The European Data Protection Supervisor (EDPS) has developed open source software tools for the automation of privacy and personal data protection inspections of websites.
With the EU data protection legislation applicable (the GDPR and the corresponding Data Protection Regulation (EU) 2018/1725 applicable to Union institutions) many websites have updated their privacy consent management mechanisms and rethought their personal data processing operations. This change, plus personal data breaches on websites, led to an increasing public awareness on privacy issues of websites and resulted in an increasing number of complaints to supervisory authorities.
The EDPS software tool contribute to awareness and good practices for allowing responsible persons and relevant stakeholders to gather evidence on personal data processing operations of websites using a reproducible, reliable, and fast method. No third-party cloud service is involved to gather such evidence. The tool is self-consistent and can be used in intranets without internet access. The European Union Public License (EUPL-1.2) open software license allows experts to adapt the tools to their own needs.
The tool collects evidence of personal data processing, such as cookies, or requests to third parties. The collection parameters are configured ahead of the inspection and then collection is carried out automatically. The collected evidence, structured in a human- and machine-readable format, allows website controllers, data protection officers and end users to understand better which information is transferred and stored during a visit of a website, i.e. the consecutive loading of a number of web pages without giving consent or logging in.
More information on: https://edps.europa.eu/press-publications/edps-inspection-software_en