Attention when using Google reCAPTCHA

2B Advice
CAPTCHA is a variant of the Turing-test to determine whether a visitor to a web application is a real person. The principle behind the idea of CAPTCHA is to set up an ideal task easy for humans to solve but very difficult for machines (bots). First and foremost, CAPTCHAs are known as a kind of security protection tool and should be used to protect against the misuse of resources and robot fraud.

With the rapid development of artificial intelligence and machine learning, in the past few years this traditional authentication method has been repeatedly breached. With this in mind, Google released their new generation of CAPTCHA services in 2013, the reCAPTCHA v2, which replaces the traditional CAPTCHA operating mechanism with behavioural analysis and a more advanced browser interaction. The aim is to eliminate completely negative user experiences while better identifying humans and robots.

In practice, the visitor clicks on the "I'm not a robot" box, information such as IP address, local settings, mouse movements, time spent on the site, etc. is uploaded to the Google servers and then analysed to determine if the owner of the information is a real person.. In November 2018, Google updated reCAPTCHA again and released the enterprise version reCAPTCHA v3, which, compared to v2, searches for more detailed data about the visitors in order to determine a risk level for them and send the result back to the website operator. Using the result as a threshold, the site operator can perform variable actions against a request in their sites to provide precise control over the use of their resources. Furthermore, reCAPTCHA now abandons the use of the check box, runs completely in the background and uploads the collected information continuously. Therefore, visitors are not aware that they are currently monitored and evaluated by the CAPTCHA components embedded in each page of the site.

2B Advice is of the opinion that if personal data are transmitted by the controller to a third party, who then process it, an opt-in mechanism and an explicit consent of the website visitor is required. This type of process is currently still rather unclear. Ultimately, the question arises as to whether the legitimate interest of Google and the website operator deserves more protection than the one of the data subjects/individuals.

In this context, this can reasonably be questioned.

Foto: ©

Further Information:

Rating: 0 (0)

© 2012 - 2019 |  2B Advice LLC - the privacy benchmark
7220 Avenida Encinas Ste 208 | Carlsbad | CA | 92011 | Phone: +1 (858) 366-9750 | Fax: +1 (212) 898 1248 | Email:
The pages do not contain any legal advice | No responsibility for the accuracy of the information. Please also notice: Privacy Notice | Legals

2B Advice GmbH Italy
2B Advice GmbH Germany | 2B Advice s.r.o. Slovakia 
United States of America | Slovakia | Germany | San Diego | Bonn | Berlin | Munich | Brezno
 | Verona | Vienna