{"id":617,"date":"2020-03-03T15:59:13","date_gmt":"2020-03-03T15:59:13","guid":{"rendered":"https:\/\/i-spark.nl\/uncategorized\/zo-voorkom-je-de-verwerking-van-persoonsgegevens-deel-1-2-toolonafhankelijk-blacklisten-en-whitelisten\/"},"modified":"2026-01-02T11:18:17","modified_gmt":"2026-01-02T11:18:17","slug":"this-is-how-you-prevent-the-processing-of-personal-data-part-1-2-tool-independent-blacklists-and-whitelists","status":"publish","type":"post","link":"https:\/\/i-spark.nl\/en\/blog\/this-is-how-you-prevent-the-processing-of-personal-data-part-1-2-tool-independent-blacklists-and-whitelists\/","title":{"rendered":"How to prevent the processing of personal data (part 1\/2)"},"content":{"rendered":"

Published by Marketingfacts<\/em><\/a><\/p>\n

Read part 2 here<\/a>!<\/strong><\/p>\n

Tool-independent blacklists and whitelists<\/h2>\n

Since 25 May 2019, the General Data Protection Regulation (AVG) applies. Within the AVG, a broad definition is used for the concept of ‘personal data’, namely ‘all information relating to an identified or identifiable natural person’. This refers to data that directly relates to a person, or data that, in combination with other data, can be traced back to this person.\u00a0<\/span><\/p>\n

Personal data may only be processed for the purpose for which it was obtained. This is called ‘purpose limitation’. In order to prevent organizations from collecting personal data without being able to justify this properly, they must implement the principles of privacy by design and privacy by default. Privacy by design means that an organization ensures that personal data is properly protected when designing products and services. Privacy by default means that an organization must take technical and organizational measures to ensure that, as a standard, it only processes personal data that is necessary for the specific purpose it wants to achieve. This means, for example, that it is not permitted to ask for more data than is necessary to subscribe to a newsletter.<\/span><\/p>\n

There is a chance, however, that you may process personal data unlawfully, without you being aware of this. For example, you use tools or scripts on your website that measure which URL a visitor is on. This URL can contain an email address, for example, if the customer visits your website via a customer e-mail.\u00a0<\/span><\/p>\n

In this two-part blog, I would therefore like to show you what measures you can take to prevent the unintentional collection and processing of personal data on your website as much as possible. In doing so, personal data is overwritten, not deleted – so if certain data is collected unintentionally, you can easily recognize it and trace its source.\u00a0\u00a0<\/span><\/p>\n

In part 1, I introduce the ‘PII prevention matrix’ and show you how you can use Google Tag Manager to blacklist and whitelist personal data in a tool-independent way – i.e. not for every script or tool again, but only once for all scripts and tools. The developed measures are intended for technical web analysts who do not shy away from using Google Tag Manager and JavaScript. I also use regular expressions (regex) to describe patterns.<\/span><\/p>\n

The PII-prevention matrix<\/b><\/h3>\n

I classify the measures you can take to prevent the processing of personal data according to two classifications. Together, they form a matrix which I call the PII prevention matrix – here the abbreviation PII refers to the term ‘Personal Identifiable Information’, which is more or less equivalent to the term ‘personal data’. The classifications are: <\/span><\/p>\n

1) Tool-independent vs. tool-dependent.<\/b><\/p>\n

In a tool-independent solution, the personal data must be replaced for each new tool. The order in which different events take place is as follows:\u00a0<\/span><\/p>\n

    \n
  1. Data, such as a URL become available<\/span><\/li>\n
  2. Scripts and\/or tools are loaded<\/span><\/li>\n
  3. Each script and\/or tool replaces the personal data<\/span><\/li>\n
  4. Each script and\/or tool processes the data that has been stripped of personal data<\/span><\/li>\n<\/ol>\n

    Because the tool-dependent solution requires step III to be performed several times, this is rather inefficient. In addition, some scripts and\/or tools do not even offer the possibility to edit data such as URLs before they are actually processed by the scripts and\/or tools. The tool-independent solution offers a solution for this. With a tool-independent solution, the solution is tool-transcending and therefore only needs to be applied once. The sequence in which various events take place is as follows:\u00a0<\/span><\/p>\n

      \n
    1. Data such as a URL becomes available<\/span><\/li>\n
    2. Any personal data within the available data will be replaced<\/span><\/li>\n
    3. Scripts and\/or tools are loaded<\/span><\/li>\n
    4. Each script and\/or tool processes the data that has been stripped of personal data\u00a0<\/span><\/li>\n<\/ol>\n

      2) blacklisting vs. whitelisting<\/b><\/p>\n

      With blacklisting, you define a list of data that may not be processed. Is a certain data not on the blacklist? Then it may be processed. Whitelists work the other way around: you define a list of data that can be processed. A particular item of data may only be processed if it is on the list. This makes whitelists stricter than blacklists.<\/span><\/p>\n

      The classifications above result in a quadrant of 4 solutions to prevent the processing of personal data:<\/span><\/p>\n\n\n\n\n\n
      \u00a0<\/span><\/td>\nBlacklisting<\/span><\/td>\nWhitelisting<\/span><\/td>\n<\/tr>\n
      Toolindependent<\/span><\/td>\nCurrent blog<\/span><\/td>\nCurrent blog<\/span><\/td>\n<\/tr>\n
      Tooldependent<\/span><\/td>\nPart 2\/2<\/span><\/td>\nPart 2\/2<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n


      In the rest of this blog, I will go deeper into the tool-independent blacklisting and whitelisting of personal data using Google Tag Manager. In the next blo,g I will show you how to apply blacklisting and whitelisting on Google Analytics.
      <\/span><\/p>\n

      Replacing tool-independent personal data<\/b><\/h3>\n

      Since most scripts on a page have access to the metadata of a web page – think of the URL and page title – especially these data are suitable to protect personal data in a tool-independent way. This means: before the data is available for other scripts. It regularly happens that this metadata, intentionally or unintentionally, contain personal data. Think, for example, of an e-mail address that is sent as a query parameter on the destination page of a client e-mail. Or a postal code that is sent as a query parameter from a comparison site.<\/span><\/p>\n

      Tool-independent blacklisting – how do I do that?<\/b><\/p>\n

      With the solution of tool-independent blacklisting, you specify the regular expressions with which personal data must comply (the blacklist). Next, you check whether these patterns occur in the data you want to process. If this is the case, you replace the substrings that meet these patterns. You do this before the data is processed by other scripts (tool-independent).<\/span><\/p>\n

      As an illustration, I would like to show you how to replace the URL parameter “foo” and\/or “bar” with “[REDACTED]” and e-mail addresses with “[REDACTED EMAIL]”. The URL \u201c<\/span>https:\/\/www.domein.nl?foo=waarde&bar=waarde&email=siemon@i-spark.nl<\/span>&foobar=waarde\u201d then becomes \u201c<\/span>https:\/\/www.domein.nl?foo=[REDACTED]&bar=[REDACTED]&email=[REDACTED_EMAIL<\/span>]&foobar=waarde\u201d. Below I explain step by step how you can achieve this using Google Tag Manager:<\/span><\/p>\n

        \n
      1. Define your blacklist.<\/b><\/li>\n<\/ol>\n
          \n
        • Create a new variable of the type “Custom JavaScript macro” and call it “PII”. See the example below.<\/span><\/li>\n
        • Within the new variable, define an array containing an object for each type of personal data. In our example, two types of personal data are involved, namely blacklisted parameters and e-mail addresses.<\/span><\/li>\n
        • Give the objects you defined for each type of personal data 3 keys: ‘name’, ‘regex’ and ‘replacement’. For the name key, enter a string describing the type of personal data. This is especially useful for yourself. For the regex key, enter the regular expression with which the type of personal data complies. For the replacement key, enter the string with which the personal data must be replaced.\u00a0<\/span><\/li>\n
        • Return the defined array. <\/span><\/li>\n<\/ul>\n\n\n\n
          function(){<\/span>\u00a0<\/span> var piiRegex = [{<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span> \u00a0 \u00a0 name: ‘BLACKLISTED PARAMETER’,<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span> \u00a0 \u00a0 regex: \/[?&](foo|bar)=([^&$#]+)\/gi,<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span> \u00a0 \u00a0 replacement: “[REDACTED]”<\/span>\u00a0<\/span> },{<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span> \u00a0 \u00a0 name: ‘EMAIL’,<\/span>\n

          \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span> \u00a0 \u00a0 regex:\u00a0 \u00a0 \/(([a-zA-Z0-9_\\-\\.]+)(@|%40)([a-zA-Z0-9_\\-\\.]+)\\.([a-zA-Z]{2,5}))\/gi,<\/span><\/p>\n

          \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span> \u00a0 \u00a0 replacement: “[REDACTED_EMAIL]”<\/span><\/p>\n

          \u00a0<\/span> }];<\/span><\/p>\n

          \u00a0<\/span><\/p>\n

          \u00a0<\/span> return piiRegex;<\/span><\/p>\n

          }<\/span><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

          \u00a0<\/span><\/p>\n

            \n
          1. Create a new function that replaces personal data.<\/b><\/li>\n<\/ol>\n
              \n
            • Create a new variable of the type ‘Custom JavaScript macro’ and call it ‘return editorData function’. Use the JavaScript below.<\/span><\/li>\n<\/ul>\n
                \n
              • The variable returns a function with 2 parameters: the 1st parameter is a data string, the 2nd parameter is the previously defined blacklist we called “PII”. For each of the defined personal data in the blacklist, the function checks if the regular expression occurs in the data string until there is a match. At that moment, the personal data is replaced by the corresponding value of the replacement key, and the function returns the data string, where the personal data is replaced.<\/span><\/li>\n<\/ul>\n
                  \n
                • By placing the function in a separate variable, you can always call it from any tag. Suppose you read the values of form fields and want to send them to Google Analytics. In order to spare this data from personal data before sending it to Google Analytics, you can call the newly defined function from a tag. To do so, give the data string and the defined blacklist “PII” as arguments. This will then look like this:\u00a0<\/span><\/li>\n<\/ul>\n

                  {{return redactData function}}(datastring, {{PII}})<\/span><\/p>\n

                  \u00a0<\/span><\/p>\n\n\n\n
                  function(){<\/span>\u00a0\u00a0return function(data, PII){<\/span>\u00a0\u00a0\u00a0\u00a0for (var i = 0; i < PII.length; i++){<\/span>\u00a0\u00a0<\/span> data = data.replace(PII[i].regex, PII[i].replacement);<\/span>};<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0return data;<\/span>\u00a0\u00a0}<\/span>\n

                  }<\/span><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

                    \n
                  1. Create a tag that replaces personal data.<\/b><\/li>\n<\/ol>\n