- What Does The DPS Scanner Do?
- Does the DPS Scanner also track URL requests on password protected pages?
- Why does the DPS Scanner indicate that Google Fonts is loading even though I am not using it?
- What's the difference between Initial Website Scan and Daily DPS Scan?
- How often can I request the Initial Website Scan?
- Can results from the Initial Website Scan and the DPS Scanner be separated?
- Does the Initial Website Scan detect services that have already been added to my CMP?
- Can the Initial Website Scan detect services that go beyond a paywall or login?
- How can I request an Initial Website Scan?
- How can I add results from the Initial Website Scan as Data Processing Services to my Consent Management Platform?
- What do the different statuses mean?
- What does it mean if a Service is "unknown"?
- How do I know if the detected Service is the right one for my website and satisfies my user needs?
- Do Initial Website Scan results disappear as soon as I have implemented the Usercentrics script on my website and DPS Scanner results show up?
- Why are some Data Processing Services not recognized by the Initial Website Scan even though they track data on my website?
- Why does the DPS Scanner show data processing services that I don't use?
- Does the adding of a Data Processing Services from the DPS Scanner directly lead to an immediate change resulting in the script being blocked?
The Usercentrics DPS Scanner tracks outgoing URL requests as soon as the Usercentrics Script tag is implemented on the website. If you evaluate the logged data in the DPS Scanner, you can draw conclusions about the integrated data processing services and technologies. The goal of the DPS Scanner is to identify data processing services that have not been integrated into your Consent Management Platform yet.
The data contains mainly 3rd party services but also piggybacked services that are reloaded by other services. An example is the service "DoubleClick", which is reloaded by default from every YouTube video.
Yes, if the Usercentrics Script tag has been implemented on these pages, the DPS Scanner will also recognize outgoing URL requests on otherwise inaccessible websites.
Please note: The DPS Scanner needs real live visitors or traffic to display results.
You probably have Google Maps integrated in your website. Google Fonts is loaded by Google Maps (piggybacking) and can therefore be configured as a sub consent of Google Maps in the Service Settings area.
The aim of both the Daily DPS Scanner and Initial Website Scan is the same: to identify third party technologies triggered from your website and help integrate them into your Consent Management Platform (CMP).
The major difference is that the Initial Website Scan will only perform a basic scan of your website enabling a customer to get an idea of what third-party technologies are being triggered from their website thus helping to select the appropriate ones to store in the CMP. This is especially helpful for clients in the on-boarding process.
Whereas, the Daily DPS Scanner runs daily to give a more extensive set of data which not only contains third-party technologies but also piggybacked services. An example is the service "DoubleClick", which is reloaded by default from every YouTube video.
The Initial Website Scan can only be requested once. And that is, before your website has gone live with the Consent Management Platform.
No, the Initial Website Scan results will help you to get an initial idea of the third-party technologies on your website. Once you integrate our Usercentrics CMP and the DPS Scanner is activated, the results from the Initial Website Scan and DPS Scanner will be merged. The DPS Scanner will then start running daily to keep your results up-to-date.
Yes, the services that have already been added to your CMP will be shown with a status Done in your results table.
No, the Initial Website Scan cannot detect services beyond paywalls, logins or consents. That means, if you have implemented a CMP, and consent has not been given, the Initial Website Scan would not be able to crawl beyond those services.
Currently, the Initial Website Scan can be requested in your Admin Interface under:
Service Settings → DPS Scanner
The results of the Initial Website Scan are deleted after 14 days.
Please note: The Initial Website Scan section is only available when there is a new Settings ID or there are no DPS Scanner results. Once an initial scan is requested, the results for the scan will be shown in the same page of the Admin Interface at the latest, 24 hours after the request has been initialized.
You have the option to directly add services from your results table. Depending on the detected services, you would have the following options to add a service as a Data Processing Service to your Consent Management Platform:
Add a pre-defined services using the Add Service action button or,
for Unknown Services create a custom service using the Create Custom DPS action button or,
In case the listed service is irrelevant for you, you can simply ignore the service using the Ignore Service action button.
Alternatively, you could also add them from Service Settings in your Admin Interface.
Each detected service will have a status assigned to it, found in your results table.
The different status and their descriptions are:
Todo: This service has been detected as a third-party service and you might want to add it as a Data Processing Service to your Consent Management Platform. Please evaluate if the proposed Data Processing Service meets your CMP setup and legal requirements.
Done: The respective service has been added as a Data Processing Service to your Consent Management Platform.
Whitelisted: The respective service has been ignored and added as a whitelisted service. This is particularly relevant for services you do not want to add as a Data Processing Service, and simply ignore them from your Todo list.
An “unknown” service means we could not map that service with our pre-defined Data Processing Service templates. In such cases, you could either create your own Custom Data Processing Services or simply ignore them, if the detected services are irrelevant for you or have already been added to your CMP. If a found URL belongs to a data processing service that you have already added in the Service Settings, you can also ignore the entry in the DPS Scanner.
The services that we detect and map for you are simply suggestions from us.
For example, if your result is shown as below, it means that the detected service matches our pre-defined Data Processing template of “Google Webfonts”.
We recommend that before you add these pre-defined services to your Consent Management Platform, kindly check if it meets your setup and legal requirements. If not, please create a custom service that better suite your needs.
No, as soon as you have implemented the Usercentrics script on your website and the DPS Scanner results are displayed, the Initial Website Scan results merge with the DPS Scanner results creating a table of combined results.
The Initial Website Scan does not recognize technologies beyond a paywall, login or when the Consent Management Platform is implemented and consents are not given. This is the reason why some Data Processing Services which lie beyond these layers, may track data on your website but are not recognized by the Initial Website Scan.
Depending on the individual case, the DPS Scanner may also track:
-
Calls that are generated by browser plugins. For example, a visitor translating your website through their Google Translate plugin may create a call to this service that’ll be tracked.
-
Data processing services that are loaded via other services, so-called piggybacked services
-
Services for the technical implementation of your website such as CND, shop management services and CMS
Please always make sure to have your data privacy officer check the results of the DPS Scanner. These results are only a suggestion provided by Usercentrics, telling you which services we consider being part of your web presence.
No, please adjust all scripts according to our documentation:
-
If you have implemented the script of the Data Processing Services directly on your website, you will have to adjust the script for your website.
-
If you are using a Tag Management System, you will have to adjust the variables and triggers of the Data Processing Services directly in the Tag Management System.
-
If the Smart Data Protector is not used, then you will manually have to adjust the script to block data from being transferred to 3rd party processing services, until the user consent is provided.
Comments
0 comments
Please sign in to leave a comment.