I normally have a new blog post every Monday. Last week I missed it because I was trying to do some troubleshooting within my blog theme. The problem I have with the theme involves this stupid European Union thing known as GDPR, or General Data Protection Regulation.
By now, most bloggers and everyone else knows at least a modicum about it. For those that don’t, and don’t want to follow the above link, here’s the down and dirty about it.
In essence, this is a privacy regulation that the European Union has come up with that’s supposed to protect the privacy of the general public. It sets in place standards that websites, blogs and any entity that’s online need to set up to alert users that any information they give you might lead to your being tracked or being sold for monetary purposes (or not) or give information to anyone who might want to track you down.
What we’re supposed to do is write specific privacy pages indicating what we’re doing based on what we’re supposed to be doing. We’re supposed to have web cookie alerts to let visitors know that we could (probably are) be dropping these into one’s browser if we ask for information so you don’t have to sign in anew every time you visit or that we won’t be doing anything to you. We’re supposed to give you a way to erase anything you might have ever done on our sites and immediately remove it, no matter how far back it does. Then we’re supposed to destroy any records that might have your information on it, but keep records that can prove we did it if the EU decides to audit us.
It goes a lot deeper than that, but that’s pretty much it in general terms. If you’ve been wondering why you’ve been receiving a rash of emails from sites you might have accounts on or visited every once in a while and possible signed up for something or bought something, or subscribed to an email… it’s related to this.
For bloggers, we’re supposed to do all that and a little bit more. Most blogs require a person who wants to comment to at least leave us an email address; that’s considered tracking information. WordPress software also records IP addresses; that’s considered tracking information. If it’s tied to an avatar that the person sets up elsewhere, that’s considered tracking information. Anything you do that’s related to an email list… you get the picture.
One of my issues is that I use the same theme for all of my blogs. It’s an older theme I like because I can customize it so it looks like whatever I want it to look like. Every one of them has a different color, sometimes different print. Yet, with some of the newer plugins that are coming out, I can’t get some of them to work properly. There are some GDPR plugins that would help a lot, which includes adding a check box that visitors who want to comment could check, indicating they’re allowing you to accept their email address and such, but it won’t work with my theme; sigh…
By the way, the penalty is 20 million euros or 4 percent of a company’s annual global revenue from the year before, whichever is higher. The euros come to $23,072,700; that’s higher than copyright violations by a whole lot!
I’m left with a dilemma… or am I? Let’s talk about it.
The first thing to look at is how much “business” you do with countries covered by the EU declaration. If you specifically market to them and generate any real business, you’re definitely subject to the regulation. If you do very little with them, indirectly or not, you’re still obligated but are probably safe, especially if you’re not making any money or barely any money.
In my case, the average percentage of visitors to my blogs from European Union visitors is less than 2%. I’ve never sold a single thing to anyone over there; there’s no finances for me to track. As we like to say, I’m small potatoes; they could care less about me.
The second thing to look at is that it’s meaningless to anyone outside of the EU. In other words, if anyone in a country that’s not within the EU complains, no one has to do a thing about it. The same privacy laws aren’t in place anywhere else. This means that jumping through proverbial hoops might be cost prohibitive and troublesome if you don’t have a financial incentive to change.
The third thing to think about is privacy notices in general. All websites or blogs that can capture information from someone are supposed to have privacy notices already. This was set up initially in 2009 by the Big G. I have privacy notices on all my blogs, and they all say the same thing. However, Google took Adsense away from this blog in 2010, so I could probably remove their statement and come up with my own.
For everyone else, it’s a good thing to have, but the reality is that almost no one is ever going to read it. That’s true for all these emails we’ve been getting, but it turns out that might be a mistake. It turns out there’s some intriguing information that alerts us to what’s going on within some of the social media platforms or websites we participate with; the article I’ve linked to helped me find out how some advertisers and such have not only been tracking me but the types of things they were linking back to me (more than half of them incorrect).
Lucky for you, I’ve already told you how to handle your LinkedIn privacy settings and my friend Holly told you how to do the same for Facebook before she left the platform for good. This leads to my fourth point.
My fourth point… be vigilant about your information. Regardless of the EU and its pending failure of a regulation (no way this can work against the overwhelming majority of people; Google and Facebook, a much different matter), truth be told, there needs to be some personal accountability from each of us. If you feel compelled to leave a comment on any site, you have to know you’re giving people information. If you visit a site like eBay regularly and don’t want to sign in every time you go, you have to know they’ve dropped cookies on your browser so it works; if you didn’t, consider yourself educated.
If you want that free report and give your name and email address, you know you’re asking to be on a mailing list because they usually tell you that’s what you’re doing. If you don’t want to be on a mailing list, then don’t sign up for the free item.
If you’re added to a mailing list you didn’t sign up for… that’s a different story. That’s happened to me over all the years I’ve been online; still happens now. Yet, the GDPR isn’t going to protect me from that, since I live in New York; this means I have to take care of me, like you have to take care of you.
I’m not saying don’t do anything regarding the GDPR just because you’re not in Europe. I’m not a lawyer; this is just my opinion. What I’m saying is that if you’re not in the European Union, if you’re not marketing your services specifically to members of the European Union, and (at least for now) you’re not in control of the minimal information being requested from someone to participate in your space and they want to participate anyway… don’t overly worry about it.
They haven’t set up enforcement with any outside governments. The FBI isn’t going to stop by to collect the fee imposed on you (which I shared above), and they’re probably not going to slap a freeze on your bank accounts. They could put through a request to freeze your domain name if you’re flaunting the breaking of rules if you’re big enough; that falls under the category of “don’t be stupid.”
At least that’s my take on it; what’s your thought about all of this? By the way, as a caveat, once the United Kingdom officially leaves the EU, the percentage of EU visitors to my site drops to just above 0%. That’s a shame, but for now I can live with it.