● 39 entries
Privacy & Data Protection
- Attribution Reporting APIA Privacy Sandbox API in Chrome and Android that lets advertisers measure ad conversions across sites without cross-site identifiers, using browser-mediated, noise-injected event-level or aggregated reports.
- Browser FingerprintingA stateless tracking technique that identifies a user by combining browser, device, and configuration attributes into a near-unique signature.
- Canvas FingerprintingA browser-fingerprinting technique that exploits subtle GPU and font rendering differences when drawing on an HTML canvas to identify a device.
- Consent ManagementThe processes and tooling used to collect, record, refresh, and honor user permissions for processing personal data and setting cookies, in line with privacy law.
- Cross-Site TrackingThe practice of linking a user's activity across multiple unrelated websites to build a long-lived behavioural profile.
- Dark PatternsDeceptive user-interface designs that nudge or trick users into actions against their interest — over-broad consent, hidden cancellations, sneak-in opt-ins — increasingly regulated under GDPR Article 5, the EU DSA, and U.S. FTC Click-to-Cancel rules.
- Data AnonymizationIrreversibly transforming personal data so that no individual can be identified, directly or indirectly, even when combined with other available information.
- Data BrokerA business that aggregates personal data about consumers from public, commercial, and observed sources and sells it onward — increasingly regulated under California's Delete Act, U.S. state data-broker registries, EU privacy law, and CFPB Section 1033 rules.
- Data ClassificationThe process of labeling data by sensitivity and value so that the right protection, handling, and retention controls can be applied consistently.
- Data Loss Prevention (DLP)A set of technologies and policies that detect and block unauthorized exfiltration of sensitive data across endpoints, networks, email, and cloud services.
- Data MaskingReplacing sensitive data with realistic but fictitious values so that downstream users, applications, or environments can use the data without exposing the originals.
- Data MinimizationA privacy principle requiring organizations to collect, process, and retain only the personal data that is strictly necessary for a defined, lawful purpose.
- Data ResidencyThe requirement that data is physically stored and, in some interpretations, processed within a specific country or region, often driven by contracts, customer demands, or sector regulation.
- Data RetentionThe policies and controls that define how long different categories of data are kept and when they are securely deleted, archived, or anonymized.
- Data SovereigntyThe principle that data is subject to the laws and governance structures of the country in which it is collected, stored, or processed, regardless of where the provider is headquartered.
- Data Subject Access Request (DSAR)A formal request from an individual to a controller asking which of their personal data is being processed and obtaining a copy of it, as guaranteed by GDPR Article 15 and similar laws.
- Differential PrivacyA mathematical framework that quantifies privacy loss when releasing statistics or training models, by adding calibrated noise so any single individual's contribution is provably bounded.
- DNS LeakA privacy failure in which DNS queries bypass a VPN or Tor tunnel and are sent to the user's ISP or default resolver in cleartext.
- Global Privacy Control (GPC)A browser-level signal — an HTTP header and a JavaScript property — by which a user expresses a 'do not sell or share' opt-out, given binding legal force in California (CCPA/CPRA) and Colorado (CPA) regulations.
- IAB TCF (Transparency and Consent Framework)The Interactive Advertising Bureau Europe's framework for capturing, encoding, and propagating user consent for advertising and analytics data uses under GDPR — controversial, partly invalidated by Belgian DPA in 2022, then revised as TCF v2.2.
- k-AnonymityA privacy model proposed by Latanya Sweeney that requires every record in a dataset to be indistinguishable from at least k-1 others based on its quasi-identifiers.
- l-DiversityAn extension of k-anonymity introduced by Machanavajjhala et al. that requires each equivalence class to contain at least l well-represented values for every sensitive attribute.
- Mass SurveillanceThe bulk, indiscriminate monitoring of a population's communications, locations, and online activity by governments or large private actors.
- Personally Identifiable Information (PII)Any data that can identify a specific individual on its own or when combined with other information, such as names, identifiers, or biometric records.
- Privacy by DesignAn engineering and governance approach that embeds privacy considerations into systems, processes, and defaults from the earliest design stages rather than bolting them on later.
- Privacy Impact Assessment (PIA)A structured process to identify, evaluate, and mitigate privacy risks of a system, project, or data-processing activity before it goes live.
- Privacy SandboxGoogle's umbrella initiative for replacing third-party cookies and cross-site identifiers with privacy-preserving alternatives — Topics, Protected Audience (FLEDGE), Attribution Reporting, and on-device APIs — under heavy regulatory and competitor scrutiny.
- PseudonymizationA technique that replaces direct identifiers in personal data with reversible aliases, so that the data can no longer be attributed to an individual without additional, separately kept information.
- Right of Data PortabilityThe GDPR right of a data subject to receive their personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
- Right of RectificationThe GDPR right of a data subject to obtain from the controller, without undue delay, the correction of inaccurate or incomplete personal data concerning them.
- Right to Be ForgottenThe right of an individual to obtain the erasure of personal data concerning them when there is no overriding legal reason to keep processing it, under GDPR Article 17.
- SupercookieA persistent tracking identifier stored outside normal cookie storage, designed to survive cookie clearing and private-browsing mode.
- t-ClosenessA privacy model by Li, Li, and Venkatasubramanian that strengthens l-diversity by limiting how far the distribution of a sensitive attribute in any class differs from its global distribution.
- Third-Party CookieA cookie set by a domain different from the one in the browser's address bar, historically used to track users across websites.
- Tokenization (Privacy)Replacing sensitive data values with non-sensitive tokens that have no exploitable meaning outside a controlled token vault, reducing the scope of personal or regulated data.
- Topics APIA Privacy Sandbox API in Chrome and Android that derives a small set of high-level interest topics from the user's recent browsing locally on the device, exposing them to participating sites instead of cross-site tracking identifiers.
- Tracking PixelA tiny, often 1x1 transparent image or beacon embedded in a web page or email to silently record opens, visits, and other user events.
- VPN LeakA failure of a VPN tunnel that lets identifying traffic — IP, DNS, IPv6, or WebRTC — escape outside the encrypted channel.
- WebRTC IP LeakA browser-side leak in which WebRTC's STUN/ICE machinery exposes a user's real local and public IP addresses, even when a VPN or proxy is active.