Truendo

Compliance support
truendo.com
Main research: March 2022

Contents

1. What does it claim to do?
2. Substantiation of claims & potential issues
3. How might the end-user assess effectiveness?
4. What form does it take?
5. Is it currently in use?
6. The creators
7. Jurisdiction
8. License

What does it claim to do?

The Truendo Consent Management Platform is a compliance management system aimed at various data protection laws including the GDPR, ePrivacy Directive, and Californian Consumers Privacy Act (CCPA). It also claims to enable collection of website visitor analytics in a data protection-compliant manner.

Claimed essential features

• Automatically scans clients’ websites to ensure data protection compliance.
• Provides automated suggestions for clients’ privacy statements and cookie consents.

“We automatically scan your website once a month to ensure that you are always compliant, and you can organize cookies into any category of your choosing after users have given their consent”. (Features; archived)

“Always up-to-date: Our in-house TÜV Austria certified data protection officers cooperate with external legal experts in GDPR and ePrivacy, updating our policies on a regular basis to ensure that your website stays up-to-date with the latest legal requirements.” (Features; archived)

“Insights: TRUENDO is able to collect valuable information, while remaining fully compliant. By using insights, you will be able to learn more about your customers and improve the way you target potential clients.” (Features; archived)

Claimed rationale and benefits

• Enable compliance of websites with data protection legislation.
• Manage cookies and cookie consent.
• Provide website owners with marketing analytics.

Cookie creation: users may “easily create new cookies and categorize them for the Cookie Consent Platform” (‘What is TRUENDO?’ video; archived)

Consent proof record (‘What is TRUENDO?’ video; archived)

Insights and statistics: Truendo provides “valuable insights and statistics about your customers allowing you to better retarget and market your company” (‘What is TRUENDO?’ video; archived)

Claimed design choices

• Periodically crawls clients’ websites to determine use of personal data.

“TRUENDO uses a search software (‘Crawler’ or ‘Scanner’) which attempts to determine the data protection of sensitive content, programs or plug-ins the Client uses on his/her website. Based on the Crawler’s search, the Console gives suggestions to the Client regarding his privacy statement or cookie consent (…).” (Terms and Conditions clause 10.4; archived)

“TRUENDO Technologies does not check the data entered by the Client on the Platform and the settings made there for their accuracy, topicality, relevance, correctness or legality.” (Terms and Conditions clause 10.3, archived)

“(…) the suggestions in the Console are therefore not necessarily always up to date and that changes to the Client’s website may not be displayed, if these changes occurred after the last search.” (Terms and Conditions clause 10.5, archived)

Top

Substantiation of claims & potential issues

• Truendo, in its terms and conditions, expressly does not warrant that Truendo will be legally up to date at all times, nor that it will facilitate compliance with, or take into account, all obligations under the GDPR.
• The technology scans clients’ websites and “attempts to determine the data protection of sensitive content, programs or plug-ins”. Depending on the implementation of those websites (and their component parts) it may not detect all processing that is relevant to data protection law.
• True compliance with the relevant legal provisions may require more than the system is capable of; there is a risk clients consider their compliance obligations to be met simply by using Truendo’s system.

Truendo does not provide a technical description of its software via articles or blogposts. It does provide documentation on the website concerning coding for the following features provided by the system: (i) Cookie Blocking, (ii) Cookie Manager, (iii) Javascript API and (iv) WCAG Accessibilty. Those resources are essentially guidelines for intended users to operate with Truendo’s functionalities. Therefore, they only describe the back-end system incidentally.

Data

• Interoperability: Truendo is a Javascript library that can be plugged into websites and platforms (How to add a Privacy Policy; archived).
• The documentation does not contain information on the techniques used to scan the website code, but the process is activated through the Cookie Manager: “Note: TRUENDO will now start scanning your website and add the services and cookies you use. This happens in the background.” (Cookie Manager - Adding an Organisation; [archived] (https://web.archive.org/web/20220125113830/https://docs.truendo.com/cookie-manager/adding-an-organisation/))

System

• Truendo contains demo code for Android and OS integration (App integration; archived)

• Dashboard: The demo video shows the existence of a Consent Records database which can be consulted (archived)

Figure 1: Video screenshot that shows that Consent records are kept and may be consulted by Truendo’s intended users, demo vide

• Automation and auto-blocking: “Truendo uses six different categories for cookies. necessary, statistics, marketing, social_sharing, social_content and preference.” (Cookie Blocking; archived)

• The classification and connection of website cookies should be done (manually) by the website owner: “To help you make your website compliant, you have to connect cookies to the Privacy Center” (Cookie Blocking; archived)

• “You will have to add two attributes to every script in your website that needs to be controlled by TRUENDO. At first we set the type attribute to 'text/plain'. This way the script is not running before the user accepts it. The second attribute is data-trucookiecontrol. This attribute has to be set to the corresponding category. For example 'statistics'.” (Cookie Blocking; archived)

• Automated scanning of “sensitive content, programs or plug-ins” on clients’ websites may not detect relevant data processing if the website or its components have been architected in a way that is unforeseen by TRUENDO’s developers.

Rationale and benefits

• Insights: The demo video shows the overview of insights that are provided in the Insights Dashboard

Figure 2: Demo video screenshot that shows the insights and statistics about website visitors shown in Truendo’s dashboard

Top

How might the end-user assess effectiveness?

Importantly, Truendo’s terms and conditions explicitly state that the company “does not warrant that TRUENDO will be legally up to date at all times nor that it will facilitate compliance with all obligations under the GDPR…”

“(…) TRUENDO Technologies expressly does not warrant that TRUENDO will be legally up to date at all times nor that it will facilitate compliance with all obligations under the GDPR or take into account all obligations under the GDPR. TRUENDO Technologies expressly points out that the Client is solely responsible for checking and ensuring compliance with his/her obligations under the GDPR.” (Terms and Conditions; archived)

Free trial is available, but conditional on creating an account (Homepage; archived)

Software Development Kits (SDK) and Demo Downloads are available via Truendo’s resources (archived).

Truendo claims to adhere to two kinds of industry standards, namely it is updated according to the latest Transparency and Consent Framework (TCF) and the Web Content Accessibility Guidelines (WCAG).

TCF claims to be “the only GDPR consent solution built by the industry for the industry, creating a true industry-standard approach.” (TCF; archived).

Web Content Accessibility Guidelines (WCAG) is developed through the W3C process in cooperation with individuals and organizations around the world, with a goal of providing a single shared standard for web content accessibility that meets the needs of individuals, organizations, and governments internationally (W3C homepage; archived)

Besides the technical features, Truendo claims that their Data Protection officers are certified by TÜV Austria – together with external legal experts, they ensure up to date compliance with the GDPR and ePrivacy (Features; archived).

Top

What form does it take?

Form

Platform

Details

Truendo claims to afford Customisation. However, it seems to be off-the-shelf, as the level of customisation afforded by Truendo is restricted to the presentation of the Cookie Management Platform (CMP) and the cookie banner to users and end-users, respectively.

As stated in Truendo’s Homepage (archived), users may customise the “color scheme of our cookie manager and cookie banner, as well as button colors and size can be changed to match the corporate identity of your organization to maintain a seamless look on your website.”.

The documents made available by Truendo indicate that the level of customisation is determined by the technical constraints determined by and embedded in Truendo (Documentation; archived)

It should be noted that Truendo is available to offer customisation, prompting the users to contact them for that purpose (Homepage; archived)

Top

Is it in current use?

Subscriptions are currently available through Truendo’s homepage.

Top

The creators

Created by

Legal tech company

Details

“TRUENDO was founded by Joshua Dippenaar and Fredrik Gustafsson in Vienna in 2017.” (About us; archived).

The executive team is composed by:

• Joshua Dippenaar (Co-founder / CEO / CTO) has a background in software development

• Fredrik Gustafsson (Co-founder / CEO) has a background in software development

• Oliver Haidutschek (CPO) has a background in visual design with a focus on UI/UX from conception to release

Truendo has partnerships with digital agencies, IT consultants and solicitors. Partners are listed on the website and divided by Web Partners, Legal Partners and DPO Partners (Partners; archived).

Top

Jurisdiction

Background of developers

Austria

Target jurisdiction

EU law; USA (California Consumer Privacy Act (CCPA))

Target legal domains

Data Protection law; Privacy law

Top

License

According to Clause 6 of the Terms and Conditions, the system is proprietary – Terms and Conditions (archived).

“6.1. The Client is given the non-exclusive and non-transferable right to access the Platform via telecommunications for his own internal business use; such use shall be in a proper manner and in conformity with the contract, and such right shall be granted for the term of the contract; the Client is prohibited to grant sub-licenses to such right of use, and the Client shall use the Platform’s functionalities via a browser in accordance with the contract. The Client is not granted any further rights, including rights to the software applications linked with the Platform or to the operating software.”

“6.2. The Client shall not be entitled to use the Platform beyond the scope of contractual use. Without TRUENDO Technologies’s unambiguous approval, or without a partner contract, the Client shall in particular not be entitled to permit platform use via its own Account(s) to third parties, including its affiliates, external service providers, cooperation partners or subcontractors. Moreover, the Client is prohibited to reproduce, sell or loan the platform for a defined or undefined term or to grant access to the Platform via its own Account(s) to third parties, that is, neither for payment nor without payment; furthermore, the Client is prohibited from letting or leasing out their access to the Platform.”

Top