How to ensure your customers’ data privacy during monitoring

The personal and professional lives of your customers and other consumers around the world increasingly take place online in the digital realm. It’s therefore not a surprise that data privacy is now such an urgent topic of concern. Countries around the globe have adopted various regulations to ensure the protection of their citizens’ personal information, and more regulation is certainly on the way.

Your responsibilities for ensuring data privacy

As a software vendor, it’s key that you be familiar with all applicable laws in your region and that you comply with these regulations. For us at Dynatrace, this means that we must ensure that our real user monitoring capabilities are implemented in a way that doesn’t compromise the privacy of your personal data or the data of your customers.

Browser cookies

Cookie usage is an important aspect of data privacy. Certain governments, particularly those in the European Union, require that you inform your customers about the use of cookies on your site. For details on Dynatrace cookie usage in support of real user monitoring (or to inform your own web application cookie-usage policies), please see How does Dynatrace use cookies?

Do Not Track (DNT) – HTTP header

Another technique for protecting end-user privacy that’s supported by all web browsers is the Do Not Track HTTP header. With this setting enabled, browsers add an additional HTTP request header to all the web requests they send. This header specifies that all user tracking and analytics must be disabled.

To enable Do Not Track compliance in your Dynatrace environment

1. Select Applications from the navigation menu.
2. Select the application you want to configure.
3. Click the Browse […] button.
4. Select Edit.
5. Click the Advanced settings tab.
6. Set the Ignore Do Not Track HTTP headers switch to the Off position.
   

Additional cookie usage disclosure laws

In certain regions, simply notifying customers of your use of cookies isn’t sufficient. You may additionally be required to implement dedicated functionality that enables your customers to manually enable/disable performance monitoring of their user sessions. See such an example below, which comes from the BBC website.

Cookie opt-in mode

Dynatrace cookie opt-in mode allows you to implement similar functionality in your own web application. With cookie opt-in mode enabled, the injected JavaScript real user monitoring code doesn’t capture any data or set cookies. Data capture and cookie usage can, however, be enabled for individual users using the JavaScript API call dtrum.enable(). This allows you to implement a cookie opt-in setting that enables your customers to comply with the data privacy standards in their region.

Cookie opt-in mode is available for all applications where the real user monitoring JavaScript code snippet is injected automatically. It’s also available for agentless-monitored applications where the JavaScript code snippet is injected manually.

Even with Dynatrace monitored enabled, if your customers don’t have Dynatrace cookies set in their browsers, no monitoring data will be captured. You must explicitly call the JavaScript API call dtrum.enable() from each of your customers’ browsers to restart monitoring-data capture.

To enable cookie opt-in mode for a web application

1. Select Applications from the navigation menu.
2. Select the application you want to configure.
3. Click the Browse […] button.
4. Select Edit.
5. Click the Advanced settings tab.
6. Set the Enable cookie opt-in mode switch to the On position.