ConsentMark
Free Scan
Human Security logo
SecurityHigh complexity

Human Security

by human-security

All product names, logos, and trademarks are the property of their respective owners. Their inclusion here is for identification purposes only and does not imply endorsement by Obscurity Ltd.

Sets cookies
No
Sends PII
No
Cross-site tracking
No
Consent required
Functional

Overview

Bot detection tag that collects extensive behavioural and device fingerprinting data from every visitor, including mouse movements, keystroke dynamics, and network characteristics. While the security purpose may support a legitimate interest legal basis under GDPR Article 6(1)(f), the depth of data collection rivals that of the most invasive analytics tags. Organisations should document a balancing test and assess whether ePrivacy Directive consent obligations still apply despite the security justification.

Detection capabilities

Signature count
5
Detection methods
network
Property types
hostnamepathname

Performance impact

Performance Impact

Requests per page
3

Common mistakes

  • 1Not disclosing bot detection in the privacy notice - even though it serves a security purpose, it involves collecting detailed behavioural and device fingerprint data from all visitors
  • 2Assuming security tools are automatically exempt from consent requirements without assessing the specific data collected and whether it constitutes personal data under GDPR
  • 3Failing to conduct a proportionality assessment - Human Security collects extensive behavioural signals, and organisations should verify that the level of data collection is proportionate to the bot threat
  • 4Not reviewing the data retention period for bot detection signals, which may persist longer than necessary for the security purpose
  • 5Overlooking the device fingerprinting aspect, which the ePrivacy Directive treats similarly to cookie-based tracking and may require consent in some jurisdictions

Compliance considerations

Human Security's JavaScript tag collects device fingerprinting data, behavioural signals, and network characteristics to identify bot traffic. Under GDPR, this data likely constitutes personal data, but the security purpose may support a legitimate interest legal basis under Article 6(1)(f), provided a balancing test is documented. The ePrivacy Directive's rules on accessing terminal equipment may still require consent for device fingerprinting in some EU member states, regardless of the legal basis under GDPR. Organisations should document their legitimate interest assessment, include bot detection in their privacy notice, and verify that Human Security's data processing agreement covers all relevant data flows. Human Security processes data in the United States and should be assessed against EU-US Data Privacy Framework requirements.

Related services

Gigya

SAP (Gigya)

SecurityLow risk

1 detection signature

Google reCAPTCHA

Google

SecurityLow risk

3 detection signatures

Obscurity Tag Monitor

obscurity

SecurityLow risk

2 detection signatures

Scan your site for human-security

Run a free Consentmark scan to see how human-security is loading on your site, whether it respects consent, and where governance gaps exist across your wider tag estate.

Start a free scan