EDPS Inspection Software
The European Data Protection Supervisor (EDPS) has developed open source software tools for the automation of privacy and personal data protection inspections of websites: Website Evidence Collector (WEC) - a standalone command-line tool for experienced users, and WEC Online - a web-based version with a user-friendly interface.
Both tools allow laypersons after a brief introduction to gather evidence on personal data processing operations of websites using a reproducible, reliable, and fast method. No third-party cloud service is involved to gather evidence.
Quick Access
- Open source repositories (EUPL-1.2 License):
- WEC: https://code.europa.eu/EDPS/website-evidence-collector
- WEC Online: https://code.europa.eu/EDPS/wec-online
- For EU institutions: The EDPS provides a hosted WEC Online service at https://webgate.ec.testa.eu/edps/website-evidence-collector/ (accessible via EU Login through the TESTA network)
- Contact: tech-privacy@edps.europa.eu
Website Evidence Collector (WEC)
Developed in 2018, the WEC collects evidence of personal data processing, such as cookies and similar tracking technologies, providing website owners and data controllers with the means to self-assess their websites' compliance and foster accountability.
The collection parameters are configured ahead of the inspection and then collection is carried out automatically. The collected evidence, structured in a human- and machine-readable format (YAML and HTML), allows website controllers, data protection officers and end users to understand better which information is transferred and stored during a visit of a website.
The tool starts Chromium with a new user profile and loads all web pages included in the visit one after another with no further user interaction. During the visit, the tool collects:
- Web page screenshots
- HTTP links from the entry web page (internal, external, social networks)
- List of visited web pages
- Information stored in HTML5 local storage
- All cookies in the browser profile
- HTTP traffic as HAR file
- Requests identified by EasyPrivacy filter list
- List of requested first- and third-party hosts
- Messages exchanged via WebSockets
Compatibility and Installation
The WEC should be compatible with Windows, MacOS, Linux and all platforms that support NodeJS and Chromium. However, the EDPS has run the WEC only on Linux and MacOS. For an installation on MacOS and Linux without administrator privileges, please follow our advice in the FAQ on code.europa.eu.
To use the tool you can either install it directly using Node.js and the Node.js package manager (NPM) or you can use the provided container image with tools such as docker or podman. Tutorials for both approaches are provided on our dedicated code.europa.eu page.
Bug Reporting: code.europa.eu/EDPS/website-evidence-collector/issues
WEC Online
WEC Online builds on the Website Evidence Collector as a multi-user web application that provides a user-friendly interface and is designed for organisations to be centrally deployed and made accessible to its members. It maintains all the features of the original WEC while making them accessible to non-technical users.
The tool enables automated generation of summary reports gathering the same information as the WEC. The reports can be viewed in the user interface and downloaded locally.
Organisations can deploy WEC Online on their own infrastructure using the open source code. The source code of WEC Online as well as detailed installation and configuration instructions are available on code.europa.eu.
Bug Reporting: code.europa.eu/EDPS/wec-online/issues
_______________________________________________________________
Please read carefully the EUPL licensing conditions. As stipulated in Section 7, the EDPS provides these tools on an 'as is' basis and without warranties of any kind, including fitness for a particular purpose, absence of defects or errors, or accuracy.