GDPR and Personal Data
Personal data (any user data that could be linked directly or indirectly to a specific individual) can be found anywhere on a web page, in editorial content such as text or in links and URLs.
This personal data could be inadvertently exposed through Error and Network details, and as our solution is not intended to collect such data, such unnecessary collection shall be prevented with the right mechanisms provided by our solution.
Personal data in Network requests
Network requests URLs are collected for both Network details and API errors. We only collect the domain and path for these URLs (not the parameters), however in some situations, those URLs could contain some personal data or sensitive information. You should therefore ensure that you have the proper measures in place to prevent the unnecessary collection of such data by using the mechanisms provided below.
Example of personal data in an API error report
In the API errors report the URL displayed 'https//…' is the URL of the destination of the request.
Sometimes, the request URL contains personal data as a way to embed the parameters in order to fetch the accurate data. If an API error is cast and tracked, and the URL contains personal data, then it will be displayed in the error report.
Example of personal data in Network details
How to mask personal data in Network requests
Selectively mask the request URLs (collected for API errors and Network details) using either one of the following methods:
- Set up masking rules in the Contentsquare Tag Configurator (CSTC) using the Network requests - mask URLs template
- Use the dedicated tag command to mask URLs directly in your website’s code
Personal data in additional API error details
If you’re collecting additional rules for API error troubleshooting, personal data could also be present in the header and body content that can be collected un-encrypted. This information can be exposed in the error details in Error Analysis and through the troubleshooting details in Session Replay. You should either avoid collecting such un-encrypted information (unless you’re certain no unnecessary personal data is present) or use the encryption method (linked below).
How to encrypt personal data for additional API error details
When collecting additional information for API error troubleshooting details, all collected data must be encrypted following the steps below: