At the University of Michigan, we have a commitment to respecting and protecting the privacy of our community members and guests. In the summer of 2022, the U-M Privacy Office decided to put that commitment to the test on U-M websites. ITS Information Assurance (IA) used the real-time website privacy inspection tool Blacklight to scan the top 50 most visited U-M websites hosted by Information and Technology Services (ITS) and the 30 most prominent and recognizable websites hosted by U-M units and departments.
Blacklight was created by investigative journalist and data engineer Surya Mattu, who is also a former Knight-Wallace fellow, and his team of journalists and technologists at The Markup. Since its inception in 2020, Blacklight has been used to scan thousands of websites and has exposed numerous high-profile cases of unethical and possibly unlawful collection and sharing of sensitive personal information.
IA conducted their own Blacklight scan and confirmed that most U-M websites use Google Analytics, and that many feature social media plugins. Website administrators often need to enable these integrations to best fulfill the objectives of the site and serve the needs of its visitors. IA was pleased that university websites used significantly fewer-than-average ad trackers: around three trackers for U-M sites, compared to seven for websites scanned with Blacklight. When it comes to third-party cookies, U-M sites are hovering near the Blacklight average of three.
IA is heartened by these results and remains dedicated to supporting the university community in the secure, appropriate, and ethical handling of data collected on U-M websites.
Tips for U-M website owners to help the university uphold its commitment to privacy
Be transparent. Publish a privacy notice that accurately describes the website’s data practices in an accessible format and easy-to-understand language. The U-M Privacy Office provides a privacy notice template that can be used by all U-M units and departments.
Minimize data collection. Collect only the data necessary for the functioning and support of the website. Consider that any unnecessarily collected and inappropriately shared data may put your website visitors at risk.
Provide and respect choice. Offering your website visitors the opportunity to opt out of data collection, where possible, is the ultimate show of respect for their privacy and autonomy. Treat their data the way you would like your data to be treated.
For more information, resources, and tips on privacy, visit the Privacy section of the Safe Computing website.