Question to German community:Datenschutzbestimmungen


(REBEL freestyle) #1

Hi,

my question goes to the german speak part of the Community.
Does anybody have a “good” Dataprotection / Datenschutzbestimmungen Text as sample?

Bye Thomas


(Karlsson) #2

This depends on your website. You have to tell your visitors, what you are doing with the datas which you are getting through tracking and also from forms where the user can give you Name, address, phonenumber and more.


(REBEL freestyle) #3

Was clear, was only the idea to discuss with some other german users the special needs in german dataprotection requests. Because these was defently an very complicated theme :slight_smile:
I try to find some other german users for these theme in the german speaking Piwik Group in the business Network XING, but we have in these group actual not enough users to get a “real discussion”.
you can find it under xing.com/ and then search for Piwik.


(holch) #4

Well, as said before, the text of the privacy policy (Datenschutzbestimmungen) depends very much on your website and can’t be answered with a simple standard text. Depending on the services you offer, the way how you and your website / web analytics tool handles data, it all has an influence on what you need to have in your privacy policy document.

Depending on you website it really makes sense to contact a lawyer specialized in this field. A normal “Datenschutzbestimmungen”-Text shouldn’t be too expensive.

However, if you want to risk it, you can always get the text from big cooperations and adapt it to your needs. Not 100%, but what is 100% save? :wink:

www.agbvorlage.de/ebay/vorlagen/61-vorlage-datenschutzbestimmungen-personenbezogene-daten

www.bfdi.bund.de
www.datenschutz.de/

EDIT: I don’t get why links are not allowed here. Yes, there are spammers out there, but come on! this is the internet! Links are vital.


(Burkhard) #5

Besides the nature of your site, there is another important question relevant to german law: What data do you collect at all? German Datenschutz only deals with certain(!) data related or relatable to “natural persons” (as opposed to “legal persons” = organisations).

To the best of my knowledge, the data that piwik collects (IP, timestamp, OS & browser versions, screen size etc) is not “person-related/relatable” (legally … technically it may well be) but you better ask a lawyer or at least browse the web for this.

Consider masking the visitor IP (can be done somewhere in /config as of v0.5.5).

But… is your site in an intranet? Do your users have to log in? Do they have to pay for the services? One “yes” to any of these (any maybe other) questions changes all.

Like the man said: There’s no general answer to your question.


(Karlsson) #6

it really makes sense to contact a lawyer specialized in this field

Don´t trust a lawyer, I´ve seen much lawyer AGB which where crap.

Ask your question at:

http://www.sellerforum.de/index.php

(REBEL freestyle) #7

tnx for the links, i try to see what was adaptable style_emoticons/<#EMO_DIR#>/smile.gif

I think we have for Usage of Piwik one important open point related to the statements of the German “Datenschutzbeauftragten” (lfd.m-v.de/dschutz/beschlue/Analyse.pdf please add the www. ).
With the anonymizer Plugin was the request for hide the IP-Adress fixed, but the other request was to give a user a chance to disable the tracking in an easy way.
In eTracker f.e. was it possible to disable it over an specific cookie.

As i understand the new feature in piwik 0.6.1. “Exclude your visits via a cookie” these was the right direction, it must know only create a way from handle these in setting of backend to frontend, f.e. in an special link in data-protection statement.
Then we have with piwik a situation very near to statetment of “Datenschutzbeauftragte” and as it was from eTracker.


(Burkhard) #8

I agree that privacy and control over the use of data relatable to yourself are important values that should be better protected than is the case today in many areas of the world and of the web. I disagree though to apply this to mere counting (if it is just counting).

Imagine somebody in the inner city wants to count shoppers but asks everybody for their passport: Not ok! But if that person just marks: one, two, three … where’s the problem? Why hold up a sign over your head saying “Please don’t count me”? There goes your anonymity (is that an english word?), too.

The “don’t count me” cookie as I understand it is meant for administrators and test robots so they don’t contaminate the scores.

I think Piwik is on the right track concerning user privacy. Maybe more person-relatable information should be maskable, I don’t know. Maybe security issues should be considered … someone hacking a piwik server can do funny things if he or she replaces piwik.js with something malevolent…


(Karlsson) #9

don´t panic:

http://direktzu.de/aigner/messages/25050

(Karlsson) #10

someone hacking a piwik server can do funny things if he or she replaces piwik.js with something malevolent…

This is also possible, when a server without Piwik is hacked.


(REBEL freestyle) #11

[quote=Karlsson @ May 14 2010, 07:55 AM]don´t panic:

http://direktzu.de/aigner/messages/25050

[/quote]

That the correct handling of the “own” created laws was not so easy, you can also these at these sample :-))

www.spiegel.de/netzwelt/netzpolitik/0,1518,678226,00.html

(Burkhard) #12

yeah running an internet presence gets you almost certainly into trouble with “Abmahnanwälten”. Abmahnungen should be prohibited, at least if the come with an invoice for legal fees. Money, time and nerves gone even if you prevail. Next thing you know is someone patents a blank white background…

@Karlsson: Of course you are right. Was just a thought that came up while writing. Forget it :-))


(pwU) #13

[quote=Burkhard @ May 14 2010, 08:52 AM]I agree that privacy and control over the use of data relatable to yourself are important values that should be better protected than is the case today in many areas of the world and of the web. I disagree though to apply this to mere counting (if it is just counting).

Imagine somebody in the inner city wants to count shoppers but asks everybody for their passport: Not ok! But if that person just marks: one, two, three … where’s the problem? Why hold up a sign over your head saying “Please don’t count me”? There goes your anonymity (is that an english word?), too.

The “don’t count me” cookie as I understand it is meant for administrators and test robots so they don’t contaminate the scores.[/quote]

If you have a look at

www.datenschutzzentrum.de/ip-adressen/

(a site managed by a German center for data protection/privacy), it is required in Germany to have the possibility for EVERY user to disable counting/creating user profiles. This may be done by a “don’t count me” cookie like it does, e.g., etracker.

So I would suggest to integrate those cookies as a feature for normal website users and also document this feature in the piwik documentation. If any help is needed regarding this issue, I am happy to help!

Regards,

pwU


(Burkhard) #14

Hi PwU
Again: I am a strong supporter of data protection and internet privacy, no matter who is violating them. And yes, the agency that you link to is being trustworthy and their word has weight in that field in Germany.

But the page you link to mainly deals with service/hosting providers and law enforcment. By the way, you will have noticed that our highest criminal court recently has limited the power of evidence of an IP address/timestamp log (IP-Adressen nur mit sicherem Routing eindeutig | iX)

What I am saying is that the privacy issue does not primarily concern us bloggers, forum moderators or shop owners etc. - it does, but not primarily. What good does an application-related don’t-count-me-cookie do if I, the admin of a piwik-armed application, do not record IP adresses by design while the webserver (Apache, IIS etc) does, cookie or not? Have you ever seen one website that has asked you: Hi, I am Apache. I am delivering the forum pages that you are accessing right now. Do you want me to mask out your IP address from my logfiles?

Cheers,
Burkhard


(pwU) #15

[quote=Burkhard @ May 17 2010, 10:36 AM]What I am saying is that the privacy issue does not primarily concern us bloggers, forum moderators or shop owners etc. - it does, but not primarily. What good does an application-related don’t-count-me-cookie do if I, the admin of a piwik-armed application, do not record IP adresses by design while the webserver (Apache, IIS etc) does, cookie or not? Have you ever seen one website that has asked you: Hi, I am Apache. I am delivering the forum pages that you are accessing right now. Do you want me to mask out your IP address from my logfiles?

Cheers,
Burkhard[/quote]

Hi Burkhard,

I completely agree with you! But there are providers - at least in Germany - where you can select if the webserver shall anonymize the log files. At least Hosteurope offers such a feature - the question is of course if they only provide the anonymized version to you or if they don’t store the IP addresses at all…

Nevertheless, to support cautious webmasters, I would encourage the integration of the don’t-count-me-cookie for everybody. So if there’s anybody who can tell me what to do to push this issue, please let me know!

Cheers,

pwU