Iubenda

Compliance supportContract: analytics/drafting/reviewContract: automated creation
iubenda.com/en
Main research: March 2022

Contents

1. What does it claim to do?
2. Substantiation of claims & potential issues
3. How might the end-user assess effectiveness?
4. What form does it take?
5. Is it currently in use?
6. The creators
7. Jurisdiction
8. License

What does it claim to do?

Iubenda is a platform providing automated generation of privacy policy and terms and conditions documents, as well as cookie banners and preference interfaces. Clients integrate these into their own websites and applications.

Claimed essential features 

• Manage various aspects of compliance from a single dashboard.

“One dashboard to manage your online compliance across multiple countries and legislations [sic]” (Features and benefits; archived) 

This is subject to the qualification that “Content available on iubenda.com and documents generated using the Service are intended for general information purposes only … despite all efforts in offering the best possible service, iubenda cannot guarantee generated documents to be fully compliant with applicable law.” (We help with the legal requirements, so you can focus on the business; archived)

• Generate privacy and cookie policies.

“Customizable from 1600+ clauses, available in 9 languages and automatically updated if the law changes, our generator allows you to create a legal document in minutes and seamlessly integrate it with your website or app.” (Features and benefits; archived) 

“The way the generator works is by adding services which are essentially the clauses that are in your policy … Those include any third-party integrations such as Google Analytics … You can set your preferences to the legislation-specific standard such as the GDPR, CCPA or LGPD, manage languages and activate your cookie policy.” (first video in ‘How to Generate a Privacy Policy’; archived)  

“We’ve added a Site Scanner within the services window of the generator which allows you to quickly inspect your site in real-time and identify which services you need to add to your policy … our scanner … can only scan for technologies that are directly integrated on your pages. You will, therefore, still need to add manually the clauses that relate to data processing practices like newsletter sending.” (How to Generate a Privacy Policy; archived)  

“… your cookie policy will be generated automatically based on the configuration of your privacy policy.” (How to Generate a Cookie Policy for the Cookie Banner; archived)  

“The iubenda Cookie Solution allows you to manage all aspects of the Cookie Law …” (iubenda Cookie Solution – Introduction and Getting Started; archived)

• Generate terms and conditions documents.

“Our Terms & Conditions generator lets you to [sic] easily generate and manage Terms and Conditions that are professional, customizable from over 100 clauses, drafted by an international legal team, available in 8 languages, and up to date with the main international legislations. It is powerful, precise, and capable of handling even the most complex, individual scenarios and customization needs. (first video in ‘How to Generate Terms and Conditions’; archived)

• Manage privacy-related processing and end-user consent.

“Create your record of processing activity: add processing activities from 1600+ pre-made options, divide them by area, assign processors and members, document legal bases and other GDPR-required records.” (The solution to easily document all the data processing activity within your organization; archived)  

“The IPM tool makes the complex task of managing internal privacy a simple and straightforward one. The tool lets you define specific ares of data processing, add processing activities and members involved in the processing to each area and also lets you add all necessary details related to the processing activities. This makes it simple for you to comply with requirements (including but not limited to the GDPR), and track and manage the data you collect, the purposes for collection, all parties involved, company details — including data of employees — and more.” (The solution to easily document all the data processing activity within your organization; archived)  

“The Consent Solution provides … an API” to manage user consent (Consent Solution – Introduction and methods; archived)

Claimed rationale and benefits 

• To automate compliance on an on-going basis across various legislative regimes.

“Attorney-level compliance solutions at the convenience only software can provide” (Features and benefits; archived) 

“We continuously monitor the major legislations [sic] and keep both you and our products up to date” (Features and benefits; archived)

Claimed design choices 

• Integration with third party websites/apps is via an application programming interface (API).
• Documents are delivered via a content delivery network, or cached in the client’s infrastructure.

“Integrate [your Privacy and Cookie Policy] with your site or app by using one of our widgets or by integrating straight into the body via JS [JavaScript] or API. The policy is hosted on our servers so that both you and our international legal team can keep it updated.” (The solution to draft, update and maintain your Privacy and Cookie Policy; archived)  

“The documents are hosted on Akamai, the best content distribution provider you can find in terms of reliability and speed. We also give you the additional option to access documents via our API if you’d like to cache within your own application.” (5 Reasons Why We Host Your Documents; archived)

• Complies with the IAB framework for consent management.

“As a registered Consent Management Platform, we’ve worked hard to ensure that our Cookie Solution integrates seamlessly with and complies with the policies and specifications of this [the IAB TCF] Framework, … giving you … the additional option to easily enable and use it for your website and apps.” (The complete guide to IAB GDPR Framework and iubenda’s Consent Management Platform; archived)

Top

Substantiation of claims & potential issues

• Iubenda’s FULLGLOBAL toolbox offers to help with privacy and data protection laws in the EU, US and Brazilian jurisdictions. Users operating outside those jurisdictions might not appreciate that the law that applies to their operations might impose a different set of requirements.  
• True compliance with the relevant legal provisions may require more than the system is capable of; there is a risk clients consider their compliance obligations to be met simply by using Iubenda’s system.

Iubenda provides little information about the back-end of the system. It appears to be a web application that relies on an :API, HTML, PHP, JavaScript and widgets to integrate content and solutions into a user’s websites or apps.

• It is not clear how the Internal Privacy Management solution is integrated into a customer’s website or app.

• Iubenda has 26 repositories on github. Some of these, such as iubenda-cookie-class, cookie-law-solution-codesnippets and libraries are obviously associated with iubenda’s services.
• The first two are described as a “PHP class for the cookie law solution” and “[c]ode snippets regarding the cookie law solution” respectively.
• No description is provided for “libraries” but the filenames android/com/iubenda/mobile-sdk and ios/IubendaMobileSDK suggest that these are the software development kits referred to in iubenda’s CS for mobile Developer’s Guide (archived).

Resources

• Github: https://github.com/iubenda

Top

How might the end-user assess effectiveness?

Iubenda offers a free trial.

It has a 5-star rating on Capterra based on 133 reviews. (iubenda reviews; archived) and a toolbase score of 8.8 (iubenda;archived).

End-users might refer to the following publications which include reviews/assessments of iubenda:

• Sebastian Zimmeck, Rafael Goldstein and David Baraka, “PrivacyFlash Pro: Automating Privacy Policy Generation for Mobile Apps” 28th Annual Network and Distributed System Security Symposium 2021 https://www.ndss-symposium.org/ndss-paper/privacyflash-pro-automating-privacy-policy-generation-for-mobile-apps/ (archived)

• Yi Ping Sun, Investigating the Effectiveness of Android Privacy Policies (Masters Thesis, University of Toronto https://tspace.library.utoronto.ca/bitstream/1807/89636/3/Sun_Yi_Ping_201806_MAS_thesis.pdf (archived)

• Kamal S., Helal I.M.A., Mazen S.A., Elhennawy S. (2020) Computer-Assisted Audit Tools for IS Auditing. In: Ghalwash A., El Khameesy N., Magdi D., Joshi A. (eds) Internet of Things—Applications and Future. Lecture Notes in Networks and Systems, vol 114. Springer, Singapore

• Célestin Matte, Nataliia Bielova, Cristiana Santos, Do Cookie Banners Respect my Choice? Measuring Legal Compliance of Banners from IAB Europe”s Transparency and Consent Framework arXiv:1911.09964v2

Top

What form does it take?

Form

Application, Platform

Details

• Giannangelo, the CEO and founder of Iubenda, is quoted as describing Iubenda as a platform (Interview With Andrea Giannangelo, Founder And CEO Of Iubenda; archived). Users access the services through the iubenda website. 
• “The core of Iubenda is a web application that generates the Privacy Policy of any website in compliance with the law.” (IUBENDA releases first version and announces seed capital round; archived)

Top

Is it in current use?

The iubenda website is “live”. Iubenda claims to have “over 80,000 clients in 100+ countries” (We help with the legal requirements, so you can focus on the business; archived)

Top

The creators

Created by

Legal tech company

Details

The developers are iubenda s.r.l, Via San Raffaele, 1 - 20121 Milan (Italia). 

Iubenda was founded in 2011 by Andrea Giannangelo. It attracted seed funding led by Digital Investments SCA SICAR. Marco Mancosu (Interview With Andrea Giannangelo, Founder And CEO Of Iubenda; archived).

“Iubenda’s co-founders are Domenico Vele, software engineer, and Carlo Rossi Chauvenet, a lawyer and teacher at the Bocconi University in Milan. Iubenda, “Press Kit” (available at [[PM1]](applewebdata://EEF4EFD9-2661-422C-A11C-3CB7F5C908F9#_msocom_1) http://www.iubenda.com/var/iubenda-presskit-en.zip)

 

Top

Jurisdiction

Background of developers

Italy (Developers are from Italy but only one of them has a background in law.)

Target jurisdiction

Iubenda aims to provide global coverage. It “make[s] every effort to cover every country’s laws by adopting the strictest data guidelines implemented in each country.” (We help with the legal requirements, so you can focus on the business; archived)

Iubenda’s “tools support 9 different languages (US English, UK English, German, Italian, French, Brazilian Portuguese, Dutch, Spanish, and Russian) …” (Getting Started Guide; archived)

Its “FULLGLOBAL toolbox” “will help you meet the requirements of EU, US and Brazilian online privacy laws.” (Getting Started Guide; archived)

Target legal domains

Privacy, data protection, cookie compliance, contract

Top

License

Iubenda has 74 public ‘pens’ on Codepen, a social development environment https://codepen.io/about/. According to Codepen, “Public Pens you build on CodePen are MIT licensed, meaning other people are free to use it for whatever they like as long as that is also MIT licensed. Don’t put anything on CodePen where that wouldn’t be OK. Private Pens are un-licensed so that you may apply your own license and retain direct ownership.” https://blog.codepen.io/documentation/terms-of-service/

Top