Namogoo launches service to track personal data leakage through third parties

Illustration of external services by Namogoo

There’s a hidden problem with managing personal data.

It’s that the keepers of the data aren’t just websites and apps, but the dozens — sometimes hundreds — of third-party services that also handle the data to target and track ads, manage tags, present content, provide embedded social functions and so on. And those services sometimes have their own subcontractors, who act as fourth-party services.

To help address this hidden ecosystem, Boston-based Namogoo is today launching a new service. Called GDPR Insights, it tells websites which services are running in the background, which ones are collecting and sharing personal data, what data is being sent to remote servers, the impact of that collection/sharing on site performance and so on.

The General Data Privacy Regulation (GDPR) launched in late May, and it requires sites to acquire consent for collected or shared personal data from European Union citizens. Under GDPR, publishers share responsibility for what contracted services collect and share on their sites.

Compliance and verification service The Media Trust, for instance, has said that GDPR will show publishers that they “have to be afraid of their own assets,” including the many outside services involved on their sites.

And anti-ad-blocking solutions provider PageFair contends that it is simply not possible for publishers to control this kind of data leakage to outside services.

Although Namogoo describes the collected data as PII, or personally identifiable information, it means “personal data” as used by GDPR.

Although both terms are somewhat flexible, PII is a term often used by US vendors to mean name, address, Social Security number, phone number and a few other confidential pieces of info. Personal data, on the other hand, includes PII but also can include IP address, browsing history and other non-confidential data that, when put together, could identify a single individual.

GDPR Insights is available in a freemium version, co-founder and CTO Ohad Greenshpan told me, but that version utilizes a crawler to provide an initial assessment. (In the registration form, your email needs to have the same domain as the site you’re asking the free service to scan.) The fee-required premium service requires that a JavaScript tag be placed in the site header or in the body of each page, which he said is much more accurate.

The premium service determines what data is stored in cookies, is collected/shared in the browser or is sent to remote servers. Here’s a typical screen:

The company, founded in 2014, also offers other products, including Customer Hijacking Prevention, a service that prevents extensions and logins from presenting competitors’ ads to your visitors. Greenshpan said that, to his knowledge, no one else offers a scan of personal data collection/sharing by external services that utilizes a JavaScript tag.