. MEANING
Device fingerprinting, also known as machine, canvas, or browser fingerprinting, is the method of identifying a device (or browser) by its particular and distinctive configuration. Device fingerprints must be saved server-side, that is, in a database, as opposed to web cookies, which are stored client-side, that is, on the user’s device. Know more about device fingerprint platform
-
WHAT INFORMATION IS COLLECTED TO CREATE DEVICE FINGERPRINTING?
Device-fingerprinting services combine several data pieces to establish fingerprints:
- URL request headers for IP addresses
- String user agent
- Plugins installed
- Time zone of the client
- Details about the client device, including operating system, language, touch capability, and screen resolution
- A Flash plugin provides the Flash data.
- List of typefaces that are installed
- Data in Silverlight
- Enumeration of mime types
- Moment in time
-
HOW DOES DEVICE FINGERPRINTING WORK?
The process of determining a device fingerprint starts upon a user’s website visit. All pertinent device data is gathered by the device fingerprint tracker, which is usually a JavaScript component (browser version/type, OS, etc.). Similar to this, companies that offer device fingerprinting compile information such as the aforementioned points. After that, they give it a distinct fingerprint or hash. Utilizing this in conjunction with cookies or other identifiers significantly increases the precision of the tracking and attribution.
The computational burden of computing the hash and keeping all the related data is the drawback. By connecting the “person” to other fingerprints (i.e., devices) and recognizing patterns of related fingerprints originating from a common source, device fingerprints may also be enhanced.
-
IMPACT GDPR HAS ON DEVICE FINGERPRINTING
The idea is that these details are personal and may be utilized to directly or indirectly identify a person.
Any information that may be used to identify an individual is considered personal data under the GDPR. It is not about figuring out who someone is; rather, it is about being able to recognize an individual, like recurring users of a website. According to this concept, personal data includes things like cookies and device fingerprinting.
However, GDPR does not specifically address device fingerprinting and is technology-neutral. Any information linked to an identified or identifiable natural person utilizing online identifiers such as cookies, device IDs, and IP addresses is defined as personal data under Article 4 of the GDPR.
-
CAN DEVICE FINGERPRINTING BE LEGAL UNDER GDPR?
Only one of the six permissible bases—legitimate interest or permission, for example—must be satisfied for processing personal data by GDPR.
Data subjects’ rights and freedoms must not be superseded by the legitimate interests of the data controller for the processing of data to be done based on legitimate interests.
Thus, in the context of device fingerprinting, reliance on genuine interest will probably be limited to exceptional circumstances like identity theft or fraud protection.
-
CONCLUSION
New technologies like device fingerprinting, which rely on static, unchangeable information, will power digital advertising as cookies become less and less effective at identifying online users. However, they will also face several challenges from new privacy regulations like the GDPR.
Comments