ID Side is excited to announce the rollout of the beta version of Swipe and Buy, our personal and private marketplace, now available on the Android Play Store! Unlike traditional e-commerce platforms, Swipe and Buy puts individuals in full control of their shopping experience. Users can curate their own digital marketplace, choosing the brands, price ranges, and discounts that matter to them—ensuring a tailored, relevant, and privacy-first shopping journey.

We're starting with the online clothing and e-fashion industry, offering a personalized way to discover deals that align with individual preferences. But this is just the beginning! Our goal is to expand beyond fashion, allowing users to apply the same customized shopping experience to all kinds of products that suit their needs. By prioritizing user-driven choices over aggressive advertising, Swipe and Buy redefines how people interact with online commerce.

Since this is an early beta version, we know there’s still a lot to improve. That’s why we’re inviting YOU to help shape the future of Swipe and Buy! Whether through the in-app contact form, on our website (contact us here), or via our TikTok page (@idside.eu), we’d love to hear your feedback, ideas, and suggestions. Your input will be key in refining the app to truly empower users in their shopping choices.

At ID side, we champion the belief that true transparency is achieved when individuals can actively manage how their data is utilized, notably in the frame of AI systems. This is why our Personal Data Choices Management Platform (PDPs) offers a groundbreaking approach to data control constituting a potential game-changing application of GDPR's practical certainty one can indeed control their data online -even while further used by/for AI.

GDPR recital 7 lays down that "Natural persons should have control of their own personal data. Legal and practical certainty for natural persons, economic operators and public authorities should be enhanced". We strive to provide a mechanism to give such control.

Despite the EU AI Act does not refer once to individuals' control and the practical implementation of EU fundamental right to self-determination, but only to more transparency and explainability, we start exchanging about the "practical tool" that will empower us all to have control online -over collection, use and further use of personal data.

As we strive to turn transparency and explainability into controls that are vital to individuals online, we are grateful for the constructive exchanges we already had in various fora (IAPP, DIFC, INRIA, ICO, FEDMA…) and we kindly invite any party interested to pursue or initiate such exchanges with us.

Whether it is in Oxford (Centre for Digital Ethics), Yale (Digital Ethics Center (DEC), Yale University) or Georgetown University (Center for Digital Ethics at Georgetown University), the underlying question to keep bridging Ethics & Innovation is: How can individual digital rights & business interests possibly coexist so that everyone benefits from innovation?

In EU, the GDPR and the EU AI act were designed to set regulatory boundaries to such questions. In the US, CCPA and California Privacy Protection Agency started from the tools: GPC and OOPS. Some set a new paradigm and clarify what individual control over personal data should look like (EU). Others move things forward in practice with dataprotection engineering (CA/US). Both parties agree: the way forward is neither laid down in the books/the rule of law, nor in a ChatGPT O1 prompt -or any other AI tool. It starts from existing online practices and must shift paradigms thanks to a "humanly concerted" decision-making process.

From a trip to DC, ID side Principal came back with Georgetown University's Center for Digital Ethics ethical questions in mind, specifically focusing on how individuals can regain control over their digital footprints -notably through interdisciplinary Research in Computer Science, Philosophy, and Public Policy.

ID side Research has developed a system designed to redefine privacy management—a seamless, user-centric solution that acts as a Privacy Single Sign-On, allowing individuals to set and share their data preferences effortlessly across digital platforms.

Looking at Georgetown University's ethical Research and what ID Side promotes, our team's takeaway is that today's challenge is to build a business-friendly digital ecosystem where:
- Ethics Meets Implementation (ethical frameworks are great but they must be transformed into real-world applications),
- Regulatory Readiness is key (setting & aligning with global privacy standards requires budget and time).
- Innovation serves Public Good (redefining personalization without invasive tracking does not invalidate existing 24/7 tracking but is a complementary & strictly necessary alternative -i.e. 2027 shortage of servers' storage capacity)
- Users are Empowered (there is no way out without corporations progressively sharing control with individuals).

Based on Legal & Tech Innovation evidence, let's recognise a hard fact: now is the time to make User Empowerment operational in a concerted, iterative, multi-stakehoders and practical way.

Last week’s Centre for Information Policy Leadership (CIPL) summit was such an insightful moment in many different ways.

It was not only about AI, GDPR, CCPA, DMA, updates about US data protection laws and data privacy regulation overall.

One of the key takeaways of CIPL Summit was rather about Privacy and Artificial Intelligence innovation regulation « Yes but How? » topic:

• - a US set of States laws or a federal law,
• - with risk tolerance setting so that companies keep innovating -even in the EU,
• - with or without automated Privacy signals at the center of fundamental rights in practice,
• - with or without Tech-enabled regulators (how could budget-limited Data Protection Authorities keep the pace with innovation without accountably enabling their staff with AI tools?).

After years of independent and self-funded Research on data protection online & GDPR consent glitches and after filing a WIPO-PCT patent application on a home-made AI-friendly "personal data choices management platform" (PDCMP), ID side is delighted to join Federation of European Data and Marketing (FEDMA) trusted innovation program.

Through the FAST Bridge program, FEDMA connects "innovative start-ups with venture capitalists (VCs) and angel investors, fostering a trusted ecosystem for responsible growth and innovation. Our mission is to recognize and support innovative start-ups in data and AI marketing that demonstrate a strong commitment to ethical data practices, transparency privacy and sustainability".

So doing, the Federation recognises ID side counts among Tech-and-ethics-first entrepreneurs fostering a brand new Brussels effect (as supported by Eu Commission DG Connect & few Member States since 2025) demonstrating that EU is Tech-friendly, innovates and enables individuals in a win-win "business-AND-privacy" mode!

At the time when lawmakers, regulators, academics, and civil society concur in observing the practical limits of 'consent' by the books online, ID side strives to communicate on its Tech, which helps streamline consent requests online.

We were happy to exchange with INRIA Interdisciplinary Project on Privacy (IPoP) teams about our solution and the 'Light Web' project. And we are grateful to pursue discussions and share more about our Tech.

In February 2025, ID side officially reached out to the Digital Advertising Alliance (DAA) and its six participating associations (4A’s, AAF, ANA, BBB National Programs, IAB, NAI) to exchange about DAA’s Webchoices 2.0 and Privacy automated signals.

ID side objective is to foster constructive discussion with all stakeholders currently promoting a partner-based approach (hence having, by definition, a limited scope) so that, tomorrow, technical solutions and tools empower individuals to control -and seamlessly share- their Privacy, Safety, AI but also commercial preferences online. ID side’s de-identification technique (which goes beyond tokenisation) is a sound and creative way to successfully mitigate re-identification risks and safely unleash the power of individual privacy signal tools.

At the same time as contributing to the California Privacy Protection Agency (CCPA) public consultation, ID side Principal drafted a contribution on the topic of “valid online consent” in practice published by the International Association of Privacy Professionals (IAPP).

This piece stresses what a tech-enabled valid consent (consent 2.0) should look like.

It markedly highlights the importance of advancing privacy rights globally and in practice, specifically regarding the core obligation for service providers to collect valid and updated choices online and — at the age of automated privacy signal tools — facilitate user-centric control, which mainly relies on Personal Data Choices Management platforms.

In the frame of the Webchoices 2.0 project launched by the Digital Advertising Alliance (DAA), ID side formally engaged in exchanging with DAA.

We hope these initial discussions will help move the discussion forward diligently and determine what a consistent tech-enabled consent mechanism should look like in the U.S., EU, and globally.

Context: In the US, Section 1798.135 (a) (2) CCPA lays down that businesses must honour consumer opt-out preferences signalled through automated mechanisms, such as a browser setting or privacy preference signal. The California Code of Regulations, Title 11, Section 7025 (CPPA regulations) defines 'Opt-Out Preference Signals' (OOPS) as valid mechanisms to express a consumers’ opt-out choices. One year ago, the Directorate‑General for Communications Networks, Content and Technology in the EU Commission recommended exploring signals from personal data choice management platforms (PDCMPs) under the cookie pledge draft principle H. Since 2024, the Digital Advertising Alliance started exploring cross-services signal-based mechanisms similar to those designed in the EU and subject to patent application.

Since 2019, ID side team innovates, particularly creating a 'Personal Data Choices Management Platform' (PDCMP) that we filed a patent application request for in 2020.

Our Research program extended from 2019 to 2024. Based on our continuous work and our recent outcomes, but also owing to Californian legal provisions about automated individual privacy signals, we appreciated the opportunity to speak with Commission Nationale de l’Informatique et des Libertés (CNIL)’s Laboratoire d’Innovation Numérique de la CNIL (LINC).

UTIQ " is a European AdTech company with a unique Telco-powered first party identifier, that harnesses Authentic Consent to enable responsible digital marketing”. It was launched in 2023 and “is backed by the telecommunications providers Deutsche Telekom AG, Orange SA, Telefónica S.A. and Vodafone Group plc”. In their own words, it “empowers brands and publishers to address first party Authentic Audiences at scale, delivering relevant ad-funded experiences while embracing the very toughest privacy standards, through its secure and encrypted consentpass solutions”. UTIQ project is designed around an “easy-to-use and centralised consenthub platform” which asserted ambition is “to build an ecosystem based on trust and transparency”.

ID side and UTIQ projects revolve around user-centric tools and user control. To check overlaps and common interests, ID side reached out to UTIQ and happily met with UTIQ CTO.

Based on such initial dialogue, ID side will pursue discussions diligently to empower individuals online.

Today, ID side contributed to the California Privacy Protection Agency (CCPA) public consultation. ID side team recognizes the significance of advancing privacy rights globally. To our view, this consultation is a vital step toward ensuring robust consumer privacy protections worldwide while fostering transparency and trust between consumers and businesses. We appreciated the opportunity to provide feedback, specifically about 'Opt-out preference signals' and consumer consent & rights online.

Our contribution mainly focused on 3 topics, specifically tied to our 'niche' expertise:

1. Consumer consent: '§ 7004. Requirements for Methods for Submitting CCPA Requests and Obtaining Consumer Consent', and specifically (a) (2) (C), (a) (3) (C) & (D), (a) (4) (A) & (a) (4) (C), (5) and 5(C).
2. Sharing of preferences signal online: '7025. Opt-out Preference Signals', and specifically (a)(2), (c) (2), (7) (C), (7) (E).
3. Automatic submission of individual requests: '§ 7026. Requests to Opt-out of Sale/Sharing', specifically (a) (2), (a) (4), (b), (c), (j), '§ 7027. Requests to Limit Use and Disclosure of Sensitive Personal Information', specifically (a), (b) (1), (b) (2), (b) (3) and (c) (5) and '§ 7028. Requests to Opt-in After opting-out of the Sale or Sharing of Personal Information or Limiting the Use and Disclosure of Sensitive Personal Information' (b).

In this submission, ID side teams provided feedback on the implementation of opt-out rights and the automatic sharing of reasonable expectations, choices, or preferences in a state-of-the-art and seamless way for individuals.

We hope this contribution will provide practical insights and align with the shared goal of ensuring strong privacy protections for consumers while enabling businesses to operate effectively within California's innovative economy.

Can we really consent online today? In a contribution released by Pr. Lorrie Cranor (Carnegie Mellon University) on 19 November 2024, it is stressed that, globally, “notice & consent” does not work "as is" and should be given “the legal and technical support it needs”.

As stressed in an IAPP contribution shared online by ID side Founder, Pr Cranor stresses that empowering individuals in practice is essential and should be done providing them with appropriate tech tools. From the binary approach of “Do not track” (DNT) to the current Global Privacy Control (GPC) developed in California (“which allows users to turn on a setting in their browser (or browser extension) that transmits a GPC signal to automatically opt out of websites selling or sharing their personal information”), she praises that “for the first time privacy laws are requiring websites to respect automated privacy signals such as GPC". Literally admitting California law sets a new cornerstone for regulating “valid consent” but, most of all, that a crucial landmark has been set to respect individuals’ right to share automated privacy signals and have those automatically complied with.

In practice, individuals should have the chance to seamlessly share their reasonable expectations online and switch from consent collection tools such as “Consent Management Platforms” (CMPs) to user-centric Privacy choices tools, such as ID side “Personal data choice management platform” (PDCMP). PDCMPs allow users to automatically share their by-default preferences regarding Privacy (i.e. by-default cookie choices) or commercial interests (i.e. agreement to be targeted by company C or sector (c) - and not A or (b) because they like Company C / sector (c) products or think that ads from Company C/sector (c) could be relevant to them) - see scheme below.

Indeed, our tool enables individuals to share their reasonable expectations, and to update those in few clicks, empowering everyone to take control over commercial processing and personalisation online. It addresses the real issue at stake: providing the tech tools individuals need to freely share their by-default choices and, so doing, streamline consent requests to a level compatible with human capacity to consent (a humanly manageable [available time / human capacity] ratio!).

The California Consumer Privacy Act (CCPA) adopted in 2018 and strengthened by subsequent amendments under the California Privacy Rights Act (CPRA) introduced requirements making it mandatory for businesses to honour automated opt-out signals as valid expressions of a consumer's choice to limit the sale or sharing of their personal data.

These signals, such as the Global Privacy Control (GPC), serve as a user-enabled browser or device setting that communicates their desire to opt out universally without requiring individual interactions with each website. Actually, the CPRA clarified and reinforced this obligation by mandating businesses to recognize such signals and apply them consistently, eliminating the burden on consumers to manually opt out on each site. The DAA Consumer Choice Tool is now available in the US.

For years (since 2019), ID side has been working on "automated signals as valid expressions of a consumer's privacy choices" to put individuals in control of their personal data online. We prototyped it since 2020 and and filed a patent application for our invention (a "Personal data choice management Platform" or PDCMP). This provision is an international legal and regulatory landmark as it helps ensure a streamlined, user-friendly and practical approach to digital privacy rights.

In June 2024, ID side started exchanging with the Digital Advertising Alliance (DAA) about its project, the DAA Consumer Choice Tool launched in the US and their intertwining features.

For years, we’ve been self-funding data protection engineering research, which outcomes are subject to patent application (info available online).

Most of our research outcomes helped facilitating and substantially advanced ongoing discussions about consent, online controls and digital fundamental rights exercised in practice (i.e. UK data protection bill, EU Commission Cookie Pledge, EDPB “Consent or OK” guidelines).

Today, to be impactful, our tools (iOS & Chrome apps & idside.eu website) must be utilised. We will be in full capacity to empower people online if most/many people install ID side (on Safari or Chrome) and, doing so, count among those reclaiming control over their personal data.

In practice thought, the problem we face today is that loading an extension is not something non-GenZ people would do spontaneously!

So, the best way to help is simple: load our app, speak about us and partner or exchange with our team (contact@idside.eu). Doing so, you will enable us to keep entering fruitful & constructive interactions with Companies & governments. Whether you are a User or a Company, be among those who take part in the advent of the Light Web. Join ID side: contact@idside.eu.

In a couple of months, our new privacy-friendly marketplace will be out on idside.eu. Do not forget to go, have a look and enjoy our personalised discounts!

On November 18, the European Data Protection Board (EDPB) organised a remote stakeholder event in order to collect stakeholders’ input in the context of upcoming guidelines on the application of data protection legislation in the context of ‘Consent or Pay’ models.

The aim of the event was to "gather relevant insights from organisations that have expertise in ‘Consent or Pay’ models, which require data subjects to choose between consenting to processing of personal data for a specified purpose or paying a fee."

ID side was happy to contribute to EDPB guidelines' ongoing work on ‘Consent or Pay’ models, following EDPB Opinion 08/2024 – which addressed the ‘Consent or Pay’ model in the context of large online platforms.

Our key input was to give strong evidence guidelines can usefully include brand new tech tools and considerations around how people could be empowered. We specifically focused on the automated individual privacy choices tool we filed patent application for and prototyped over the last few years.

The EU AI Act requires compliance with additional obligations regarding transparency, data governance, and human oversight. It gives individuals a right to explainability. But does it, in any way, provide additional control to individuals?

The Act has significant implications for digital solutions embedding AI-system-empowered features and requires updates to data protection and privacy programs so that those encompass information on:

• Compliance with New Regulatory Standards (e.g. transparency, data governance, human oversight, "high-risk" documentation, and mitigation plan)
• User Empowerment through informed consent and user-centric design
• Algorithmic Fairness whenever algorithms influence user choices or provide recommendations (those must be explainable and unbiased, requiring refining AI models)
• Privacy Technologies like differential privacy or anonymization, balancing user data protection with commercial goals
• Data Sharing and AI Training Restrictions particularly if it includes sensitive or personal data

ID side app and API offer solutions that help address most of such challenges. If you are a trail-blazing company exploring innovative options to give individuals control, ready to position as a leader in ethical and user-centric AI, our team would be happy to help you explore our tools (mostly designed to be embedded as a "white mark"). Contact us!

In June 2024, ID side decided to restructure its Tech team. After an internal audit of our cookie banners' auto-filling solution, it appeared essential to us to connect with Consent-o-matic teams and pay tribute to Aarhus University R&D and the apps rolled out on Chrome, Firefox, Safari, and Edge for the desktop, and Safari for mobile.

We are grateful for the exchange we had with Consent-o-matic co-founder. In their solution, driven by the will to address consent fatigue and dark patterns, Consent-o-matic founders set a Tech cornerstone for other app developers, such as ID side, to go beyond cookie banners' consent gaps & glitches and design a browser extension empowering individuals to automatically share their preferences beyond cookie choices.

Since 2019, ID side developed such "Google forms" for individuals to automatically and seamlessly share any set of choices—whether it deals with Privacy, Safety, AI further use of personal data, or commercial preferences. To showcase our approach on cookie banners, we had the opportunity to build on the shoulders of an academic PoC giant, and we remain genuinely grateful to Consent-o-matic team for sharing their insights and network.

On June 12, 2024, the Digital Advertising Alliance (DAA) announced WebChoices 2.0, a major update to Industry's AdChoices Opt-Out Program.

According to DAA, it is the most significant update to the advertising industry’s AdChoices program for interest-based advertising (IBA) since the program was launched in October 2010.

The DAA tools will help participating companies shift the technology platform "from a cookie-based opt-out tool to a browser-based extension in WebChoices 2.0 that supports opt-outs across both cookies and emerging technologies, such as probabilistic IDs and hashed emails or phone numbers. The WebChoices 2.0 tool is compatible with most major browsers and – in future – will enable users to express category preferences around topics of interest, in addition to company-specific and industry-wide opt-outs."

According to DAA, opt-out tools are designed "so people can express their choices for both existing and new technologies used for advertising IDs. This choice tool will ensure Americans continue to have one-click access to information and choices about targeted ads directly from the ads themselves and on the apps or websites they visit. Among the novel features and functionality of WebChoices 2.0 are:

• A browser extension that stores consumer choices on most popular mobile and desktop browsers, including Chrome, Safari, Edge, and Firefox.
• Support for cookies and new ad technologies such as probabilistic IDs, IP targeting, and hashed emails or phone numbers, so user preferences can be expressed regardless of the underlying addressability approach.
• The ability for users to express category-specific interest preferences about the ad topics they wish to see or limit.
• Cross-industry integration so ad tech companies can read consumer choices and preferences in the extension at bid time and adjust their bid strategy accordingly.

ID side publicly shared about such Tech solutions since 2021, notably (but not only) to DAA and its members in a "Cookie Pledge" gathering organized in October 2023. As we advocated for years in order to partner and have such Tech solutions adopted at large, this announcement is both good news and bad news.

It is good news for individuals' right to control their privacy and overall their choices online.

It is bad news, because it means DAA moved things forward in a minimum way (e.g. in the US only, to comply with a legal obligation triggered their way by California State) and is guilty of patent infringement because our patent also covers US territory.

ID side publicly shared about such Tech solutions since 2021, specifically in a "Cookie Pledge" gathering organised in October 2023. ID side team remains happy to foster a win-win approach and unleash the power of our solutions in the US and beyond.

In April 2024, to address a request by the Dutch, Norwegian & Hamburg Data Protection Authorities and based on Art. 64(2) GDPR, the EDPB adopted an Opinion to address the validity of consent and process personal data for the purposes of behavioural advertising in the context of ‘consent or pay’ models deployed by large online platforms.

EDPB Chair highlighted that “Online platforms should give users a real choice when employing ‘consent or pay’ models. The models we have today usually require individuals to either give away all their data or to pay. As a result, most users consent to the processing in order to use a service, and they do not understand the full implications of their choices."

Overall, EDPB considers that, "in most cases, it will not be possible for them to comply with the requirements for valid consent, if they confront users only with a choice between consenting to processing of personal data for behavioural advertising purposes and paying a fee."

In a nutshell, offering only a paid alternative to services which involve the processing of personal data for behavioural advertising purposes is not sufficient. To develop alternatives, large online platforms are invited to consider providing individuals with an ‘equivalent alternative’ that does not entail the payment of a fee.

This is where ID side Tech chimes in: for consent to be free, individuals should be provided with an appropriate tool empowering them to bypass any imbalance of power glitch, set by-default choices without hindrance or negative impact, share those easily, and drastically reduce consent requests.

As the EDPB envisages, "in addition to this Art. 64(2) Opinion" to "develop guidelines on ‘consent or pay’ models with a broader scope and will engage with stakeholders on these upcoming guidelines", ID side will stand ready to contribute and share about its prototypes and insights.

From April to December 2023, the EU Commission ran targeted and closed-doors consultations with a set of stakeholders interested in behavioral advertising, cookie banners, and tracking online. Indeed, "during the European Consumer Summit of March 2023, Commissioner Reynders launched the so-called “cookies pledge” project. Under this initiative, the Commission services worked together with stakeholders on voluntary business solutions to better empower consumers in the data economy, in particular in relation to the personalization of advertising and personal data sharing. This project was named the 'cookies pledge' to indicate its voluntary nature, even though it was only an exploratory and participatory work strand."

The project objective is to help reduce the need for consumers to constantly accept or reject cookies and other trackers (the source of the so-called “cookie fatigue”) in the first place. "The initiative was also meant to provide consumers with clear information and better understanding of the business model of the company behind the website/app they use and to empower consumers to choose the advertising model fitting best their privacy preferences."

From October to December 2023, ID side actively contributed to the EU Commission Cookie Pledge Initiative and notably the drafting and adoption of high-level principle H proposed by EU Commission (DG Connect) for the pledge. Principle H lays down that:

"Signals from applications providing consumers with the possibility to record their cookie preferences in advance with at least the same principles as described above will be accepted.

Consumers should have their say if they decide that they want to systematically refuse certain types of advertising models. They should be empowered to do this, and privacy and data protection legislation should not be used as an argument against such a choice provided the automated choice has been made consciously."

More than 5 years after CCPA did so in the US, the EU Commission acknowledged the added value of providing individuals with automated Privacy signals' tools. In its opinion on the cookie Pledge, the EDPB also "recognises the abilities of software applications to empower users to protect their terminal equipment" and "encourages the employment of data protection by default or design in such applications", also stressing it "believes that a pledge to respect the signals/settings expressing a user’s refusal, and to not still ask users for consent, could help to reduce cookie fatigue.

Few months ago, ID side Founder and Principal had the privilege to contribute to the Autorité de protection des données - Gegevensbeschermingsautoriteit's seminar on smart cities and illustrate why, in a forward-looking and connected city landscape, Privacy Management Programs (PMPs) are the only way forward (presentation available online).

In terms of compliance, our interconnected and ever-changing digital environment is now incompatible with a material t-time approach supported by Data Protection Impact Assessments (DPIAs). Writing down a document that should be reassessed in case of substantial change does not seem to be an eligible way forward in fast-paced Tech-enabled environments. Conversely, an organic approach is to have cross-sector teams monitoring such changes weekly or daily and adapting available mechanisms & tools at hand makes sense to serve individuals' best interest and rights.

Similarly, in terms of individual control, how could we control all data collected and processed about us if not provided with an appropriate cross-devices and cross-platforms tool?

This is where ID side prototyping comes at the rescue: our app and API provide such actionable control tool to users. From 2019 to 2024, we kept assessing options to address most upcoming smart cities' data processing challenges, and coding those. In 2025, once prototyping is over, we will be shifting to an operational approach, giving a new dimension to what we call the "Light Web" business model (less data processing, more individual control, and sustainability).

On 18 November 2023, the European Data Protection Board (EDPB) opened-up a consultation on Guidelines 2/2023 on the Technical Scope of Art. 5(3) of the ePrivacy Directive until the 18th of January 2024.

In these Guidelines, "the EDPB addresses the applicability of Article 5(3) of the ePrivacy Directive to different technical solutions. These Guidelines expand upon the Opinion 9/2014 of the Article 29 Working Party on the application of the ePrivacy Directive to device fingerprinting and aim to provide a clear understanding of the technical operations covered by Article 5(3) of the ePrivacy Directive. The emergence of new tracking methods to both replace existing tracking tools (for example, cookies, due to discontinued support for third-party cookies by some browser vendors) and create new business models has become a critical data protection concern. While the applicability of Article 5(3) of the ePrivacy Directive is well established and implemented for some tracking technologies such as cookies, there is a need to address ambiguities related to the application of the said provision to emerging tracking tools".

In its contribution, ID side observed that "not only have “tracking technologies” changed since a decade and the adoption of “Opinion 9/2014 of the Article 29 Working Party on the application of the ePrivacy Directive”, our team enhanced the ways in which consent could be requested, which are a central part of article 5(3) of the ePrivacy Directive. We also noted that these methods have evolved substantially and deserve being reassessed based on state-of-the-art technologies now available.

Our contribution relied on ID side solution (plugin + API), architected to empower individuals:

1. to automatically share their individual privacy reasonable expectations wherever they browse,
2. to receive a reduced number of consent requests from first-party and third-party cookie providers (and from providers using URL and pixel tracking, local processing, tracking based on IP only, intermittent and mediated Internet of Things (IoT) reporting, and unique identifiers),
3. to assess, whenever they have time and interest to do so, each consent request, based on specific, intelligible and relevant information.

On September 5, ID side presented the Light Web, ID side patent application, and its cookie banner auto-filling Proof of Concept (PoC) to the UK Department for Science, Innovation and Technology (DSIT).

Discussions revolved around the feasibility of a user-centric automated solution enabling internet users to share their commercial preferences and privacy choices online in a few clicks.

ID side shared the contributions it made to several reflections in the EU about consent, cookies, and online choices— notably under the supervision of the EDPB and EU Commission (DG Connect).

ID side committed to connect with the ICO and to keep DSIT informed about its next app and extension iterations.

On the 2nd of March 2023, ID side was confirmed about its patent application publication in the US.

As previously shared, and as per our WIPO-PCT patent abstract, "our invention relates to a method for communication on a network for a client system to access a service on a remote system" which initial step is "receiving data from a personal user data management system, said data comprising at least one definition of at least one choice of a user for the processing of personal data associated with the user".

On the 4th of October 2022, ID side was confirmed about its patent application publication in China.

As previously shared, and as per our WIPO-PCT patent abstract, "our invention relates to a method for communication on a network for a client system to access a service on a remote system" which initial step is "receiving data from a personal user data management system, said data comprising at least one definition of at least one choice of a user for the processing of personal data associated with the user".

On 14 December 2022, ID side was confirmed about its patent application publication in the EU.

As previously shared, and as per our WIPO-PCT patent abstract, "our invention relates to a method for communication on a network for a client system to access a service on a remote system" which initial step is "receiving data from a personal user data management system, said data comprising at least one definition of at least one choice of a user for the processing of personal data associated with the user".

Early 2020, ID Side filed a WIPO-PCT patent application on the technology that covers the creation of the "Personal Data Choice Management Platform", including notably the use of “privacy-preserving” pseudonymous identifiers.

ID Side’s technology allows internet users to broadcast their default privacy choices to information technology providers. Conversely, it also allows these information technology providers to ask specific internet users to grant them an exception to these default privacy choices.

To enable this to work, information technology providers need a way to indirectly identify a specific internet user within the ID side system, so that these requests for an exception are routed to the correct individual. ID Side’s technology relies on a pseudonymous identifier to make this possible in API calls. This approach creates a potentially unexpected privacy risk: this pseudonymous identifier could be used by information technology providers to indirectly track users, somewhat like using a device address.

ID Side counters this risk by using cryptographic mechanisms that make the pseudonymous identifier change continuously, rendering it useless as a tracking tool.

Would you be interested in knowing more? Our team remains at your disposal through our contact form.

ID side has been carrying out R&D tasks for a bit more than 1 year now. It's been meeting with EU Commission, regulators, NGOs and other interested stakeholders to better shape its R&D program but also better design its prototype.

Based on its first accomplishments and its beta version currently available online, ID side has been noticed by Ionis Incubator and proposed to pursue its work in its start-up labs.

While it keeps moving R&D forward, ID side team is delighted that Ionis incubator identified the benefits our project can bring.

Since February 2019, the ID side team of associates started focusing on a tool for individuals to validly consent and, as per GDPR, get real control on how their personal information gets used and further used. At the side of our regular day-job activities, Privacy expert Marie-Charlotte Roques-Bonnet (20 years’ experience), Security expert Alain Pannetrat (20 years’ experience), and Data visualisation expert Damien Bouquet (15 years’ experience) kicked off EU-based and self-funded R&D with the objective to design a tool empowering internet users to seamlessly share individual automated privacy signals. In 2019, on top of ID side SAS (as per French Law), we also created "ID side for good"—an associative project aiming at giving people control over their personal data and on commercial digital tracking, the capacity to set their privacy choices in a few clicks & share those seamlessly online.

Our end goal is for ID side to foster ethically & environmentally sustainable business models online and facilitate qualitative exchanges between individuals and the Companies they are interested by.

In a nutshell: to create a user-centric digital environment, in which individuals are enabled to choose how their data will be used and which companies they are willing to have a lasting & trusted commercial relation with.

Objective 1 for ID side teams is to help anyone online effectively set their choices (i.e. regarding Privacy, Safety, commercial preferences or Artificial Intelligence), share those automatically and exercise their privacy rights seamlessly.

Let's take an example: Cookie banners. You never read it? By setting your preferences on ID side & installing our extension (on iOS or Chrome), you save time and make sure that every website will be able to know about it and comply with it. This way, you will not have to fill most Cookie banners anymore.

Let's take another example: inboxes’ spamming. Using ID side app, everyone can flag specific brands, products or services they like, and share about desired discounts and price ranges to somehow “self-target” and help companies "getting rid of 24/7 tracking" and only share offers or notifications that are relevant to me -because I decide.

With such ethically and environmentally sustainable model, that we call the "Light Web", the charge resulting from cookie banners, privacy setting and spams' monitoring will be kept to a minimum and make privacy handling online humanly feasible online.

On 4 June 2019, ID side met with CNIL LINC about its user-centric "Data Protection Choices Management Platform" (DPCMP).

ID side plugin allows users to set their by-default Privacy choices regarding cookie banners once and for all, in a granular way, and share those automatically online wherever they browse.

For instance, once our Research turns into a practical tool and we roll it out online, it will automatically fill most cookie banners.

ID side R&D, API, and project were fully described to the French Privacy regulator, and observations from CNIL will be taken onboard.

On 28 June 2018, the California Consumer Privacy Act (CCPA) was adopted. It includes provisions on individual control for opting out of commercial tracking. Its mere existence demonstrates the capacity of lawmakers and data protection regulators to provide individuals with a legal right to control their privacy online using automated signals. It is also an evidence for the ID side project that its tool is a way forward. The same way CCPA empowers consumers to have more control over their personal information in the US, EU law will soon enough put EU citizens in capacity to benefit from such rights. As such, CCPA constitutes an international legal landmark. For ID side teams, it constitutes THE "Legal Square 1" to advance digital fundamental right to Privacy in practice.

On 25 May 2018, the General Data Protection Regulation (GDPR) was adopted. We created ID side because we believed the GDPR is good text but tools were missing for people to efficiently exercise their digital rights. Our standpoint was simple and blunt: with available tools, no consent can be validly collected online.

In February 2019, 9 months after GDPR adoption, our team created ID side. Our project is about providing solutions for individuals and businesses to set their specific and individual choices and preferences online, without repeating those over and over again - which, in a digital and connected devices era, becomes humanly unfeasible.