General FAQ
What does ADPC stand for?
ADPC stands for Advanced Data Protection Control.
What is ADPC?
ADPC is a technical specification that describes how signals for automated communication of users data protection decisions can be sent from the terminal of a user (usually the browser) to a website. It aims to demonstrate that a more reasonable approach to communicate privacy preferences than typical “cookie banners” is possible.
Is ADPC intended only for Europe?
No. While ADPC has been carefully designed to be in compliance with privacy and consumer protection regulations such as the EU General Data Protection Regulation (GDPR), it can be used to express data subjects’ privacy decisions in non-EU frameworks. Any form of opt-in and opt-out can be communicated with a system like ADPC.
Can I contribute to improve ADPC?
Sure thing! You are more than welcome to get involved!
How can I contact you?
Simply use the online form below or send us an email.
ADPC has a cool logo! Can you give us more information about your logo?
The logo is designed by Soheil Human. It has a simple but complex design. Using simple lines, the logo constructs an “optical illusion”. The main idea behind the logo is that privacy is a complex, interconnected, interdisciplinary, and challenging matter that needs advanced but explainable solutions under the control of humans. The colours are inspired by the flags of the European Union (gold and blue) and Austria (red). Gold resembles the advancement of data protection sought by ADPC, blue resembles the humans’ right to privacy, and red resembles privacy control which should be given back to humans.
Where can I find more information about the history of ADPC and the team behind it?
ADPC started as a collaboration between the Sustainable Computing Lab at the Vienna University of Economics and Business and NOYB in a joint project called RESPECTeD, partially funded by netidee. If you want to know more about our original team, visit https://www.respected.eu.
How should I cite ADPC?
We will soon publish several scientific papers and articles about ADPC. Please check this section later for more information. Currently, you can cite the specification itself. How? See: https://epub.wu.ac.at/8280/
Non-expert Users FAQ
I have no technical background, can I use ADPC?
Yes. ADPC aims to empower all users. Our main priority are users that have no technical background. At the moment a basic implementation of an ADPC browser-plugin can be found in our download page.
If a system like ADPC gets wider support, browser and plugin developers could provide different and better implementations of ADPC in the near future. ADPC allows developers a lot of freedom to come up with innovative options to manage your choices.
Which platforms and browsers are supported?
ADPC is not dependent on any browser or operating system and can be used on a wide-range of different technologies.
However, the current prototype implementations can only be used on the desktop versions of Firefox and (soon) on Chromium-based browsers (Google Chrome, Brave, Opera and alike). We have not tested the extension on all operating systems so if you have problems, please let us know. After all that’s the point of a prototype.
I'm not an expert but I love this idea and want to support it, what can I do?
The most valuable support that you can provide us is to introduce ADPC to your friends and family. Follow us on social media, share our updates, write about us. Introduce ADPC to any regulators, policy makers, businesses, engineers, academic persons and activists that you know. As a user, your feedback about ADPC and its prototype implementations is also very helpful for us. Thanks for your support.
Technical FAQ
I have a website, how can I use ADPC to easier comply with the privacy regulations?
We have provided a simple server-side implementation of ADPC written in JavaScript. You can find the link to this software in our resources page. Moreover, we plan to develop ADPC plugins for different CMSs such as WordPress, and Drupal.
What is the difference of ADPC and DNT (Do Not Track)?
While DNT is a binary signal, ADPC is an “Advanced” means Data Protection Control mechanism that makes it possible to communicate different consent and tracking decisions. It also makes it possible for the data controllers to express and request their expected consents.
What is the difference of ADPC and GPC (Global Privacy Control)?
While GPC is a binary signal, ADPC is an “Advanced” means Data Protection Control mechanism that makes it possible to communicate different consent and tracking decisions. It also makes it possible for the data controllers to express and request their individual consents, leaving websites the freedom to ask for any type of consent (no matter if it’s the placement of cookies, or something extremely customized).
Is ADPC only limited to websites, or Apps or other digital technologies can also benefit from it?
Using ADPC as a specification is not limited to websites. Although the current version of the spec provides more examples and explanations that can be helpful for websites than other online technologies. In the future, a wide range of online software and services can function based on ADPC. You can support us to improve and extend ADPC.
What about the problem of digital fingerprinting? Have you considered this as a challenging issue?
Sure, we are well aware of this problem and the debates around it.
Other than signals that are constantly sent, ADPC limits the fingerprinting surface by not sending any signal if a domain does not publicly announce that is supports ADPC and thereby commits to not use the signal further, as well as sending different signals to different domains. In addition, depending on the implementation, specific choices are only sent to websites where the user made such a privacy choice (like a consent).
We believe that this approach can highly reduce the issue of (legal) fingerprinting. However, this matter needs further investigation and discussion. We hope that people like you support us to work on this together!
Does ADPC provides a specific privacy "vocabulary"?
No. ADPC is a signalling (communication) mechanism that allows automation of privacy management. It does not limit data controllers or data subjects to use a specific set of vocabulary. However, we truly believe that more standardisation regarding privacy vocabularies are needed, if we aim to reduce the load from the users and provide more and more automating regarding privacy management.
Legal FAQ
How can ADPC be enforced?
If a website publicly declares to allow users to exercise their rights via ADPC, by implementing the ADPC signal, there is no problem to enforce any non-compliance under GDPR or ePrivacy.
We are obviously aware about the fate of DNT and other signals, that were simply not implemented by websites. We therefore hope to see a clear requirement to implement a specific signal under the upcoming ePrivacy Regulation. ADPC is meant to show to the regulators how such a signal could work.
Is ADPC only based on the GDPR or ePrivacy?
No. While ADPC has been carefully designed to be in compliance with the privacy and consumer protection regulation, such as the EU General Data Protection Regulation (GDPR) and the upcoming ePrivacy Regulation, it is not limited to European regulations and can be used to express data subjects’ privacy decisions in line with different non-European regulations, as it allows various forms of opt-in and/or opt-out signals.
Is ADPC only an opt-out signal (like DNT or GPC)?
No. First, ADPC is not a binary signal like DNT. Second, ADPC allows opt-in (consent) and opt-out (objection) signals, whereas other signals (e.g. DNT and GPC) are based on an opt-out framework.
Does ADPC support general signals as well?
Yes, ADPC allows both general signals (like “reject all”, “withdraw all”, “object to all”), and specific signals (like consent to a specific request), as well as a combination of general and specific signals (like “reject all, but consent to requests ‘x’ and ‘y’”). This is an ADVANCED data protection control, not a simple binary signal! 😉
Is ADPC a general signal that is sent to different data-controllers?
No. Every data controller can send their own specific requested consents to the ADPC user-agent (browser/plugin). This means, ADPC is domain specific (‘site specific’), so users can choose to tailor their interaction with different web sites and data controllers.
Note: we believe that users have the right to express their privacy decisions, even if a controller does not start the ADPC exchange procedure (which is expected in most cases). In such cases, the user obviously can send a general opt-out signal to each and all data controllers or domain-specific signals using ADPC.
Interdisciplinary Experts FAQ
What do you mean by the "human-centricity" of ADPC
We have tried our best to develop ADPC based on a human-centric approach to online privacy and e-consenting. A reflection on our understanding of human-centricity of digital consenting can be found in Soheil Human and Florian Cech’s paper on A Human-centric Perspective on Digital Consenting. According to this approach, instead of considering consent as a symbolic and abstract concept, we need to consider the action of consenting as one, which is the result of continuous and dynamic interactions between the end-user and the consent-obtaining (consent-management) system, performed in a social (and environmental) context. Based on this view, consenting is a sociocognitive action involving cognitive as well as social (collective and contextual) dimensions and processes. An approach can be called human-centric, wherein individual (cognitive) and social (collective & contextual) dimensions of every single end-user and all end-users combined are taken into account when an information system–a consent-management mechanism in our case–is designed, implemented, evaluated, and released. ADPC tries to contribute towards the development of human-centric consent management approaches.
Does ADPC solve the issues related to online privacy completely?
Clearly not. We think that the challenge of “automation” has been one of the most critical gaps of online privacy. ADPC addresses this fundamental issue. However, other interdisciplinary societal, technical, cognitive, legal, economic, and political solutions and approaches should contribute to protect human’s right to privacy in a human-centric manner. We think that ADPC can be a fundamental enabler for other interdisciplinary solutions. We are willing to work together with you and integrate ADPC into different innovative solutions. If you think that you have a good idea, contact us to talk about our next project! 😉
Ask a question / Send us your feedback
Do you have a question that are not listed in our FAQ?