Skip to main content

Who Is Responsible for Online Privacy?

Online privacy: me or we?

by Jenica Woitowicz
published on October 4, 2021
Three people are seen from above. They are seated and sharing a computer. Their heads and faces are not visible, but you can see their arms pointing at the computer screen.

We are increasingly aware that online privacy is an illusion in many cases. After a stream of privacy investigations, publicized data breaches, and insider leaks, our trust in Big Tech’s ethics and security practices is plummeting. Governments have tried to address the issue (see the European Union’s GDPR provisions), and the Tech Giants have vowed to clean up their acts. Most efforts appear to have fallen short. In the midst of it all, average online visitors try to cope by throwing up their hands in defeat or opting out of mainstream digital life entirely. Most of us fall somewhere in the middle and are frustrated by it all.

The issues involved in online privacy are complicated, and placing responsibility for protecting personal data solely on the individual web visitor is unrealistic and misplaced. The one thing most of us can agree upon is that personal data must be protected. So, as an organization with a website, are you responsible for protecting your visitors’ privacy? Is your web developer or site host the one who needs to step up? From my perspective, we can all take steps to do better and to be more responsible when it comes to protecting the collection of personal data.

Okay, so what is personal data? 

It’s a great question, and the answer can get pretty broad. The regulations behind GDPR define personal data as any information related to an identified or identifiable person, which leads to many many possibilities! There are the usual suspects like your name, email, IP address, credit card information, location, and so on. But it can also include items like biometric data, site tracking data, and search terms that you used on the site. Basically, any information that can be traced to a person is personal data.

What are your web developers doing to protect online privacy?

Web developers collaborate with designers to build a functional website, and, ideally, they should ask hard questions about how your site will protect the data it collects.

Web developers who are mindful of privacy can avert issues before they write one line of code. The goal is to build the best experience without sacrificing the site user’s privacy.

Do you need to track a user’s mouse across your website? Are you ensuring consent when collecting the name and location of people on your site?

At Mangrove, we try to model good data protection on our own website. For example, we decided not to place cookies on your browser as most other sites do.  We’ve also stopped using the standard website tool Google Analytics to monitor our website’s performance in favour of the streamlined and privacy-focused Fathom Analytics. It’s not uncommon for web analytics tools to track each visitor’s path around a website, as well as their geographic location, the device they’re using, and how long they remain on a web page. Fathom prioritizes privacy by providing excellent data without tracking users this way.

Less data collection means better privacy

If you don’t need the data, don’t collect it. Plain and simple. While marketing personalization is all the rage, collecting any personal information tied to a website user means you need to design and develop systems and resources to protect it. Do you really need user IP addresses, a record of every sales conversion, and indefinitely track users?

If there are times you need to collect personal information, ask how long you need to retain it to meet your goals. Say that you need to gather site visitor emails to send them an event invite; how long do you need to keep that data before you can wipe it from your system? How long is long enough to get the data you need to inform your next steps?

Take the advice of your developers. You’re paying them to be the experts, so listen to them if they suggest a pop-up cookie bar or offer new ways of storing data. It’s up to them to bring their knowledge to you.

If you’re worried about a breach of your data, the Have I been Pwned? site allows you to check. Whether it’s personal data or organizational privacy, it’s essential to find out what information was shared with the web and take the appropriate action to resolve it.

If you found this post helpful, consider subscribing to our newsletter for monthly updates and posts about digital design and development.

A Certified B Corp, Mangrove is a woman-owned website design and development company with a diverse, talented team distributed around the globe. We’ve been building websites since 2009 that amplify the work of change-making organizations and increase the competitive power of businesses owned by historically marginalized people.

If you found this post helpful,  subscribe to our monthly newsletter for notice of future posts and other news from us.

Thinking about a project?