On January 29, 2024, the European Data Protection Board (EDPB) launched a new website auditing tool aimed at simplifying compliance with data protection laws for websites.
The tool, which was developed under the EDPB Support Pool of Experts (SPE), is designed to assist both legal and technical auditors in analyzing whether websites meet legal standards, and can be used by both data protection authorities (DPAs), and data controllers and data processors who are interested in self-assessing their compliance.
In addition, the tool is an Open Source Software under the EUPL 1.2 License, which means people can also help improve it. You can download it from code.europa.eu, and even look at and help improve the code it's made from.
According to the information made available about it so far, the tool allows you to prepare, conduct, and evaluate audits of websites just by visiting them. According to the official press release on the EDPB’s website, it works well with other auditing tools too, such as EDPS website evidence collector, which means it allows the import and evaluation of audit results from these other tools and can generate comprehensive reports to help you analyze and document compliance with data privacy regulations.
In the past, checking websites was a hard task to perform which required specialized knowledge. Recognizing this challenge, the EDPB created this new tool to change that, making it more accessible for national DPAs and simplifying compliance checks for controllers. This user-friendly approach is expected to facilitate more efficient enforcement and compliance across the board.
The website auditing tool was developed by an expert of the EDPB’s Support Pool of Experts (SPE) under the guidance of the EDPB Secretariat. It was first shown to data protection experts in June 2023 at the EDPB Bootcamp, where it received positive feedback which led to its publication as Free and Open Source Software. The Support Pool of Experts is a group created by the EDPB with the aim of helping data protection offices do their jobs better by giving them effective tools as well as access to experts. The tool is part of the EDPB 2021-2023 Strategy to make data protection stronger in Europe.
Looking ahead, the EDPB plans to release a second version with enhanced features later in the year, reflecting their commitment to continuous improvement.
The launch of this auditing tool may mark a significant step forward in the EDPB's efforts to support data protection authorities and businesses alike in navigating the complexities of compliance. By making these resources widely available and easy to use, the EDPB aims at paving the way for a more privacy-conscious and compliant digital environment.