I am sure that, if you are a blogger yourself, you have a big red mark on your calendar for May 25th. Because this is the date were the new EU data protection regulation (GDPR- General Data Protection Regulation/DSGVO-Datenschutz-Grundverordnung ) will come into force. Although, while primarily governing the handling of data privacy in the EU, it will practically affect everyone in the blogging world, because you are affected when your blog handles data (like logging of IP-addresses or e-mail addresses) of EU citizens.
When you search for GDPR in blogging forums (like the WordPress support forums), there is a lot of confusion about how to handle that situation. Some fellow bloggers already have deactivated their blog or are planning to do so.
While I always had the nagging feeling I need to revise the data privacy statements of my blog to comply with the new laws, I was not worried too much as the “Streets of Nuremberg” are a purely non-commercial, private blog in which I share my photographic endeavors. But recent posts from fellow bloggers and a face-to-face meeting with fellow local Street Photographer Kai (Kosmophil.de) just yesterday really got me worried and into action mode, as looming penalties (especially for blogs with commercial orientation of any sorts) are really severe.
I’m not a lawyer, and I can’t write the umpteenth article on how to bring your blog in compliance with the new law. And after half a night of research, there are many useful tips and guides to be found in the net, just search for “GDPR” (english) or “DSGVO” (German) and “blogging”.
I’m still in the process to determine what adjustments I need to do on my blog, just to be on the safe side and not run blindfolded into a possible legal trap. Just by researching the web, all those things like a button “Follow via E-Mail…”, all social media sharing buttons, allowing comments with avatars could potentially pose a data privacy problem, and bloggers need turn those things off or at least make their readers aware of it, which requires an updated data privacy statement on the blog. So I will dig deeper into the requirements and derive my personal measures I need to put in place.
My blog is hosted by WordPress.com (not to be confused with WordPress.org) and the company running it (Automattic). I would assume, that a service provider taking my money will take care of all the data privacy topics that run in their backend. And WordPress itself has announced new features in May (oh by the way, this topic can only be found in their English support forum). But ten days before the new law is put into force, no real help/tools is available so far.
I had a one hour chat session with their support today, asking for the availability of automated tools and a data privacy contract between them and myself as contract partners, confirming they protect the private data of my users that is logged in the background by their servers. In the end, they referred me to their updated DP statement: Automattic and the General Data Protection Regulation (GDPR). The support said more will become available as we approach the May 25th deadline. I was totally disappointed they let (even their paying) customers walk that thin line. Not that we didn’t have several years to prepare for the new laws.
I see a lot of panic and fear in the community, but I am quite confident that myself and all others who have behaved legally so far, with some changes and adjustments, can continue to blog without running into problems. But we first need to navigate through this period of uncertainty.
I hope I did not spoil your day with this post, but I would like to raise your awareness to this looming topic, and encourage you to do some research of your own into whether you might be affected and how you can adjust to avoid any legal trouble after May 25th.
I will continue to write about my experiences and activities regarding GDPR compliance, so stay tuned.
Have a nice Tuesday
Marcus
Links to relevant WordPress.com support sites:
https://en.forums.wordpress.com/topic/gdpr/
https://automattic.com/automattic-and-the-general-data-protection-regulation-gdpr/