GDPR stands for General Data Protection Regulation. It is a new data privacy regulation to give individuals of European Union control over the privacy of their personal data.
I am damn sure your inbox has emails from various sites telling they are now GDPR compliance. But what the heck is GDPR and does it impact Indian bloggers and webmasters?
So let me explain GDPR first.
What is GDPR?
GDPR stands for General Data Protection Regulation. It is a new data privacy regulation to give individuals of European Union control over the privacy of their personal data.
The regulation will be enforced from May 25, 2018.
While it is a law for the individuals of the European Union, it is applicable to any organization dealing in personally identifiable data of any citizen or resident of the European Union.
So if you are a freelancer with customers or clients in the European Union and deal with personally identifiable data, GDPR will be applicable to you. Similarly, if you own a blog or a website and collect any personally identifiable data (like email or track user’s IP) GDPR is applicable to you as well.
The definition of personal data is quite wide and includes even IP addresses. Pre-Ticked checkboxes are not considered consent.
EU citizens have the right to be forgotten and personal data must be erased upon request.
What is the Penalty for non-compliance with GDPR?
The penalty for non-compliance to GDPR is up to €20 million or 4% of the total worldwide annual turnover in the previous financial year, whichever is higher.
There is no differentiation between a small or large company. In short, non-compliance is enough for your online business to go out of business overnight.
How Can GDPR Impact Indian Bloggers?
As a blogger, it is very easy to believe we aren’t collecting any personally identifiable information of the users. However, if you are showing Adsense on the blog that shows interest-based ads, you are.
Adsense will comply with GDPR and will only show contextual ads to the EU unless the user has given his or her consent to show interest-based ads.
Apart from ads, if you have comments enabled or if you have a contact form on your blog, you should ad the checkbox for consent from the user that they are fine being contacted to their personal email address.
Also if you have readers to subscribe to your blog via an email, it should show a consent checkbox to allow the user to be contacted by email they have shared with you.
In the consent, you should also know what all data is being collected like an IP address, browser details… so on and so forth.
How GDPR Effects Adsense Publishers?
Adsense has already come out with the solution that it will not be showing interest-based ads in the EU unless users have shown the consent for the ads to be interest-based.
Google Adsense will show the opt-in form for the user and if a user agrees then only it will show the interest-based ads or else it will all be contextual ads.
There is no impact for the webmaster to be doing on his or her site but then there can be a revenue impact for Adsense publishers where there is a bulk chunk of traffic from EU and users has a majority of his or her earning comes from interest-based ads as compared to contextual ads.
How Do GDPR Effect Sites Using Google Analytics?
Typically, we put the default Google Analytics code but now we need to make the change in the code to use the Anonymize IP feature of Google Analytics. The change is to add the following line of code
ga(‘set’, ‘anonymizeIp’, true);
Before
ga(‘send’, ‘pageview’);
Though this feature is part of Google Analytics since May 25, 2010, but will be used extensively now.
So final Google analytics code should be:
ga('create', 'UA-XXXXXXX-XX', 'auto'); | |
ga('set', 'anonymizeIp', true); // Should be called before the ga('send', 'pageview'); | |
ga('send', 'pageview'); |
If you are using the MonsterInsights plugin for WordPress, there is an option to anonymize IP right inside the settings.
How Do GDPR Effect Sites using Facebook Pixels?
Facebook Pixel code on your website will need consent from the user for sure. In Facebook’s Guide to Consent, they have shared a sample list of instances where a blogger needs to obtain consent from his readers:
- A retail website that uses cookies to collect information about the products people view on the site in order to target ads to people based on their activity on the site
- A blog that uses an analytics provider who uses cookies to capture aggregate demographic info about its readers
- A news media website that uses a third-party ad server to display ads, when the third party uses cookies to collect information about who views those ads
- A Facebook advertiser who installs the Facebook or Atlas pixel on its website in order to measure ad conversions or retarget advertisements on Facebook
If you are a blogger using Google Analytics and have added the anonymizeIp code, everything should be fine but if you are using Facebook Pixel code, you need to add user consent form.
Note the language in the consent shouldn’t be too technical or and answer a couple of questions clearly in a simple and humanly readable language, “What data is being collected?” and “How it will be used?”
How can GDPR Impact Forums?
This can have a bigger impact on community websites where user registrations is an option. When a user registers, personally identifiable information like email is collected along with the users IP addresses are logged.
Third part antispam services like stopforumspam are queried to check for spam. These services use email and IP addresses to identify a potential spammer.
It means webmaster needs to update their privacy policy and answer the questions “What data is being collected?” and “How it is being used?”
Official vBulletin has confirmed there is no update coming for vBulletin 4.x and so vBulletin 3.x and 4.x will have no update for GDPR. So webmasters are on their own to comply.
XenForo 1.x and 2.x both will have an update soon to comply with the GDPR. Details here.
Further GDPR Reading
Here are some good articles that I found useful on GDPR.