Feeback systems are in the field of market research. The aim is to find out as much information as possible about the object and the person in order to adjust performance and services. In this context, answer options are often given, which means that the feedback provider “only” has to choose. Open-ended suggestive questions are asked, in which the answer is already contained in the question. The design and questioning process are also geared towards getting as many answers as possible and statistically evaluating the amount of answers afterwards. These systems are shaped by current trends, whose significance plays a much greater role than the exact results.
In the feedback system, the information provided by the feedback giver is additionally enriched by self-collected data about the feedback giver. Feedback providers are tracked and additional information is stored. The actual goal of tracking users is to obtain their identity. Through the IP, for example, the location is localised, mouse movements and clicks are analysed in order to divide the feedback givers into user groups. Various data sets are passed on to third parties and exchanged to obtain more complete tracking. Google products, such as Google Analytics and AdWords, are used in almost every area of marketing. In addition, data is shared with advertising and analytics companies. have suffered reprisals. Also, obligated parties do not have to set up anonymous reporting offices, which experience shows is essential for the protection of the whistleblower in the majority of whistleblower cases. In addition, it is up to the whistleblower to determine when and if he or she is liable or even punishable for obtaining and passing on information, and is not protected by not protected by the Whistleblower Protection Act. The red line becomes a legal problem and crossing the red line becomes a risk for the whistleblower.
The backend of feedback systems may be designed to be data protection compliant, but they do not fully respect anonymisation. It is generally assumed that due to the mass of data and the lack of interest in restoring complete profiles, anonymisation can be guaranteed by simple measures such as omitting the last digits of the IP. This also seems sufficient for an everyday feedback process. The use of a whistleblowing system, on the other hand, is not an everyday occurrence for reporters. The data collected remains manageable, which means that the anonymisation measures of a feedback or complaints system are not fully effective. It is also doubted whether individual, concrete measures, such as the shortening of the IP, could guarantee the protection of a whistleblower. The anonymisation measures usually used in marketing do not stand up to an IT forensic analysis, for example in the context of a criminal trial – and are of course not designed for this.
Whistleblowing systems are characterised by the fact that they are closely adapted to the applicable regulations and take them into account in a holistic approach. This does not necessarily manifest itself in appearance. At first glance, there seem to be many solutions that could be considered as a whistleblowing system. The real know-how of regulatory compliance solutions is not in the outward design. There are many different solution steps, each of which is closely linked to regulations. These are combined into a holistic concept and reside in the backend of a system. This includes several security layers, encryption and well thought-out deletion and storage concepts. Whistleblowing systems are designed to be open and objective. The whistleblower should have the feeling of being able to decide freely. When submitting a report, he has already decided of his own accord to take the time. It is neither advisable nor necessary to “shuffle through” the form. Rather, the aim is to obtain high-quality information. This is achieved when the whistleblower feels safe and can be made to feel in a serious manner that he or she can help uncover wrongdoing. Every incoming tip must be processed and confirmed individually.
Whistleblowing systems should completely refrain from storing IPs and further tracking. Collecting user data – as well as sharing it – is far from the actual purpose of a whistleblowing system. Even if IP and other user data are not stored in self-developed software at a certain point in time, it is possible for developers to allow storage by changing the code. Many programmers also like to leave backdoors open in order to be able to act flexibly. Therefore, self-developed solutions in the area of anonymous whistleblower software should be avoided.
Read more about the possible solutions to deal with the new whistleblower protection law.
