After a few intense days researching the impact of the new European GDPR law going into effect next week (May 25th) my initial slight panic attacks have subsided. I think I think I know what requirements I need to fulfill in order to make my personal, non-commercial blog compliant, at least to a degree where I feel comfortable. There is still a lot of uncertainty out there, but I think it will be a process where we all (bloggers, lawyers, service providers) will need to learn how to adjust to adhere to the principle of data privacy, which, and I hope we all agree to this, is doubtless necessary, considering the recent data scandals of Cambridge Analytica and the likes.
After my initial rant about WordPress / Automattica I must concede that WordPress has come out with tools that we can use to mitigate a few of the GDPR induced challenges. As of me writing this post, these tools have seemingly come out only in the English version of WP, but should be available across all WP platforms shortly. You can read the WP announcement about this privacy and maintenance release here. Also, Automattica is now providing a Data Processing Agreement that will be signed by both sides (unfortunately only available for paid plans (so far)). So things are progressing, there, but should be monitored closely.
So what were my initial activities? I did some upgrades to the pages “About Me” and “About this blog“. As this is a personal blog I am not required to have a detailed, official contact page (Impressum), but I want to make sure people can understand who his behind this blog and how to reach me. And I want to make clear that this is a personal blog with which I do not pursue any commercial interests. I also want to explicitly state that this blog about capturing life in the streets as it happens is an art form, as also recently stated by the German Constitutional Court. This should give some freedom about posting photography with people in it. As before, I have a clear statement that if anyone thinks a photography of himself or others is inappropriate, this person can contact me and I will take down the photo without discussion (has never happened in two and a half years of blogging – fingers crossed).
The other change is the publication of a Data Privacy Statement, which I understood every blog should have, regardless if commercial or personal. Again, there are mixed opinions out there, and I’m no lawyer to judge objectively. As personally I don’t have a problem with that I created a statement. There are German IT lawyers who offer for private bloggers for free the generation of a tailored DP statement based on a questionnaire they have on their website. You just copy it on a word press page including the reference to the generator website. I added some information I regarding the purpose of my blog and my service provider Automattica, including a link to their GDPR privacy page. Unfortunately for my English speaking blogger friends, this DP generation service is only available in German language. Research the web if in your country similar services are available. I will do a translation of it in the next days, as even a German blog in English language needs also to have an English DP page. The German version of my Datenschutzerklärung you can find here. It is also accessible form every page of my blog via the side menu on a PC and bottom menu on the WP mobile version.
DISCLAIMER: This is a best try at putting together a compliant DP statement, I am not a lawyer and the page has not been created by a lawyer. If you want to have a legally checked DP statement, you will need to spend money and go see a lawyer, that can create a legally foolproof page tailored to your exact situation.
The next thing I will do later today is signing the Automattica Data Processing Agreement and send it to them for counter signature.
For now I will not turn off any features of this blog, and will wait and see how things will eventually fall into place and what needs to be done.
With my implemented measures (that were not all that complex) I feel comfortable taking the “Streets of Nuremberg” into the GDPR age. I will stay on top of this DP issue and improve this blog as I gain more knowledge. I will continue to write about it here and share my experiences.
But the good thing is I continue with my blog which I am passionate about.
The sun is out again!
Have a splendid weekend!