Introduction
Companies use personal data to optimize their marketing campaigns, perform accurate analysis and improve their business strategies. But as the value of data increases, so do concerns about privacy and data protection! A large number of users do not realize that through something as simple as a link, they can already lose control of their data.
The role of GDPR and ePrivacy
In 2018, the introduction of the General Data Protection Regulation (GDPR) brought about a major shift in how companies should handle personal data. This regulation, along with the ePrivacy Regulation, emphasizes obtaining explicit consent from the user before any data is collected and processed. According to the AVG/GDPR, consent must:
- Being freely given: Users should have real choice without pressure or negative consequences.
- Be specific: Consent must be given for a clearly defined purpose.
- Being Informed: Users must be fully informed about what they are allowing.
- Be unambiguous: Consent must be given by a clear active action.
How links can threaten your privacy
Links seem harmless at first glance, but they can be a stealth threat to your privacy. Many companies use tracking links or URL shorteners that collect information about the user as soon as they click on the link. This can range from location data and device types to browsing behavior and other personal information. Despite the protections afforded by the GDPR, clicking on a link can already lead to unknowingly sharing your data.
What can you do?
To better protect your privacy, there are a number of steps you can take:
- Be aware of tracking links: Be critical of links you receive and click, especially if they come from unknown sources.
- Use privacy tools: There are tools and browser extensions available that block tracking links and protect your privacy.
- Read privacy statements: Before clicking on a link, take the time to read the website’s privacy statement so you know what data may be collected.
Current Situation
Compliance with data protection regulations, such as the AVG and ePrivacy, is compromised when link management platforms process user data without obtaining proper consent. This violation often happens when users click on links shared across various platforms, such as websites, social media, messaging apps and other online channels. When a user clicks on a shortened link, the link management platform can collect and process personal data in the background without the user’s knowledge or consent.
Data collection
Information/data collected includes:
- IP address
- Geolocation data
- Device type and model
- Browser type and version
- Operating System
- Language Settings
- Referring website or app
- Times of clicks
- User behavior and interactions on the destination website
During their online activities, users often unknowingly stumble upon shortened links generated by link management platforms. When clicking on these links, they are immediately redirected to the desired destination without any options, policy information or disclosure being presented. This lack of transparency and choice hinders users from making informed decisions about their personal data, in clear violation of GDPR and ePrivacy regulations.
Moreover, the lack of an opt-out option for data collection or the ability to view privacy policies violates the principles of data protection by design and default settings, as described in the AVG. This breach is of particular concern given the large number of users affected daily and the increasing reliance on link management platforms for various online activities, such as marketing, content sharing and analytics.
Conclusion
The AVG and ePrivacy Regulation provide important protection, but it is up to users themselves to actively protect their privacy. By being aware of the invisible threats, such as clicking on tracking links, users can better control their personal data and ensure their privacy.
