You’re gonna be hearing about this
Loyal readers of The Legal Genealogist, you’re going to get really tired of hearing about the GDPR this week.
Just about every website you use, every list you’ve ever signed up for (including a whole bunch you’ve probably long forgotten) and every service you’ve ever used that has a web presence is going to be sending you one of those “We’ve Updated Our Privacy Rules” emails and asking you to do things because of the GDPR.
And The Legal Genealogist, as a web information provider, is no exception.
All I can say — if it helps at all — is you should know that you’re not nearly as tired of hearing about the GDPR as folks like The Legal Genealogist are of trying to figure out how to deal with it.
But we’re all stuck in this together so… here goes, with a bit of Q&A.
Q. First of all, what is this thing called GDPR anyway?
A. It’s a data protection and privacy rule of the European Union called the General Data Protection Regulation. Developed over a period of years, published in 2016, and due to take effect on May 25, it’s designed to protect the interests and privacy of citizens of the European Union (EU) particularly with respect to data collected and stored by organizations, groups, and websites.
Q. And what exactly does that have to do with a blog published in the United States?
A. Two things: (a) this blog, like many others, has readers who aren’t in the United States; and (b) seriously, the internet doesn’t stop at national borders.
Q. Can’t you just make an exception for those flatland furriners?
A. Nope. The biggest reason for me personally is I like my flatland furriner readers — and want to keep them. And then there’s that little matter that none of us are quite sure how the enforcement of this rule is going to work, and we’re not willing to chance it.
Q. Why aren’t you sure how it’ll be enforced?
A. Because it’s brand-new — it takes effect Friday, May 25 — and it’s really complex. It has 99 different articles in 11 chapters, and then 173 recitals explaining those articles.
Q. But you’re just one genealogist who writes a blog for free, not some big commercial website! The EU won’t come after you, will it?
A. I have no idea — and as I said, I’m not willing to chance it.
Q. Why not?
A. I don’t happen to have a spare 10 million Euro ($11,765,610, at yesterday’s rates). The fines for violating the GDPR are pretty steep.
Q. So what does the GDPR mean for readers of blogs?
A. It means, first and foremost, that you have rights with respect to personally-identifiable information that might be gathered by this website. You have the right to say: (1) you don’t want your information collected, and to withdraw any consent you gave in the past; (2) you want to know what information the website has about you; (3) you want some or all of the information changed or updated; (4) you want any portable information transferred to someone else; and/or (5) you want your information deleted.
Q. So what does the GDPR mean for bloggers like you?
A. I wish I knew completely — but at a minimum, it means I need to be sure you know your rights and that you’re okay with my having some information about you in some ways.
Q. Where will I see this?
A. I’ve spelled out as much as I can in this website’s privacy policy, and you’ll be asked to accept that policy and agree that it’s okay for me to have and handle some information on you (name, email, IP address, for example) if: (1) if you choose to comment on a blog post; (2) you choose to send an Ask TLG message using the link at the top of every page; or (3) you choose to send a Schedule a Lecture message using the link on the Lecture page. And…
Q. What?? There’s more????
A. Yep. Sigh…
Tune in tomorrow…
Great info. I keep sharing any information on this with my groups.
Judy, should all bloggers, even little ones like me 🙂 be doing the same? I knew about GDPR but hadn’t computed doing something about it on my bog; I’m not even sure I’d know where to start.
While I suspect that most “little bloggers” will fly way under the EU radar for a while — and perhaps for a very long while (it’s the big commercial data-collectors that this is really targeting) — the simple fact is that if you have readers in the EU and you ever get into a GDPR-related dispute with one, you’re going to wish you had looked at this. So yes… my recommendation is that you get going doing your research on this.
Thanks for taking the time for this. It is very confusing!
It sure is…. 🙁
Will we have to agree to these rules every time we read your blog? For the first time, I noticed your “cookie notice” when I went to your page. I also noticed the two boxes to click below the comments section. I would much rather hear more about your favorite ancestor, George. I think George has developed quite a following.
All I can say is… get used to this sort of thing — you’re going to see it just about everywhere. I’m trying to figure out how to make it as unobtrusive as possible, and still at least arguably compliant — but it isn’t going to be easy for an individual website operator who doesn’t monetize the website to pay for Big Time Technical Support.
You are doing a good job – glad to hear this report – good example with the check boxes below
I added a cookie notice to my website and will be sending a please confirm email to my overseas folks. Most people sign up for my newsletter at conferences and I have their signature proof of confirmation. This is all very confusing. Thank you Judy.
“Very confusing” doesn’t begin to describe it…
I also have a small blog. It has been dormant for a while, but I am in the process of trying to revive it. How do I go about becoming compliant with the GDPR?
I’m afraid that I’m not able to offer legal advice at all, and particularly not legal advice on the law of the EU! All I can do is what I’m doing this week, and explaining what I’m doing on my website. I make no promises that this is what anyone else needs to do, or even that it’s enough to make this website fully compliant.
Thank you, Judy, for this informative post! In addition to being an amateur genealogist, I’m a writer. I’m on several writers’ loops, and GDPR has been the talk of the town on the two main loops. I’m one of those little bloggers, and this has been driving me nuts! I’ve read and read and read, and I think I’ve read enough to kind of know what to do. Your explanation AND your privacy statement are the best and clearest I’ve read so far. Again, thank you for taking the time to talk about this. I’ll be glad when we can all get back to the George’s in our lives–past and present!
A very informative post on a current topic that was puzzling me after being bombarded with so many emails on it. I like the way you presented the facts so,clesrly in words I can understand. Thank you.
Hi Judy … it all sounds like a bit of a minefield !!
What are the implications of sharing your blog … say for example, I notice you have written a fantastic blog (happens frequently!!) and I know it’s just the thing to help someone who has posted a question in a Facebook group so I share the link … what are the implications of this for me, for you …. etc. Presumably, there will need to be some way for that person to agree to a bunch of things before they can read it?
No implications at all, because no information is collected when you forward it or post a link to it. If the recipient chooses to come to the website, he or she will be able to make choices about what to agree to or not, and just reading the website generally isn’t an issue. (They can, for example, use settings in a browser to block any cookie that might collect an IP address as part of keeping the website healthy and operating.)
Thank you Judy. I understand. I am in the process of trying to figure out how to create a pop-up for opting in. I did read your privacy policy. May I use a version of this for my website?
I don’t recommend copy-pasting, no. What I suggest is that you gather up a series of privacy statements from different websites and bloggers, and check some of the templates produced by online services (Google “privacy policy template” and you’ll get a lot of options), then pick and choose the concepts that make sense to you and write them in your own words.
No, I wasn’t going to copy paste. Thank you. I will look for templates and check out other areas.
I have a blog that I haven’t opted on for some time, but it is still out there. In your opinion as a blogger, should I archive the content and remove it in light of this new regulation?
I really doubt that a dormant blog is going to attract the attention of EU regulators.