Compliance supportContract: analytics/drafting/reviewContract: automated creation
- What does it claim to do?
- Substantiation of claims & potential issues
- How might the end-user assess effectiveness?
- What form does it take?
- Is it currently in use?
- The creators
What does it claim to do?
Claimed essential features
- Manage various aspects of compliance from a single dashboard.
“One dashboard to manage your online compliance across multiple countries and legislations [sic]” (Features and benefits; archived)
This is subject to the qualification that “Content available on iubenda.com and documents generated using the Service are intended for general information purposes only … despite all efforts in offering the best possible service, iubenda cannot guarantee generated documents to be fully compliant with applicable law.” (We help with the legal requirements, so you can focus on the business; archived)
- Generate privacy and cookie policies.
“Customizable from 1600+ clauses, available in 9 languages and automatically updated if the law changes, our generator allows you to create a legal document in minutes and seamlessly integrate it with your website or app.” (Features and benefits; archived)
“The iubenda Cookie Solution allows you to manage all aspects of the Cookie Law …” (iubenda Cookie Solution – Introduction and Getting Started; archived)
- Generate terms and conditions documents.
“Our Terms & Conditions generator lets you to [sic] easily generate and manage Terms and Conditions that are professional, customizable from over 100 clauses, drafted by an international legal team, available in 8 languages, and up to date with the main international legislations. It is powerful, precise, and capable of handling even the most complex, individual scenarios and customization needs. (first video in ‘How to Generate Terms and Conditions’; archived)
- Manage privacy-related processing and end-user consent.
“Create your record of processing activity: add processing activities from 1600+ pre-made options, divide them by area, assign processors and members, document legal bases and other GDPR-required records.” (The solution to easily document all the data processing activity within your organization; archived)
“The IPM tool makes the complex task of managing internal privacy a simple and straightforward one. The tool lets you define specific ares of data processing, add processing activities and members involved in the processing to each area and also lets you add all necessary details related to the processing activities. This makes it simple for you to comply with requirements (including but not limited to the GDPR), and track and manage the data you collect, the purposes for collection, all parties involved, company details — including data of employees — and more.” (The solution to easily document all the data processing activity within your organization; archived)
“The Consent Solution provides … an API” to manage user consent (Consent Solution – Introduction and methods; archived)
Claimed rationale and benefits
- To automate compliance on an on-going basis across various legislative regimes.
“Attorney-level compliance solutions at the convenience only software can provide” (Features and benefits; archived)
“We continuously monitor the major legislations [sic] and keep both you and our products up to date” (Features and benefits; archived)
Claimed design choices
- Integration with third party websites/apps is via an application programming interface (API).
- Documents are delivered via a content delivery network, or cached in the client’s infrastructure.
“The documents are hosted on Akamai, the best content distribution provider you can find in terms of reliability and speed. We also give you the additional option to access documents via our API if you’d like to cache within your own application.” (5 Reasons Why We Host Your Documents; archived)
- Complies with the IAB framework for consent management.
“As a registered Consent Management Platform, we’ve worked hard to ensure that our Cookie Solution integrates seamlessly with and complies with the policies and specifications of this [the IAB TCF] Framework, … giving you … the additional option to easily enable and use it for your website and apps.” (The complete guide to IAB GDPR Framework and iubenda’s Consent Management Platform; archived)
Substantiation of claims & potential issues
- Iubenda’s FULLGLOBAL toolbox offers to help with privacy and data protection laws in the EU, US and Brazilian jurisdictions. Users operating outside those jurisdictions might not appreciate that the law that applies to their operations might impose a different set of requirements.
- True compliance with the relevant legal provisions may require more than the system is capable of; there is a risk clients consider their compliance obligations to be met simply by using Iubenda’s system.
It is not clear how the Internal Privacy Management solution is integrated into a customer’s website or app.
- Iubenda has 26 repositories on github. Some of these, such as
librariesare obviously associated with iubenda’s services.
- The first two are described as a “PHP class for the cookie law solution” and “[c]ode snippets regarding the cookie law solution” respectively.
- No description is provided for “libraries” but the filenames
ios/IubendaMobileSDKsuggest that these are the software development kits referred to in iubenda’s CS for mobile Developer’s Guide (archived).
- Github: https://github.com/iubenda
How might the end-user assess effectiveness?
Iubenda offers a free trial.
It has a 5-star rating on Capterra based on 133 reviews. (iubenda reviews; archived) and a toolbase score of 8.8 (iubenda;archived).
End-users might refer to the following publications which include reviews/assessments of iubenda:
Yi Ping Sun, Investigating the Effectiveness of Android Privacy Policies (Masters Thesis, University of Toronto https://tspace.library.utoronto.ca/bitstream/1807/89636/3/Sun_Yi_Ping_201806_MAS_thesis.pdf (archived)
Kamal S., Helal I.M.A., Mazen S.A., Elhennawy S. (2020) Computer-Assisted Audit Tools for IS Auditing. In: Ghalwash A., El Khameesy N., Magdi D., Joshi A. (eds) Internet of Things—Applications and Future. Lecture Notes in Networks and Systems, vol 114. Springer, Singapore
Célestin Matte, Nataliia Bielova, Cristiana Santos, Do Cookie Banners Respect my Choice? Measuring Legal Compliance of Banners from IAB Europe”s Transparency and Consent Framework arXiv:1911.09964v2
What form does it take?
- Giannangelo, the CEO and founder of Iubenda, is quoted as describing Iubenda as a platform (Interview With Andrea Giannangelo, Founder And CEO Of Iubenda; archived). Users access the services through the iubenda website.
Is it in current use?
The iubenda website is “live”. Iubenda claims to have “over 80,000 clients in 100+ countries” (We help with the legal requirements, so you can focus on the business; archived)Top
Legal tech company
The developers are iubenda s.r.l, Via San Raffaele, 1 - 20121 Milan (Italia).
Iubenda was founded in 2011 by Andrea Giannangelo. It attracted seed funding led by Digital Investments SCA SICAR. Marco Mancosu (Interview With Andrea Giannangelo, Founder And CEO Of Iubenda; archived).
“Iubenda’s co-founders are Domenico Vele, software engineer, and Carlo Rossi Chauvenet, a lawyer and teacher at the Bocconi University in Milan. Iubenda, “Press Kit” (available at [[PM1]](applewebdata://EEF4EFD9-2661-422C-A11C-3CB7F5C908F9#_msocom_1) http://www.iubenda.com/var/iubenda-presskit-en.zip)Top
Background of developers
Italy (Developers are from Italy but only one of them has a background in law.)
Iubenda aims to provide global coverage. It “make[s] every effort to cover every country’s laws by adopting the strictest data guidelines implemented in each country.” (We help with the legal requirements, so you can focus on the business; archived)
Iubenda’s “tools support 9 different languages (US English, UK English, German, Italian, French, Brazilian Portuguese, Dutch, Spanish, and Russian) …” (Getting Started Guide; archived)
Its “FULLGLOBAL toolbox” “will help you meet the requirements of EU, US and Brazilian online privacy laws.” (Getting Started Guide; archived)
Target legal domains
Privacy, data protection, cookie compliance, contractTop
Iubenda has 74 public ‘pens’ on Codepen, a social development environment https://codepen.io/about/. According to Codepen, “Public Pens you build on CodePen are MIT licensed, meaning other people are free to use it for whatever they like as long as that is also MIT licensed. Don’t put anything on CodePen where that wouldn’t be OK. Private Pens are un-licensed so that you may apply your own license and retain direct ownership.” https://blog.codepen.io/documentation/terms-of-service/Top