End to End Encryption on Website

Created with Sketch.

End to End Encryption on Website

Part of the data protection duties for any controller owning a website is to ensure the security of the electronic transmissions and the personal data of their visitors.

One way of tracking visitors is by first party cookies or allowing third party cookies to access visitors data. As an illustration, many websites use Google Analytics, or a Facebook ‘Like’ button, etc… These allow the parties to track users web browsing even outside the website itself, in order to fingerprint, track, profile ad target them. Our personal data have monetary values and are aggressively monetised. Ad Tech is a huge, wealthy industry.

Since Privacy Shield invalidation by the European Court of Justice in the so-called Schrems-II decision, US corporations, especially the Electronic Communication Providers (ECP) have no legitimate basis to transfer data outside the EU/EEA. Therefore, any website owner using Google Analytics or other US ECP enabled to access their visitors’ data, are considered co-controller and as such liable for the unlawful data transfers.

A second security issue you can find on some websites is their lack of end to end encryption or E2EE allowing access to data during electronic transmissions. Google Chrome web browser has been labelling such websites of ‘Not secure’ that you can spot at the top bar of your web browser. Other web browsers would omit to display the lock next to the URL as a sign the website is lacking security.

Shamefully, this exact website we are using has been recently, every now and on, missing the SSL certificate for E2EE. This website is hosted by Godaddy for the last few months. Godaddy does not allow the use of the free letsencrypt certificate, they sell their own SSL certificate which sadly has shown to be un-reliable.

However, we want to reassure you, we do not collect any personal data. We do not place any first party cookies. We do not use any kind of analytics. We only use a Google font. We are constantly working to make this website as secure as compliant as possible. If you notice anything suspicious, do contact us at data@datarainbow.eu We are looking for web developers, with coding skills to build a website without any template or tracking Java Script or cookies.

Meanwhile, our apologies if momentarily you see a ‘Not Secure’ sign.