What You See Is What You Get. This is a journal blog, an explore-blog, a bit of this and that blog. Sharing where the mood takes me. Perhaps it will take you too.

Menotrochling; Wading Through Treacle

WARNING; this is going to be a link-heavy post, as it is unnecessary to rewrite much of the relevant info within this personal review. There are endless places offering opinion and feedback on the matter of GDPR, but many of you don't want to go trawling, so this is a taster as found by the YAMster. It is also a wordy post - but don't turn away. Importance is again emphasised.

Well. Last week I posted on issues important. There was nearly as much written in the comments as in the post... and there have been multiple emails to several readers, trying to help but also receiving bits and pieces missed by myself. How does it look, a week in?

Very hazy! As you see by that link, there is now a blog dedicated to the fiasco. There are so many non-compliance situations just now, particularly (but not exclusively) from the USA, that it actually makes a mockery of GDPR. Given that this thing has been looming for well nigh two years, where is there any genuine excuse for not complying???  Part of the trouble may be that for as many places that say one thing, there are others which appear to tell the complete opposite. Also, large offenders are determined to muddy the waters by only doing the basics and even then, not well. They are going to get trouble for it.

Those of us living under the EU banner have been dealing with an onslaught of info (and emails) regarding the legislation. Most of it has been about what we, as end-users (consumers) can now expect - and that is to have greater control over our personal data**. Best practice would be that all sites offer their visitors the chance to opt in or out of data preference. For example, the NHS in the UK has put up an online tool that will let patients decide if they want to give access for just their individual care or allow their data to be shared for research and planning purposes. 
"We know that sharing our data safely and efficiently can make our lives easier, but that digital trail is valuable. It's important that it stays safe and is only used in ways that people would expect and can control."
Trouble is, the vast majority of site controllers have not appropriately acted on this. No matter the size of the site or the number of its users, compliance is non-negotiable.  Almost no news or help sites (and by that I mean virtually nil) are talking about the state of play with personal blogs. There are some who thought that this only applied to business, but even if our blogs are 'non-commercial' data is still gathered. The assumption will be that blogs exist on 'platforms' and it is the owners of the platforms who are responsible for any compliance. It is not so straightforward, though. Weebly has done the right thing by its users. This page clearly states what their responsibility is and what is that of the bloggers. Tumblr stinks (check that 'very hazy' link above), and if you go to Tumblr you will see them pass the buck back to the individual blogs;
⏩We aren't responsible for the information collection and use practices of our individual blogs and bloggers.⏪
(Not even decent grammar... am going to do another post related to privacy from a different angle next week.)

Thing is, the trend has been for bloggers to be 'owning' their pages and almost all the other platforms essentially make the blogger independent of them and therefore it is imperative that the bloggers educate themselves thoroughly. Even in Blogger, changing to "self-hosted" URLs has taken some of the responsibility away from Google.

Coming, then, right back to Blogger - our primary interest here. I know a lot of you don't want to think about it, but you need to my dears. If you are going to have a presence on the ethernets, you need to get savvy darlings! The recent notice you will all have seen regarding cookies is just the tip of the iceberg... and even that is not actually compliant. I repeat the link placed above about 'trouble' for this. What is more, as many of us have been experiencing, things are getting fiddled with under Google's hood, and strange and mysterious things are appearing - or disappearing.

Cookies are only the 'front face' of things and relate specifically to marketing. Most of us know this. It is why we get 'targeted' advertising when we visit other sites. Even if you use an adblocker, some seem to get around it, or you may choose to 'whitelist' some favourite pages. If you opt out of cookies, (provided you are given a chance) you will still get the ads - that's the bit which gets skipped over by all these 'policies' - but they will be random and risk being offensive to you. GDPR, in theory, will now permit you to go to each site's settings and say what you care to see or not see... but (and this relates to the ** put in above) how many of us are going to spend time doing that??!!! What is more, say truthfully, how many of you actually read through the privacy policies, but still tick the boxes which ask if you have? Be honest I said! I am one of those mad peeps who do, but that is because when I worked in IT I had to write such things and they differed with each particular requirement. They may all look the same, and some will be a 'spot the difference' task, but definitely, for different sites, there will be differences, and you need to be very clear about it. Again, the post next week will address this a bit more.

The updated privacy notice nowhere mentions Blogger-related activity. There is no separate and clear policy relating to the Blogger platform.  Google, then, has not covered us. That's the bottom line. If you do any of the following on your blog, you need to think on a bit;

  • permit comments^^ on your posts
  • have an email sign-up widget
  • have 'share' buttons of any type
  • have a newsletter subscription
  • have a contacts form
  • have any widget which HTML you have imported from third-party sites which visitors can click through to (for example, Twitter feed, affiliate links) or are promoting anything of your own (e.g. on Etsy or Amazon)
  • use MailChimp or Feedburner or any other such...
...you get the picture? Hands up all those who do NOT permit comments on their blogs? Hands up, who does NOT have readers who live in the EU region? Yes, Google should be telling the public that their info may be collected by items listed (or not listed yet do collect), but at this point, it hasn't happened. They are covering everything with that 'one-size-fits' all update and the legislators are not happy. Neither should we be.

Now, it is entirely your choice. You can go on trusting Google, and in all likelihood, nothing will happen, no tsunamis, no earthquakes, no significant fines. At least for another couple of years. 

If a reader from - oh let's say Portugal - visits your blog one day and liking what they see would like to linger, but being the bright and switched on European computer user that they are, they want to make sure that their data is going to be dealt with responsibly... other than the cookies thing (which will annoy them because it doesn't allow them to 'opt out') they cannot find anything directly relating to their query. Mostly this will result in loss of traffic and potential followers for your blog. The worst-case scenario is that the Portuguese peeper gets fed up and reports the page for non-compliance...

Doesn't matter you're a wee country blog with a few hundred readers, non-compliance is not good.

In my researches over the past week, I found Termsfeed. Blogger-specific. It was written before GDPR implementation but within this year. It is clear about the fact that a policy is a good idea, even if you think it's not. Further, it offers a policy generator (which I believe has a small fee <$10) so there is really no excuse. They have a very clear page on GDPR itself as well - the best I've seen in the twelve days of banging my head against the screen.

Other policy generators which are ranking highly and offer free templates are Privacy Policies ("100% free for personal use" - if you have any commercial aspect you will need to pay something); or SEQ Legal, which is a UK-based company with focus on IT legal matters and has a free policy template download. If you use it 'as is', there will be a link-back to their site with credit logo. I actually used that to then type up my own, so used it purely as a guide... 

^^ just a word on the loss of connection of comments to email - for those of you who use that, which most do I think, MadSnapper emailed me to say that it is possible to click the 'notify me' box below comments and then they'll come through again. These will be without any email attached, even if we previously could see that detail. This drop in the link will almost certainly have come about as Google's short-stop effort to cover privacy through comments, but it is, again, non-compliant. 

However, another factor is that they have finally dropped the OpenID entry to comments. That was warned to us some time back, but they have timed it with GDPR, so it's a double-whammy. Now, only those with Google IDs can comment... unless you permit 'anonymous' comments (i.e. any crank and every pig) on your page, or run a 'membership' (i.e., identify specific users, and they alone can comment). WordPress visitors are now forced to take up a Google account unless they already had one. Fair enough. I had to open a WP account in order to get recognised by the several WP sites I visit... but again, more on that next week.

Hooroo the noo...


  1. OMCs....did you hear Mom Groan?
    Thank you for this post it was surely a monumental effort.
    Hugs madi and mom

    1. Hari OM
      I know my dear pals... but truly, once done, that's it - till they move the goalposts again... Yxx

  2. Dear, dear Yam,

    I no longer understand this stuff, in spite of being told I am a capable person. I think I will just go to jail.

    1. Hari OM
      Hheehe, fret not Joanne, there will be no jail for thee! It's all just so wearisome. You are free to not do anything because as things stand today all focus is on the noncompliance of this and so much more on google, facebook and others and the authorities are not going to see us for dust. However, the legislation is active now and all one can do is learn as much as possible, do what one can. Then breathe... Yxx

  3. Mom says she will read this again in the morning when her brain is fresh!
    Hazel & Mabel

  4. we passed this part to an agency who will adjust this BS and who also will assume liability and we say thank you to germany for this fabulous invention....

  5. I no longer comment on word press, I do not want to be a member of wordpress, I think I only had 2 and they were fairly new.

  6. Thanks to you, I now have comments coming to my inbox again!!!! I can't tell if my blog is displaying the correct notice because it switches back to ".com" even when I enter it as an EU country ".fr". Grrrr.

  7. Hi Yam - I've been doing my best to sort this out over the last month or so. I belong to an excellent FB group for Blogger bloggers - they have some great info on how to be compliant with all this GDPR stuff. I've put up a privacy policy that I think covers everything - I'm hoping Google will sort out the little box ticking thing for comments that WP has - in the meantime, hopefully I've covered my bases (I'm a loooong way from the EU but that's no excuse!)

    1. Hari OM
      That's the thing Leanne, global base does not exempt anyone! I just read your policy and it is not half-globe different from my own - so all good I think! I really think we minnows need not worry - but we still have to swim... Yxx

  8. I will need a week to actually understand and apply I think!

  9. Thanks so much for all the hard work and research that went into this post, Yamini!! Luckily, I have my Security Expert on the job(hubby)...I've bookmarked this post so I can discuss it with him this weekend!!


Inquiry and debate are encouraged.
Be grown-ups, please, and play nice.