Description
Data privacy is a topic of great relevance to all areas of society. Most recently, the
General Data Protection Regulation, which came into force in 2018, has significantly
impacted global data privacy. This thesis aims to provide a general overview of potential
data privacy issues within the network of the Technical University of Munich. To this
end, a domain set was compiled by analyzing the certificate transparency logs. We
later accessed these domains in a browser and scraped the resulting websites. We then
analyzed the data obtained for specific potential data privacy issues. For example, the
analysis investigated missing privacy policies, fonts integrated from external sources,
cookies set by default, and integrated photos of individuals. The evaluation shows that
there are potential privacy issues on a significant number of the websites visited. To
avoid the risk of being charged with a data privacy violation, it is advisable to carry
out regular network scans to identify potential privacy issues in good time. Performing
such regular scans allows website operators to check possible problems promptly, stop
unlawful data processing, and thus minimize damage. The network scan can also be
helpful for other networks, as the potential privacy issues are generally no different
from those at a public university. However, there are more possible legal bases on
which data processing can be justified. As such, more of the indicated privacy issues
might be lawful than compared to public bodies.
|
