I’m sure by now you’ve noticed a rather significant uptick in the emails that you’re getting, 95% are with titles of “our updated privacy policy”. Hopefully by now, you’ve listened to Bart Busschots’s excellent walkthrough of GDPR on Chit Chat Across the Pond #534, the European Union’s new General Data Protection Regulation, because that’s what’s behind all of these lovely emails.
Bart explained many features of GDPR, but one of them is that companies that have customers in the EU must have clear and readable privacy policies, sort of the opposite of lawyer-speak. There are also new rules about opting in vs. opting out of having your data collected.
In the old days, when GDPR was just a twinkle in the EU’s eyes, companies could opt you into a service, or trick you by having the opt-in button pre-checked. That option is no longer allowable.
That’s why you’ll notice that many of these communications have a big button begging for you to opt in. If you don’t opt in, they have to erase your data from their database.
I’m bringing this all up just to give some background. I too have jumped on the GDPR bandwagon. While I do have website visitors from the EU, it’s highly unlikely that the EU would ever come after a little podcaster like me. But that’s not the point. The point of GDPR is to give people back control of the information that is collected about them. And how could I in good conscience be against that?
I did a couple of things, and I have to give a big shoutout to my service providers for making it REALLY easy for me.
WordPress Helped with Privacy Policy
I use a content management system called WordPress to create the look and feel of podfeet.com, and to store all the glop I type into it AND the comments you write on it. This week, a new version of WordPress came out (which of course I install because I “stay patched and stay secure.” ). To my surprise, a little fly-up window came on screen that offered to help me write a privacy statement. How cool is that?
I knew there were things I wanted to say about how I as a human take care of what information you give me, but I didn’t have a true understanding of how WordPress handled cookies and such. Luckily that information was in the easy-to-read boilerplate. I added my flavor to the text WordPress gave me and it was done.
I was able to add my new shiny privacy policy to the header menus so you can always go check it out. I wanted to tell you about a few things I learned and a few things I added to the page.
Comments
When you guys add comments on the blog, evidently WordPress collects your IP address and browser user agent (e.g. are you using Safari? Chrome? Firefox?). They do this to help in spam detection. I have to be honest here, with that feature combined with a plugin I use called Akisment, I get MAYBE two spams a month. It’s wonderful.
WordPress also stores an anonymized hash of your email address to see if you use the service Gravatar. That’s what gives some people a nice avatar in the comments (like mine!)
I added more info in the comments section. When you leave a comment, you can choose to add your name and email address. Totally voluntary. But let’s say at a later date you don’t want your email address stored by me. It’s pretty easy for me to search for you by email address in WordPress so I could easily delete all of your comments if you wanted me to. You never know when someone needs to go silent on the Internet and I would never stand in their way.
When you put your name, email address and website into the comment form, this data also gets saved using cookies. They say that when you come back to write another comment later, you won’t have to log in, and the cookies are saved for a year. I wonder about that though, it seems to me that I have to log in lots of times to leave comments back on my own site!
Analytics
There’s a section in the boilerplate about analytics with a title that says, “Who we share your data with”. Well, I don’t share it with anyone! Not for free, and not for any compensation whatsoever. That would be gross.
Podfeet Press
Another part of the Privacy Policies is this opt-in to communications thing. You may have heard me talk about the Podfeet Press. This is a newsletter that’s mostly auto-generated and announces when the shows get posted. I say mostly because when something weird happens, I also use the Podfeet Press to tell people. Let’s say my website goes belly up, or I’ve got laryngitis, that’s the kind of thing I might do an out-of-band notice on using the Podfeet Press.
Compared to the average statistic the service Mailchimp gives me, the open rate for this newsletter is unusually high, in the mid 40%, so evidently most of the people on the list like it.
Even though you had to click on the Podfeet Press link in the menus on podfeet.com and even though you had to voluntarily put in your email address and request to receive it, the GDPR is requiring that people get the opportunity to opt in yet again.
It was probably overkill for me to do this one, but when I found out that Mailchimp had created an automatic way to ask you, I thought “why not?” I added my own particular flavor of silliness to it, of course. The only thing I don’t like (and don’t think I could’ve controlled) is that once you hit opt in, you get taken to a page that asks what kinds of emails you want from me including marketing messages. I only use your email address for the purposes I mentioned, never for marketing.
But hey, if you want off the list, this sure makes it easy, and the last thing I want is to bug you guys!
Bottom Line
I found it really interesting to go through the process of following the GDPR rules. I’m glad I went through the effort to give more transparency to everyone.