Lecture: Data protection for websites made simple

What to keep in mind when we're building infrastructures

We asked ourselves whether people who visit the websites of their municipalities have an obligation to report that they seek public information to a bunch of companies and external parties. We concluded that no, that doesn't make sense, and embarked on a mission to make it simple to build websites that don't require such tracking.

Dataskydd.NET is a Swedish organisation registered in 2015. Prior to official registration Dataskydd.NET has been the only Swedish language website posting continuous updates on the European data protection reform since autumn 2012. Dataskydd.NET works to promote data protection and privacy in law, as well as in technologies.

Since autumn 2014, Dataskydd.NET has a particular focus on municipal level involvement in data protection law and technologies. While the results of our original running through of municipal websites is anything but encouraging, there are some notable challenges:

- Even municipalities that are willing to make privacy-preserving investments are unable to get clear advise on what the law says, and how it is means to be applied, from government authorities.
- A non-zero number of municipalities have implemented proper privacy-protections against third-party disclosure of website visitor behaviour, in spite of poor advise from the government.
- There is a substantial lack of guidance for municipalities that want to take a step in the right direction, and a lot of commercial efforts to get municipalities to take steps in the wrong direction.

We will present our "privacy protecting municipal websites" project at FSCONS 2015, including:

- our ready-made handbook with ideological and technical advice to municipalities.
- our tools for monitoring website privacy compliance in Sweden.
- simple principles for web developers to keep in mind when they are interacting with clients and the world.

Privacy defeatism is no longer sexy - it's time to put in that extra sweat that makes it possible for everyone to enjoy data privacy even as they're browsing the web. We will present why this is both simple and achievable.