, who increasingly use cookies- and adblockers
• if you want truly valid data

There are many reasons for considering getting rid of all third-party trackers. Especially if you deal with data, many consider sensitive like health, finance and politics. The EU Commission does not allow thirdparty cookies on its website.

Alternatives to Facebook Groups

Many non-profits, public authorities and smaller companies choose to use groups on Facebook instead of using their own websites or a secure alternative – even with sensitive data like health data. One good alternative is Groupcare that is based in Denmark and has a free and a paid version. All their data is based on centers in Denmark and you retain ownership of the data you share. Australian Groupbox also sound like a privacy-focused alternative.

Secure Cloud Solutions

Here is a Guide to European Cloud Solutions (June 2021). Yes, Amazon is all over and very cheap. But more and more ask for storage in the privacy-aware Europe, so here are some alternatives:
The German Hetzner is cool, and so it T-Systems and Tresorit, Danish Rushfiles or French Scaleway or Cozy just to mention a few.  Or you can choose to build your own company cloud, which according to privacy advocates is the very best choice.

Best Practice Privacy Policies

A data-ethical privacy policy should be easy to understand, honest, descriptive and available in a few versions: one for those who do not bother to read lengthy explanations and another for those who do – including lawyers and privacy experts. Some of the better privacy policies are Startmail (Holland), Helloclue (Germany), Withings (France), Channel 4 (UK). These use clear language to explain why they need or do not need data, how it’s deleted, how you can request it, and that access to their data is not sold to third parties. Channel 4 goes a little further by also providing a customer privacy promise/pledge. Many companies would be wise to include statements about what will happen to customer data if it were to go bankrupt or be sold.

Captcha

Alternative to Google’s reCapcha as we have no idea, what Google does to that data. Try hcaptcha.com in stead.

Basic questions to ask yourself on handling customers data

• Why do we collect these customer data?
• Who has access (staff, sales persons, sub-contractors)?
• How are they handled (access, use, deletion)?
• How are they stored?
• How do we protect them?
• Are we living up to our promises of transparency and privacy?

Do’s & Dont’s

• Drop automatic renewal of a service. Most people want to actively chose if they want to renew, and doing it automatically destroys trust among those who did not want to continue. Differentiate yourself from all others and tell why you do not use automatic renewal, but, of course, make it very easy to actively renew
• Drop ‘Sneak into basket’-tactic meaning sneaking stuff into a shopping basket and making it hard to remove it again
• Make it easy to leave you – it really enhances trust.
• Use opt-in instead of opt-out, for instance when people sign up for newsletters. Don’t sign up people automatically.
• Be honest in your offers: ‘Only two rooms left’ should only be used, when there are two rooms left.
• Don’t make your customers compromise the privacy of their friends. LinkedIn insists that you should get your friends to sign up for LinkedIn by asking for all your contacts and then automatically send the offer for all your friends. Very unethical and LinkedIn also had to pay a huge compensation in a class action suit.
• Make it very clear and easy to find who is behind your website, where is your headquarter and how to get in contact with you.
• Avoid ‘evil-by-design’, that is manipulative webdesign.
• Be grateful, and thank your customer. It works.

How to Distinguish Between Tools’ Trustworthiness

• What does the company live from? Selling product or services you have to pay for with money or data in disguise of ‘free services’?
• How about the privacy policy. Do you understand it or is it so long and complicated that you cannot even understand it yourself?
• Does it sell data to third-parties? 
• Is it honest about the data it collects? Compare it with the data they will have to need for their service?
• Does the company have a privacy-seal like the German Europrise or American Trustee? (not widespread yet but will be in the wake of the new EU data regulation i 2018)
• How does the company stand at different ranking services on privacy like Ranking Digital Rights, TOSDR, TermsOfConditions and Electronic Frontier Foundation’s various rankings.
• Can you see who is behind a website, and how to get in contact with them?
• Can the users interact with each other? What do they say about the product or service? Also check out social media.