- What does it claim to do?
- Substantiation of claims & potential issues
- How might the end-user assess effectiveness?
- What form does it take?
- Is it currently in use?
- The creators
What does it claim to do?
The Truendo Consent Management Platform is a compliance management system aimed at various data protection laws including the GDPR, ePrivacy Directive, and Californian Consumers Privacy Act (CCPA). It also claims to enable collection of website visitor analytics in a data protection-compliant manner.
Claimed essential features
- Automatically scans clients’ websites to ensure data protection compliance.
- Provides automated suggestions for clients’ privacy statements and cookie consents.
“We automatically scan your website once a month to ensure that you are always compliant, and you can organize cookies into any category of your choosing after users have given their consent”. (Features; archived)
“Always up-to-date: Our in-house TÜV Austria certified data protection officers cooperate with external legal experts in GDPR and ePrivacy, updating our policies on a regular basis to ensure that your website stays up-to-date with the latest legal requirements.” (Features; archived)
“Insights: TRUENDO is able to collect valuable information, while remaining fully compliant. By using insights, you will be able to learn more about your customers and improve the way you target potential clients.” (Features; archived)
Claimed rationale and benefits
- Enable compliance of websites with data protection legislation.
- Manage cookies and cookie consent.
- Provide website owners with marketing analytics.
Claimed design choices
- Periodically crawls clients’ websites to determine use of personal data.
“TRUENDO uses a search software (‘Crawler’ or ‘Scanner’) which attempts to determine the data protection of sensitive content, programs or plug-ins the Client uses on his/her website. Based on the Crawler’s search, the Console gives suggestions to the Client regarding his privacy statement or cookie consent (…).” (Terms and Conditions clause 10.4; archived)
“TRUENDO Technologies does not check the data entered by the Client on the Platform and the settings made there for their accuracy, topicality, relevance, correctness or legality.” (Terms and Conditions clause 10.3, archived)
“(…) the suggestions in the Console are therefore not necessarily always up to date and that changes to the Client’s website may not be displayed, if these changes occurred after the last search.” (Terms and Conditions clause 10.5, archived)
Substantiation of claims & potential issues
- Truendo, in its terms and conditions, expressly does not warrant that Truendo will be legally up to date at all times, nor that it will facilitate compliance with, or take into account, all obligations under the GDPR.
- The technology scans clients’ websites and “attempts to determine the data protection of sensitive content, programs or plug-ins”. Depending on the implementation of those websites (and their component parts) it may not detect all processing that is relevant to data protection law.
- True compliance with the relevant legal provisions may require more than the system is capable of; there is a risk clients consider their compliance obligations to be met simply by using Truendo’s system.
- The documentation does not contain information on the techniques used to scan the website code, but the process is activated through the Cookie Manager: “Note: TRUENDO will now start scanning your website and add the services and cookies you use. This happens in the background.” (Cookie Manager - Adding an Organisation; [archived] (https://web.archive.org/web/20220125113830/https://docs.truendo.com/cookie-manager/adding-an-organisation/))
Figure 1: Video screenshot that shows that Consent records are kept and may be consulted by Truendo’s intended users, demo vide
The classification and connection of website cookies should be done (manually) by the website owner: “To help you make your website compliant, you have to connect cookies to the Privacy Center” (Cookie Blocking; archived)
“You will have to add two attributes to every script in your website that needs to be controlled by TRUENDO. At first we set the
'text/plain'. This way the script is not running before the user accepts it. The second attribute is
data-trucookiecontrol. This attribute has to be set to the corresponding category. For example
'statistics'.” (Cookie Blocking; archived)
- Automated scanning of “sensitive content, programs or plug-ins” on clients’ websites may not detect relevant data processing if the website or its components have been architected in a way that is unforeseen by TRUENDO’s developers.
Rationale and benefits
- Insights: The demo video shows the overview of insights that are provided in the Insights Dashboard
Figure 2: Demo video screenshot that shows the insights and statistics about website visitors shown in Truendo’s dashboardTop
How might the end-user assess effectiveness?
Importantly, Truendo’s terms and conditions explicitly state that the company “does not warrant that TRUENDO will be legally up to date at all times nor that it will facilitate compliance with all obligations under the GDPR…”
“(…) TRUENDO Technologies expressly does not warrant that TRUENDO will be legally up to date at all times nor that it will facilitate compliance with all obligations under the GDPR or take into account all obligations under the GDPR. TRUENDO Technologies expressly points out that the Client is solely responsible for checking and ensuring compliance with his/her obligations under the GDPR.” (Terms and Conditions; archived)
Truendo claims to adhere to two kinds of industry standards, namely it is updated according to the latest Transparency and Consent Framework (TCF) and the Web Content Accessibility Guidelines (WCAG).
Web Content Accessibility Guidelines (WCAG) is developed through the W3C process in cooperation with individuals and organizations around the world, with a goal of providing a single shared standard for web content accessibility that meets the needs of individuals, organizations, and governments internationally (W3C homepage; archived)
Besides the technical features, Truendo claims that their Data Protection officers are certified by TÜV Austria – together with external legal experts, they ensure up to date compliance with the GDPR and ePrivacy (Features; archived).Top
What form does it take?
Truendo claims to afford Customisation. However, it seems to be off-the-shelf, as the level of customisation afforded by Truendo is restricted to the presentation of the Cookie Management Platform (CMP) and the cookie banner to users and end-users, respectively.
As stated in Truendo’s Homepage (archived), users may customise the “color scheme of our cookie manager and cookie banner, as well as button colors and size can be changed to match the corporate identity of your organization to maintain a seamless look on your website.”.Top
Is it in current use?
Subscriptions are currently available through Truendo’s homepage.Top
Legal tech company
The executive team is composed by:
Joshua Dippenaar (Co-founder / CEO / CTO) has a background in software development
Fredrik Gustafsson (Co-founder / CEO) has a background in software development
Oliver Haidutschek (CPO) has a background in visual design with a focus on UI/UX from conception to release
Background of developers
EU law; USA (California Consumer Privacy Act (CCPA))
Target legal domains
Data Protection law; Privacy lawTop
“6.1. The Client is given the non-exclusive and non-transferable right to access the Platform via telecommunications for his own internal business use; such use shall be in a proper manner and in conformity with the contract, and such right shall be granted for the term of the contract; the Client is prohibited to grant sub-licenses to such right of use, and the Client shall use the Platform’s functionalities via a browser in accordance with the contract. The Client is not granted any further rights, including rights to the software applications linked with the Platform or to the operating software.”
“6.2. The Client shall not be entitled to use the Platform beyond the scope of contractual use. Without TRUENDO Technologies’s unambiguous approval, or without a partner contract, the Client shall in particular not be entitled to permit platform use via its own Account(s) to third parties, including its affiliates, external service providers, cooperation partners or subcontractors. Moreover, the Client is prohibited to reproduce, sell or loan the platform for a defined or undefined term or to grant access to the Platform via its own Account(s) to third parties, that is, neither for payment nor without payment; furthermore, the Client is prohibited from letting or leasing out their access to the Platform.”Top