(no title)

1.3.14.2 Coop's implementation of the server side container The purpose of the server side container that Coop has implemented is to improve the security related to the data sent. More specifically, the aim is to on a good and safely be able to protect the personal privacy of those registered. Server side the container acts as a proxy between the registrant's browser and the Tool where Coop has chosen to implement the server side container in a way that makes them the registered browser's public IP address is never transmitted to the Tool. Implementation can be described as follows. A registrant visits the website www.coop.se in your browser. The Google Analytics script is downloaded from the server side container instead of being downloaded directly from Google Analytics servers. This results in the registrant's IP address as well as information about user behavior, device information, customer status, online identifiers and transaction data (according to points 1–5 above under section 1.3.10) are transferred to the server side container, instead directly to Google Analytics. Once the Google Analytics script has been downloaded from the server side container, a new call is made from the server side container to Google Analytics servers. Since the call is made from the server side container, no transfer of the registrant's public IP address to Google Analytics. Coop has configured the server side container in such a way that all data as above, except it was recorded public IP address, passes through the server side container to Google Analytics. Google Analytics receives data sent from the server side container and that data (information) that has been sent is popularized in reports by the measurement set up on the website www.coop.se. The treatments that take place through the aforementioned – i.e. to receive, convert and forward the call - takes place in the working memory of the server side container. It means all processing takes place in real time and that no data is permanently stored. In other words, stored public IP addresses were not registered in the server side container and they are not exposed rather against Google Analytics servers. All communication from the browser, via server side container, to The tool is also encrypted.

This process cannot be reversed as the information is not stored and the conversion not based on a one-to-one relationship that enables the use of a "key" to recreate the public IP addresses. Coop has activated Google's function for IP anonymization. It means that the IP address sent to the Tool is truncated. This is done by Google removing one part of the IP address before the IP address is stored on disk. For an IPv4 address, last is replaced the octet in the address with a zero. For an IPv6 address, the last 80 bits are replaced with zeros. The action cannot be reversed but as this action is done by Google i Coop has also chosen to implement the tool as a server side container. In Coop's case, the IP anonymization feature is enabled and applied to the generic IP address sent via the server side container. In context, however, the function is redundant considering that the server side container prevents the public of the registered IP addresses from being sent to the Tool. Coop's assessment is that server side the container as a measure is a sufficient protective measure, but that it does not harm that even have the IP anonymization function activated in the Tool.

Do you happen to know which section of the ruling it is where they discuss why Coop needs to stop doing this? It's a PDF and the translation tool I'm using on my phone is a pain.