Important NEW LAW: GDPR For blogs that host comments / newsletters etc.

Blackpepper1

Money Making Megastar!
Joined
Feb 7, 2014
Messages
3,080
Points
193
If you're making money then it may not be seen as recreational - but I agree, I think 'they' have bigger fish to fry.
Also with that article I posted above which actually that makes things allot clearer about how it affects Wordpress sites.
 

Jon

Money Making Megastar!
Joined
Oct 17, 2013
Messages
32,378
Points
283
Age
42
Location
Leeds
Also with that article I posted above which actually that makes things allot clearer about how it affects Wordpress sites.
Just had a read of that and it seems that it affects them a lot then

Final thoughts
To sum up what it means to make WordPress GDPR compliant:
  • the law comes into effect in May 2018,
  • it applies to any website that deals with personal information of EU users (read: all WordPress websites),
  • it gives the user the right to control the flow of their personal information,
  • there are defined processes to monitor compliance and huge fines are in place for non-compliance.
In a nutshell, to make your WordPress GDPR compliant, you should (1) look into all the different ways in which you’re collecting visitor data. Next, (2) put mechanisms in place to make sure that users can control their data. Additionally, (3) it’s probably a good idea to avoid collecting user data where it’s not necessary (like the contact form example from above). And most importantly of all, (4) even if you’re using third-party tools and solutions, you still need to make sure that those are GDPR compliant as well.
 

Blackpepper1

Money Making Megastar!
Joined
Feb 7, 2014
Messages
3,080
Points
193
Just had a read of that and it seems that it affects them a lot then

Final thoughts
To sum up what it means to make WordPress GDPR compliant:
  • the law comes into effect in May 2018,
  • it applies to any website that deals with personal information of EU users (read: all WordPress websites),
  • it gives the user the right to control the flow of their personal information,
  • there are defined processes to monitor compliance and huge fines are in place for non-compliance.
In a nutshell, to make your WordPress GDPR compliant, you should (1) look into all the different ways in which you’re collecting visitor data. Next, (2) put mechanisms in place to make sure that users can control their data. Additionally, (3) it’s probably a good idea to avoid collecting user data where it’s not necessary (like the contact form example from above). And most importantly of all, (4) even if you’re using third-party tools and solutions, you still need to make sure that those are GDPR compliant as well.
Yes basically from what I could understand from that article it is just keeping things so that users can control their data easily. I expect a lot of plugins will be redesigned so that they will be compliant from May 2018 even WordPress itself will have to make it's platform is definitely compliant otherwise they as a company would be liable as well as individual users.
 

cazkins

Money Making Megastar!
Joined
May 22, 2016
Messages
499
Points
163
Location
South West
Website
invisiblyme.com
What the heck?! I've never heard of this before... Surely Wordpress and other providers should be telling us this, letting everyone know?! Aaaaah!!!
 

Jon

Money Making Megastar!
Joined
Oct 17, 2013
Messages
32,378
Points
283
Age
42
Location
Leeds
What the heck?! I've never heard of this before... Surely Wordpress and other providers should be telling us this, letting everyone know?! Aaaaah!!!
The emphasis isn't on wordpress.

The emphasis is on you as a blogger and the data you keep about your readers
 

Jon

Money Making Megastar!
Joined
Oct 17, 2013
Messages
32,378
Points
283
Age
42
Location
Leeds
I'm getting more and more and more emails about this!

I'm also seeing more pleas for help from all sorts of 'online' companies that maybe aren't so big but still hold customer / user / reader data!
 

Jon

Money Making Megastar!
Joined
Oct 17, 2013
Messages
32,378
Points
283
Age
42
Location
Leeds
The gdpr warning emails continue to come into my mailbox from companies I work with...

Ugggghhh this isn’t going to be pretty I don’t think
 

Jon

Money Making Megastar!
Joined
Oct 17, 2013
Messages
32,378
Points
283
Age
42
Location
Leeds
Email from Google

Dear Partner,

Over the past year we've shared how we are preparing to meet the requirements of the GDPR, the new data protection law coming into force on May 25, 2018. The GDPR affects European and non-European businesses using online advertising and measurement solutions when their sites and apps are accessed by users in the European Economic Area (EEA).

Today we are sharing more about our preparations for the GDPR, including our updated EU User Consent Policy, changes to our contract terms, and changes to our products, to help both you and Google meet the new requirements.

Updated EU User Consent Policy
Google's EU User Consent Policy is being updated to reflect the new legal requirements of the GDPR. It sets out your responsibilities for making disclosures to, and obtaining consents from, end users of your sites and apps in the EEA. The policy is incorporated into the contracts for most

Google ads and measurement products globally.

Contract changes
We have been rolling out updates to our contractual terms for many products since last August, reflecting Google’s status as either data processor or data controller under the new law (see full classification of our Ads products). The new GDPR terms will supplement your current contract with Google and will come into force on May 25, 2018.

In the cases of DoubleClick for Publishers (DFP), DoubleClick Ad Exchange (AdX), AdMob, and AdSense, Google and its customers operate as independent controllers of personal data that is handled in these services. These new terms provide clarity over our respective responsibilities when handling that data and give both you and Google protections around that controller status. We are committing through these terms to comply with our obligations under GDPR when we use any personal data in connection with these services, and the terms require you to make the same commitment.
  • Shortly, we will introduce controller-controller terms for DFP and AdX for customers who have online terms.
  • By May 25, 2018 we will also introduce new terms for AdSense and AdMob for customers who have online terms.
If you use Google Analytics (GA), Attribution, Optimize, Tag Manager or Data Studio, whether the free or paid versions, Google operates as a processor of personal data that is handled in the service. Data processing terms for these products are already available for your acceptance (Admin → Account Settings pages). If you are an EEA client of Google Analytics, data processing will be included in your terms shortly. GA customers based outside the EEA and all GA 360 customers may accept the terms from within GA.

Product changes

To comply, and support your compliance with GDPR, we are:
  • Launching a solution to support publishers that want to show only non-personalized ads.
  • Launching new controls for DFP/AdX programmatic transactions, AdSense for Content, AdSense for Games, and AdMob to allow you to control which third parties measure and serve ads for EEA users on your sites and apps. We’ll send you more information about these tools in the coming weeks.
  • Taking steps to limit the processing of personal information for children under the GDPR Age of Consent in individual member states.
  • Launching new controls for Google Analytics customers to manage the retention and deletion of their data.
  • Exploring consent solutions for publishers, including working with industry groups like IAB Europe.
Find out more

You can refer to privacy.google.com/businesses to learn more about Google’s data privacy policies and approach, as well as view our data processing terms and data controller terms.

If you have any questions about this update, please don't hesitate to reach out to your account team or contact us through the Help Center. We will continue to share further information on our plans in the coming weeks.

Thanks,
The Google Team
 

Blackpepper1

Money Making Megastar!
Joined
Feb 7, 2014
Messages
3,080
Points
193
Email from Google

Dear Partner,

Over the past year we've shared how we are preparing to meet the requirements of the GDPR, the new data protection law coming into force on May 25, 2018. The GDPR affects European and non-European businesses using online advertising and measurement solutions when their sites and apps are accessed by users in the European Economic Area (EEA).

Today we are sharing more about our preparations for the GDPR, including our updated EU User Consent Policy, changes to our contract terms, and changes to our products, to help both you and Google meet the new requirements.

Updated EU User Consent Policy
Google's EU User Consent Policy is being updated to reflect the new legal requirements of the GDPR. It sets out your responsibilities for making disclosures to, and obtaining consents from, end users of your sites and apps in the EEA. The policy is incorporated into the contracts for most

Google ads and measurement products globally.

Contract changes
We have been rolling out updates to our contractual terms for many products since last August, reflecting Google’s status as either data processor or data controller under the new law (see full classification of our Ads products). The new GDPR terms will supplement your current contract with Google and will come into force on May 25, 2018.

In the cases of DoubleClick for Publishers (DFP), DoubleClick Ad Exchange (AdX), AdMob, and AdSense, Google and its customers operate as independent controllers of personal data that is handled in these services. These new terms provide clarity over our respective responsibilities when handling that data and give both you and Google protections around that controller status. We are committing through these terms to comply with our obligations under GDPR when we use any personal data in connection with these services, and the terms require you to make the same commitment.
  • Shortly, we will introduce controller-controller terms for DFP and AdX for customers who have online terms.
  • By May 25, 2018 we will also introduce new terms for AdSense and AdMob for customers who have online terms.
If you use Google Analytics (GA), Attribution, Optimize, Tag Manager or Data Studio, whether the free or paid versions, Google operates as a processor of personal data that is handled in the service. Data processing terms for these products are already available for your acceptance (Admin → Account Settings pages). If you are an EEA client of Google Analytics, data processing will be included in your terms shortly. GA customers based outside the EEA and all GA 360 customers may accept the terms from within GA.

Product changes

To comply, and support your compliance with GDPR, we are:
  • Launching a solution to support publishers that want to show only non-personalized ads.
  • Launching new controls for DFP/AdX programmatic transactions, AdSense for Content, AdSense for Games, and AdMob to allow you to control which third parties measure and serve ads for EEA users on your sites and apps. We’ll send you more information about these tools in the coming weeks.
  • Taking steps to limit the processing of personal information for children under the GDPR Age of Consent in individual member states.
  • Launching new controls for Google Analytics customers to manage the retention and deletion of their data.
  • Exploring consent solutions for publishers, including working with industry groups like IAB Europe.
Find out more

You can refer to privacy.google.com/businesses to learn more about Google’s data privacy policies and approach, as well as view our data processing terms and data controller terms.

If you have any questions about this update, please don't hesitate to reach out to your account team or contact us through the Help Center. We will continue to share further information on our plans in the coming weeks.

Thanks,
The Google Team
Good that Google are getting everything ready so their products will be GDPR Compliant.
 

Jon

Money Making Megastar!
Joined
Oct 17, 2013
Messages
32,378
Points
283
Age
42
Location
Leeds
And another

Hi there,

Hope you are well. Firstly I would like to thank you for being part of the campaign. Your contribution to the TopCashback programme is much appreciated and we very much look forward to working with you more this year.

TopCashback is working towards GDPR compliance; as part of that process we are going through the process of understanding how our publishers promote TopCashback offers so we can work together on GDPR compliance to ensure we can continue working together after May 25th2018. This is particularly important for those publishers who promote TopCashback’s offer via email to a database.

Please can you reply letting us know how you currently promote TopCashback via the affiliate programme, this may be via the following means:

  • Desktop display
  • mobile display
  • social media
  • solus email
  • newsletter containing multiple offers
  • other ( please specify what this is)
It would be great if you can reply by the 3rd April 2018. If we don’t hear from you by then we reserve the right to remove you from the TopCashback affiliate programme however before that we would prefer to work with you to ensure GDPR compliance so we can continue working together.

Please can you confirm receipt of this email and let us know if you have any questions on this.

Thank you in advance and I look forward to your reply!

Kind regards
 

The Reverend

The Reverend
Staff member
Joined
Oct 6, 2015
Messages
3,414
Points
313
Website
thereverend.co.uk
I still think that for most bloggers who use platforms, its going to be a bit ‘millennium bug’.

Although under the letter of the legislation, we are ‘data’ people, the reality is that we don’t hold information and we do this in good faith.

I don’t have a newsletter, people can subscribe to my blog. The blog emails them to let them know I have new posts.

I’m not certain I have anything to worry about. I also think that
And another

Hi there,

Hope you are well. Firstly I would like to thank you for being part of the campaign. Your contribution to the TopCashback programme is much appreciated and we very much look forward to working with you more this year.

TopCashback is working towards GDPR compliance; as part of that process we are going through the process of understanding how our publishers promote TopCashback offers so we can work together on GDPR compliance to ensure we can continue working together after May 25th2018. This is particularly important for those publishers who promote TopCashback’s offer via email to a database.

Please can you reply letting us know how you currently promote TopCashback via the affiliate programme, this may be via the following means:

  • Desktop display
  • mobile display
  • social media
  • solus email
  • newsletter containing multiple offers
  • other ( please specify what this is)
It would be great if you can reply by the 3rd April 2018. If we don’t hear from you by then we reserve the right to remove you from the TopCashback affiliate programme however before that we would prefer to work with you to ensure GDPR compliance so we can continue working together.

Please can you confirm receipt of this email and let us know if you have any questions on this.

Thank you in advance and I look forward to your reply!

Kind regards

I had this.

I do everything from desktop and mobile. Everything else drives people to the blog.

Personally I think Blogger will have little to worry about. I just need to put my update out there on why I think this!
 

BreeziOG

Red hair, don't care // Large and in charge
Joined
Mar 25, 2015
Messages
706
Points
193
Age
32
Location
Newcastle Upon Tyne
The big emphasis is on PERSONALLY IDENTIFIABLE data, as well as (obviously) SENSITIVE data, so if you hold any information about your customer/readers; name, address, DOB, email address, telephone number etc, then yes, you do need to be in compliance with the new laws.

Other things to consider are how you got this information, how you store it, why you have it and what you use it for, and you must be able to provide any information you hold on an individual to them if they ask for it. There’s also an individual’s right to be forgotten.

I can see why some bloggers might be nervous, but it is a good thing on a personal level.
 

The Reverend

The Reverend
Staff member
Joined
Oct 6, 2015
Messages
3,414
Points
313
Website
thereverend.co.uk
The big emphasis is on PERSONALLY IDENTIFIABLE data, as well as (obviously) SENSITIVE data, so if you hold any information about your customer/readers; name, address, DOB, email address, telephone number etc, then yes, you do need to be in compliance with the new laws.

Other things to consider are how you got this information, how you store it, why you have it and what you use it for, and you must be able to provide any information you hold on an individual to them if they ask for it. There’s also an individual’s right to be forgotten.

I can see why some bloggers might be nervous, but it is a good thing on a personal level.

I think bloggers a nervous more about the data that is being captured that they DON'T know about.

All the wp plug ins and social plugins and newsletter plugins that allowed the collection of data that the Blogger doesn't even know about. They also don't give either the blogger or the commentor the option to request deletion.

I still don't think this is a problem for most bloggers - they will not go after 'Granny's Fanny - The Historic journey of school kids hacking a BBC Micro game'. Its 200 email addresses and IP addresses will be nothing compared to ISA Financial Bank which holds the name of your pets, your blood type and the medication you have for that itch.
 

The Reverend

The Reverend
Staff member
Joined
Oct 6, 2015
Messages
3,414
Points
313
Website
thereverend.co.uk
Seen PRs panicking about this on Facebook today

Also BBC are now covering it

http://www.bbc.co.uk/news/technology-43571809

I *still* don't think most bloggers will have an issue.

The spirit of the GDPR is whats important. I expect to see GDPR compliance added to WP Plugins soon. The issue for bloggers and such is the data that programs they use, collect. But again, I'm not sure they will come after the likes of you and me.

:)
 
  • Like
Reactions: Blackpepper1

Blackpepper1

Money Making Megastar!
Joined
Feb 7, 2014
Messages
3,080
Points
193
I *still* don't think most bloggers will have an issue.

The spirit of the GDPR is whats important. I expect to see GDPR compliance added to WP Plugins soon. The issue for bloggers and such is the data that programs they use, collect. But again, I'm not sure they will come after the likes of you and me.

:)
Totally agree with you. Well said!
 

Blackpepper1

Money Making Megastar!
Joined
Feb 7, 2014
Messages
3,080
Points
193
my post is not legal advice! :D
It is absolutely true what you said though, It is more about big organizations being compliant and doing the right thing.
All plugins and Wordpress itself and other platforms will have to be compliant so they can be used. Take for example the comments system on Blogs that needs changed as there is no need to have the requirement for someone to put in their e-mail address just so they can leave a comment. That is actually one thing I have never liked with Blogs if I want to comment I then have to put in an e-mail address which means the blogger has that and it could potentially be misused/spammed. I don't use a personal e-mail address just another one for things online but still I would rather not give it out at all when commenting on Blogs. So that will be one good thing that comes out of this new law if the comment system is changed within a blog so no one has to put in an e-mail address anymore.
 

Jon

Money Making Megastar!
Joined
Oct 17, 2013
Messages
32,378
Points
283
Age
42
Location
Leeds
It is absolutely true what you said though, It is more about big organizations being compliant and doing the right thing.
All plugins and Wordpress itself and other platforms will have to be compliant so they can be used. Take for example the comments system on Blogs that needs changed as there is no need to have the requirement for someone to put in their e-mail address just so they can leave a comment. That is actually one thing I have never liked with Blogs if I want to comment I then have to put in an e-mail address which means the blogger has that and it could potentially be misused/spammed. I don't use a personal e-mail address just another one for things online but still I would rather not give it out at all when commenting on Blogs. So that will be one good thing that comes out of this new law if the comment system is changed within a blog so no one has to put in an e-mail address anymore.

I 100% agree with you here. I think Google Comments is the ONLY comment system I can think that lets you comment in an anonymous fashion but that platform generally sucks I feel as it doesn't integrate very well and promote other relevant content on your blog which is something that Disqus does and that at least lets you comment via your social media platforms.

As a reader, if I have to create some kind of login to comment I just end up thinking CHORE!!!!
 

Andrew

Super Helpful Superstar
Staff member
Joined
May 2, 2017
Messages
1,695
Points
313
Age
39
I 100% agree with you here. I think Google Comments is the ONLY comment system I can think that lets you comment in an anonymous fashion but that platform generally sucks I feel as it doesn't integrate very well and promote other relevant content on your blog which is something that Disqus does and that at least lets you comment via your social media platforms.

As a reader, if I have to create some kind of login to comment I just end up thinking CHORE!!!!

Just added Disqus for this very reason!
 

Members online

No members online now.

Amazon Discount Finder Tool

Find hidden 80%+ savings on Amazon products



 

 

 

 

 

 

 

Forum statistics

Threads
7,380
Messages
199,740
Members
11,387
Latest member
jbniche1