Poll

Have you done anything at all to be GDPR compliant?

Yes
25 (51%)
No
16 (32.7%)
What is 'GDPR'?
8 (16.3%)

Total Members Voted: 49

Voting closes: June 24, 2018, 12:27:19 AM

Author Topic: Are you GDPR compliant?  (Read 2008 times)  

Offline Becca Mills

  • Moderator
  • Status: Emily Dickinson
  • *****
  • Posts: 9251
  • Gender: Female
  • California
    • View Profile
    • website
Re: Are you GDPR compliant?
« Reply #25 on: May 25, 2018, 02:34:18 PM »
For someone who doesn't use any plug-ins or comment fields, is there a way to know if your site uses cookies without you knowing about it? To my knowledge, there aren't cookies on my website, since I no longer use a stats plugin and don't have comments open. But I wonder if there are cookies in use in some way that I'm not aware of.

Probably? I'm so not a web designer, but my impression is that cookies are ubiquitous.

I just noticed that Bill has a whole thread on GDPR and cookies: http://www.kboards.com/index.php/topic,263618.0.html. Off to read that now ...

Offline Bill Hiatt

  • Status: Dostoevsky
  • ******
  • Posts: 3336
  • Gender: Male
  • California
    • View Profile
    • Bill Hiatt's Author Website
Re: Are you GDPR compliant?
« Reply #26 on: May 25, 2018, 06:36:53 PM »
For someone who doesn't use any plug-ins or comment fields, is there a way to know if your site uses cookies without you knowing about it? To my knowledge, there aren't cookies on my website, since I no longer use a stats plugin and don't have comments open. But I wonder if there are cookies in use in some way that I'm not aware of.
Cookiebot lets you run a scan for free. When I was experimenting, it was the scan that produced the most hits. It gives the site a real workout. If there are any lurking, it is the most likely scan to find them, at least of the ones I've tried.


Tickling the imagination one book at a time
Bill Hiatt | fiction website | education website | Facebook author page | Twitter

Offline Bill Hiatt

  • Status: Dostoevsky
  • ******
  • Posts: 3336
  • Gender: Male
  • California
    • View Profile
    • Bill Hiatt's Author Website
Re: Are you GDPR compliant?
« Reply #27 on: May 25, 2018, 06:39:19 PM »
I've just been writing my site's privacy policy (yes, put it off to the last minute ... sigh), and I think I'm reasonably clear on all that. But I'm not sure what to do about cookies. On the KISS principle, I use a wordpress.com site. It's on the actual Wordpress site, I mean, not on my own site using the Wordpress software. The platform provides a widget that supposedly makes you GDPR compliant on cookies, but it seems inadequate to me, as you don't *have* to click "accept" on the fine-I'll-take-your-darn-cookies pop-up in order to use the site.

Anyone know for sure how much we're required to do about cookies?

Here's what the WP widget generates. It appears at the bottom of the screen. I'm making the image fairly large because the text on the pop-up is so small ... another thing I don't like about it:


That's pre-GDPR language. The current requirement, to the best of my understanding, is that has to actively consent to the use of cookies. Continuing to use the site after the warning is not sufficient consent. They have to click a yes button or the equivalent.


Tickling the imagination one book at a time
Bill Hiatt | fiction website | education website | Facebook author page | Twitter

Offline Becca Mills

  • Moderator
  • Status: Emily Dickinson
  • *****
  • Posts: 9251
  • Gender: Female
  • California
    • View Profile
    • website
Re: Are you GDPR compliant?
« Reply #28 on: May 25, 2018, 07:27:37 PM »
That's pre-GDPR language. The current requirement, to the best of my understanding, is that has to actively consent to the use of cookies. Continuing to use the site after the warning is not sufficient consent. They have to click a yes button or the equivalent.

So far as I can see, that sort of thing is not available among the widgets you can use on wordpress.com. :(

The one I showed in my post above is labeled "Display a banner for EU Cookie Law and GDPR compliance" in the WordPress widget store. Sigh.  ???

Online Nic

  • Status: Arthur C Clarke
  • *****
  • Posts: 2759
  • Gender: Male
    • View Profile
Re: Are you GDPR compliant?
« Reply #29 on: May 25, 2018, 11:00:50 PM »
Well, except that apparently, the definition of intelligible language isn't actually in the law, as you pointed out.

Rest assured, it is. Not only is it directly somewhere in the EU legislation regarding the GDPR, it has also been by now written into at least seventeen country-specific laws regarding implementation of GDPR I personally am aware of through friends and colleagues. Just because you weren't able to pinpoint it in your quick read-through of language only a lawyer will be able to fully appreciate, or because I have been unable to provide the exact place and clause of it in lieu of my lawyer, doesn't mean it doesn't exist. I'm well-connected to IT nerds across Europe due to my profession and this is a thing all right until further notice. One would hope a clarification comes along which exempts small business from suddenly having to engage translation services.

Quote
One can hope that the definition may be rethought as the situation continues to evolve.

One might, but again it is unlikely, as the relevant lawmakers and supervisors on EU level consider it a law crafted just the right way to work perfectly...

Quote
The normal use of "intelligible" (understandable) wouldn't preclude the use of a second language as long as the person was fluent in it, and from what I understand from my former colleagues who taught other languages, European language instruction typically enables students to reach a much higher level of proficiency than the more limited American exposure does. A lot of Europeans whose second language is English would be fluent in English.

No. The definition of "intelligible" is "native language". This is a legal definition. It's not some premise of logic one can reason with. That is what is currently chasing webmasters in circles, right behind photographers who since yesterday also have a huge headache.

Quote
I appreciate your saying I probably don't have much to worry about. Unfortunately, I'm a worrier by nature. I'm probably going to hold off on shutting down my website, though.

Well, watching the first big corporations already being served with requests for prosecution and lawsuits sure sets your teeth on edge. But as I said, as long as they are all going after the big names, the small fry are probably quite safe.

Offline TromboneAl

  • Status: Arthur C Clarke
  • *****
  • Posts: 2863
  • Name IRL: Al Macy
    • View Profile
Re: Are you GDPR compliant?
« Reply #30 on: May 26, 2018, 06:55:57 AM »
All my subscribers came to my list via double opt-in

Years ago (when I used Mailchimp) I got 127 subscribers via FreeKindleGiveaway and 169 via SPRT. Does anyone remember whether those used double opt-in?

It would be simple just to delete those subscribers, except that I'll have to find a way to identify them since they were transferred to Mailerlite.




Al Macy | Web Site | Facebook | Twitter

Offline cvwriter

  • Status: Arthur Conan Doyle
  • ****
  • Posts: 551
  • Gender: Female
    • View Profile
    • Courtney Vail
Re: Are you GDPR compliant?
« Reply #31 on: May 26, 2018, 07:05:29 AM »


Are you talking about FreeKindleGiveaway thru Rebecca Hamilton? I received a list, so I removed all those people. They were just email addresses, no names. I never really felt comfortable with that anyway.
Get it FREE >> Get it FREE >>       

Offline ZanaHart

  • Status: Dr. Seuss
  • *
  • Posts: 33
  • Gender: Female
    • View Profile
    • Zana Hart: Memoirs and Cozy Mysteries
Re: Are you GDPR compliant?
« Reply #32 on: May 26, 2018, 07:50:00 AM »
Here's what I'm doing: updating my author site and the several other wordpress sites I have to 4.9.6, which is currently the latest version. This adds a check-box to comments and does some other things. Updating my privacy policy using the free wordpress plugin called gdpr framework. Updating my mailchimp mailing list box, going to try the plugins Easy Forms for Mailchimp and GDPR Compliance for Mailchimp both free and from a company called Yikes Inc.

Not in a big rush. Gotta go to a blues festival this weekend!

ZanaHart

Offline TromboneAl

  • Status: Arthur C Clarke
  • *****
  • Posts: 2863
  • Name IRL: Al Macy
    • View Profile
Re: Are you GDPR compliant?
« Reply #33 on: May 26, 2018, 07:55:08 AM »

Are you talking about FreeKindleGiveaway thru Rebecca Hamilton?

I think so. In any case, I just deleted them all.
« Last Edit: May 26, 2018, 08:02:56 AM by TromboneAl »

Al Macy | Web Site | Facebook | Twitter

Offline TromboneAl

  • Status: Arthur C Clarke
  • *****
  • Posts: 2863
  • Name IRL: Al Macy
    • View Profile
Re: Are you GDPR compliant?
« Reply #34 on: May 26, 2018, 08:02:35 AM »
Backups:

I've done periodic exports of subscribers as a backup. Technically, that could be a problem, since now I have the data on my computer.

I agree with those who say that it's unlikely that anyone would come after us small fry.

I wonder if unscrupulous lawyers would target prawns knowing they'd probably fold and pay some fee to get the problem to go away instead of fight?? Does that make any sense?
« Last Edit: May 26, 2018, 08:11:36 AM by TromboneAl »

Al Macy | Web Site | Facebook | Twitter

Offline Puddleduck

  • Status: Scheherazade
  • *****
  • Posts: 1067
  • Gender: Female
    • View Profile
Re: Are you GDPR compliant?
« Reply #35 on: May 26, 2018, 08:38:31 AM »
I wonder if unscrupulous lawyers would target prawns knowing they'd probably fold and pay some fee to get the problem to go away instead of fight?? Does that make any sense?

Well, fees are what the government would impose. And if you're worrying about lawyers, I assume you mean individuals targeting prawns (not the government), in which case I think you'd be talking about settlements, not fees. And even then, they couldn't possibly think that deliberately targeting individuals so (relatively) poor they can't pay for contesting the suit would net them very much at all in the way of a settlement, considering the cost of hiring a lawyer. (And from what I understand of the law, it would have to be individuals hiring lawyers to go after websites on their behalf. Lawyers can't just decide to go after websites on their own, since there has to be an individual who's been 'hurt'.) But I may be wrong.

Offline Bill Hiatt

  • Status: Dostoevsky
  • ******
  • Posts: 3336
  • Gender: Male
  • California
    • View Profile
    • Bill Hiatt's Author Website
Re: Are you GDPR compliant?
« Reply #36 on: May 26, 2018, 08:39:22 AM »
Rest assured, it is. Not only is it directly somewhere in the EU legislation regarding the GDPR, it has also been by now written into at least seventeen country-specific laws regarding implementation of GDPR I personally am aware of through friends and colleagues. Just because you weren't able to pinpoint it in your quick read-through of language only a lawyer will be able to fully appreciate, or because I have been unable to provide the exact place and clause of it in lieu of my lawyer, doesn't mean it doesn't exist. I'm well-connected to IT nerds across Europe due to my profession and this is a thing all right until further notice. One would hope a clarification comes along which exempts small business from suddenly having to engage translation services.

One might, but again it is unlikely, as the relevant lawmakers and supervisors on EU level consider it a law crafted just the right way to work perfectly...

No. The definition of "intelligible" is "native language". This is a legal definition. It's not some premise of logic one can reason with. That is what is currently chasing webmasters in circles, right behind photographers who since yesterday also have a huge headache.

Well, watching the first big corporations already being served with requests for prosecution and lawsuits sure sets your teeth on edge. But as I said, as long as they are all going after the big names, the small fry are probably quite safe.
With regard to the first part, I want to make clear that I don't intend to be critical of you or your lawyer. However, in the past, I've had a number of situations in which people who should have known what the law was and thought they did prove to be incorrect. I was a teacher for 36 years, and on a number of occasions, administrators with several years of experience talked about education code provisions that turned out not to exist or to be different from what I was being told. (The California Education code is available in searchable form online.) After several instances of this, my mantra became, "Show me a code section, show me a court case, or don't make the argument." (Surprisingly, I was still generally well-liked by administrators.) I've also seen the school district's legal counsel misquote the ed code and be proven wrong about how a court might interpret it. (To be fair, if something's never been adjudicated, it's hard to be sure what a court will do with it.) If I'm skeptical about other people's explanation of laws, it's because of my past experience, not because I have any reason to doubt you or your attorney.

You yourself posted earlier that the definition of intelligible language as native language was not in the actual GDPR but in another document. Article 12 and the attached recitals don't use the phrase native language at all. It's not a question of language only a lawyer would appreciate. It's a question of language that simply isn't in the document. Of course, that doesn't mean it isn't, as you said, in some other document. In that case, though, one would expect it to be relatively easy to find, especially if IT nerds all across Europe are talking about it. However, it's remarkably hard to find.

I can't claim to have done an exhaustive search of the entire internet, but I've tried several different search terms and have yet to be able to find an exact match for what you said. It's interesting that the sites that typically come up are companies, not EU government entitities. If I search US Copyright law, the US Copyright office is one of the top search results. I'm not having the same luck with the GDPR, though.

Anyway, there are numerous checklists for how to prepare for GDPR compliance, and almost none of them mention the native language issue. So far, I've spotted two exceptions. One of them that I found yesterday indicated that multilingual sites should have their compliance material in all the languages they served. I'm sorry I didn't write down the exact location for that one. The other one is here: http://www.viadelivers.com/translated-compliance-gdpr/ Here's the relevant piece: Controllers may also need to ensure that the communication is accessible in appropriate alternative formats and relevant languages to ensure individuals are able to understand the information being provided to them. For example, communication in the native language of the recipient will help to ensure their understanding of the nature of the breach and steps they can take to protect themselves. The material is in quotes, but there's no indication what it's being quoted from. First, it's specific to data breaches. Second, it uses native language as an example, but not necessarily a mandate (making it look as if someone fluent in a second language could be addressed in that language. Interestingly, both of these references are from companies whose business appears to be translation.

EUGDPR.org lists itself as an unofficial education portal for GDPR. The phrase native language appears nowhere in any of its facts or its summary of the GDPR.

The European Commission website (http://ec.europa.eu), which appears to be an official source, similarly contains no references I can find to this issue. This is true even in its sections on business responsibilities for data requests and the section on citizen rights, two spots in which I would certainly expect it.

None of that means the language doesn't exist somewhere, but if it isn't readily available, I have a hard time seeing an American court agreeing to enforce the judgment of a European court on the subject. Both judicial traditions respect the "Ignorance of the law is no excuse" concept--but that assumes the law in question is publicly available. Perhaps it will be soon, but right now it's pretty well hidden.

As far as what the lawmakers will do next, who knows? My guess, though, is that if a lot of unexpected complications arise, they may make changes. They're going to look pretty foolish if they don't.

Regardless of how this shakes out, thanks for bringing it to our attention. You've pretty much persuaded me it would be safer to eliminate comments and the ability to create an account on my website (which isn't necessary, anyway). That eliminates what little personal data I would have collected before and thus makes data requests moot. (The only account on the site is currently mine, and, if it looks as if the issue is going to be contentious, I could delete all the existing comments. Comments are nice social proof, but they aren't necessary for the website to function.)

On a different subject, I may ask my lawyer about applicability of the law. The European Commission says this about who is affected: "a company or entity which processes personal data as part of the activities of one of its branches established in the EU, regardless of where the data is processed; or a company established outside the EU offering goods/services (paid or for free) or monitoring the behaviour of individuals in the EU." It's worth asking if the "offering goods/services" part applies to indie authors. Technically, Amazon is the seller of our books (or D2D and other aggregators, if we're wide--check the "sold by" field, and it's quite clear). As far as the data part is concerned, the plugin I use, Wordpress GDPR, provides an option that blocks all but essential cookies even if a user consents to the use of cookies. On my site, for instance, that would mean no cookies except the one the Cloudflare cdn uses for security--hence, no data processing and "no monitoring the behavior of individuals in the EU." Sure, I'd lose analytics, but that could be a small price to pay for piece of mind. I've tested my site in cookieless condition, and everything runs fine. This may be the way to go.

 


Tickling the imagination one book at a time
Bill Hiatt | fiction website | education website | Facebook author page | Twitter

Online Nic

  • Status: Arthur C Clarke
  • *****
  • Posts: 2759
  • Gender: Male
    • View Profile
Re: Are you GDPR compliant?
« Reply #37 on: May 26, 2018, 09:06:14 AM »
With regard to the first part .... fine. This may be the way to go.

You aren't dealing with case/common law here. EU law is not case law, it's civil law. Very different system. The courts which most likely will deal with infractions of non-EU-websites and people will be EU courts, not US courts. At least that is how it appears to have been done with EU VAT infractions. Can't swear on that, but at least a few cases were dealt with that way.

They will then either simply ask for help, possibly extradition (something the USA are known to also do, e.g. Lauri Love and Gary McKinnon), possibly someone may not travel into the EU or across the EU anymore for fear of being apprehended, and as various retailers have European subsidiaries, they might possibly try to impound money there.

Offline Bill Hiatt

  • Status: Dostoevsky
  • ******
  • Posts: 3336
  • Gender: Male
  • California
    • View Profile
    • Bill Hiatt's Author Website
Re: Are you GDPR compliant?
« Reply #38 on: May 26, 2018, 10:36:32 AM »
You aren't dealing with case/common law here. EU law is not case law, it's civil law. Very different system. The courts which most likely will deal with infractions of non-EU-websites and people will be EU courts, not US courts. At least that is how it appears to have been done with EU VAT infractions. Can't swear on that, but at least a few cases were dealt with that way.

They will then either simply ask for help, possibly extradition (something the USA are known to also do, e.g. Lauri Love and Gary McKinnon), possibly someone may not travel into the EU or across the EU anymore for fear of being apprehended, and as various retailers have European subsidiaries, they might possibly try to impound money there.
That's good to know. In another thread there was some discussion of extradition. I can't be sure this is accurate, but the discussion there pointed out that extradition normally applies to criminal cases where the indictment is at least a felony. Someone can't be extradited for a civil matter, as far as I know, though the person wishing to file suit can do so in the jurisdiction in which the defendant resides.

If an EU court claims jurisdiction and rules on an issue (such as a fine under GDPR), the relevant American court would have to uphold the ruling in order for it to be readily collectible. US courts will often do that, but there are a whole list of exceptions, and the US has not yet signed any agreement specifically regarding GDPR. The US has indicated a willingness to cooperate with the EU in general terms, but I have a feeling that if rulings start coming down that went something like, "500,000 euro fine for not responding to a Croatian in the Croatian language, even though the person has always communicated with you in English, even though the person never indicated that Croatian was his native language, and even though you don't actually have any data on the person in the first place," I have the feeling an American judge might be reluctant to allow collection. (By the way, my handful of Croatian fans are fluent in English.)

As far as collecting from European subsidiaries of distributors is concerned, the EU is welcome to try. So far this month, I've made 1.67 Euros and .87 Pounds. I'm not planning any European travel.

I hope I don't come across as belligerent. I agree with the principles behind GDPR. I can even see the need to communicate with people in a language they understand well, particularly for a multilingual website. For a website that's entirely in English and that advertises books written in English in a language sophisticated enough that people who can't understand something like a data breach message in English aren't the intended audience--not so much. I think I can minimize my exposure, so I'm not too worried, though. My heart goes out to people who don't have any way to minimize theirs.

Are EU regulators really that unreasonable? I see indications that they're more concerned about egregious offenders and that they're more interesting in helping smaller businesses comply than in fining them out of existence. Is that just a pose for public consumption? I'd like to be optimistic and hope it isn't.


Tickling the imagination one book at a time
Bill Hiatt | fiction website | education website | Facebook author page | Twitter

Offline CoraBuhlert

  • Status: Emily Dickinson
  • *******
  • Posts: 8201
  • Gender: Female
  • Bremen, Germany
    • View Profile
    • Cora Buhlert
Re: Are you GDPR compliant?
« Reply #39 on: May 26, 2018, 06:30:40 PM »
Quote
I wonder if unscrupulous lawyers would target prawns knowing they'd probably fold and pay some fee to get the problem to go away instead of fight?? Does that make any sense?

This is actually what has many German website owners, companies and even non-profits like sports clubs worried, because Germany has a bunch of lawyers who swoop in like vultures to send out warnings to people supposedly breaching this or that law and demand fees, so they won't sue. If these cases ever got to court, they might well be struck down, but a lot of people pay up out of fear.

However, this won't affect any prawn outside Germany, let alone in the US, because going after those people would be far too difficult and costly. These vulture are after easy prey.   


Cora Buhlert | Blog | Pegasus Pulp | Newsletter | Author Central | Twitter | Instagram | [url=http://www.pint

Online Nic

  • Status: Arthur C Clarke
  • *****
  • Posts: 2759
  • Gender: Male
    • View Profile
Re: Are you GDPR compliant?
« Reply #40 on: May 27, 2018, 12:00:42 AM »
That's good to know. In another thread there was some discussion of extradition. I can't be sure this is accurate, but the discussion there pointed out that extradition normally applies to criminal cases where the indictment is at least a felony. Someone can't be extradited for a civil matter, as far as I know, though the person wishing to file suit can do so in the jurisdiction in which the defendant resides.

Civil law =/= civil matter

Civil law deals with criminal cases just as case law does. Civil law vs case law is a difference of legal system. Civil law is absolutely not comparable to US/UK law. You are reasoning about these things on the basis of systems which do not apply to what I talk about. Or what GDPR is based on. EU law is firmly grounded in the civil law system.



Without even delving deeper into legal matters, because I am no lawyer, it is e.g. a fact that in many countries in the EU a certain level of regulatory offence or a certain level of money owed a government agency and left unpaid will result in committing a criminal offence or one treated exactly like one. You can go to prison for not paying your debts in many countries in Europe. So please, simply cease trying to apply US legalities to what is an entirely different animal. It won't help you or anyone else in dealing with this.

Cora Buhlert is telling the truth. It also is not just Germany. I have friends in Austria who were just as worried, until the Austrian government devised a "first strike" policy which forces such lawyers to first simply ask for correction of the faulty procedures. The EU currently is working against the Austrian approach and wants to force them to reinstate the full fee system as before.

There are more EU countries where the new law might enable activities similar to this just to harm competitors.
« Last Edit: May 27, 2018, 12:04:01 AM by Nic »

Offline Puddleduck

  • Status: Scheherazade
  • *****
  • Posts: 1067
  • Gender: Female
    • View Profile
Re: Are you GDPR compliant?
« Reply #41 on: May 27, 2018, 06:46:09 AM »
I did the Cookiebot thing and just got the scan back. It tells me there are 11 cookies on my site, including one from Pinterest, which makes no sense because I've never used Pinterest and have no need to have any sort of interface on my website for that. I've sent an email to Wix to ask them if they can help me get rid of the cookies. I don't want to just make a 'cookie policy' because I can hardly explain how the cookies are used if I don't even know why they're there, and I can't let people opt out of them if I don't even know how to get rid of them or turn them off. This is so annoying. I'm really hoping Wix will be helpful and I can get rid of these cookies.

Offline Bill Hiatt

  • Status: Dostoevsky
  • ******
  • Posts: 3336
  • Gender: Male
  • California
    • View Profile
    • Bill Hiatt's Author Website
Re: Are you GDPR compliant?
« Reply #42 on: May 27, 2018, 06:48:22 AM »
Civil law =/= civil matter

Civil law deals with criminal cases just as case law does. Civil law vs case law is a difference of legal system. Civil law is absolutely not comparable to US/UK law. You are reasoning about these things on the basis of systems which do not apply to what I talk about. Or what GDPR is based on. EU law is firmly grounded in the civil law system.



Without even delving deeper into legal matters, because I am no lawyer, it is e.g. a fact that in many countries in the EU a certain level of regulatory offence or a certain level of money owed a government agency and left unpaid will result in committing a criminal offence or one treated exactly like one. You can go to prison for not paying your debts in many countries in Europe. So please, simply cease trying to apply US legalities to what is an entirely different animal. It won't help you or anyone else in dealing with this.

Cora Buhlert is telling the truth. It also is not just Germany. I have friends in Austria who were just as worried, until the Austrian government devised a "first strike" policy which forces such lawyers to first simply ask for correction of the faulty procedures. The EU currently is working against the Austrian approach and wants to force them to reinstate the full fee system as before.

There are more EU countries where the new law might enable activities similar to this just to harm competitors.
Thanks for the correction. I'll just point out that "US legalities" will matter if a US court is asked to require collection or to extradite. There are exceptions to extradition, including dual criminality. In other words, if the offense for which a country is trying to extradite is not a crime in the country in which extradition is being sought, then extradition may be denied. The US has not thus far signed any specific agreement to grant extradition in cases involving GDPR violations. If the situation is as irrational as you suggest, it would be a good bet that extradition would be denied. Nonetheless, I'll consult with my attorney and report back once he's had time to research the situation.


Tickling the imagination one book at a time
Bill Hiatt | fiction website | education website | Facebook author page | Twitter

Offline Bill Hiatt

  • Status: Dostoevsky
  • ******
  • Posts: 3336
  • Gender: Male
  • California
    • View Profile
    • Bill Hiatt's Author Website
Re: Are you GDPR compliant?
« Reply #43 on: May 27, 2018, 06:50:07 AM »
I did the Cookiebot thing and just got the scan back. It tells me there are 11 cookies on my site, including one from Pinterest, which makes no sense because I've never used Pinterest and have no need to have any sort of interface on my website for that. I've sent an email to Wix to ask them if they can help me get rid of the cookies. I don't want to just make a 'cookie policy' because I can hardly explain how the cookies are used if I don't even know why they're there, and I can't let people opt out of them if I don't even know how to get rid of them or turn them off. This is so annoying. I'm really hoping Wix will be helpful and I can get rid of these cookies.
Do you have any social media buttons or similar on your site? If there's one for Pinterest, that's where the cookie is coming from.

It will be interesting to see what Wix's plans for dealing with GDPR are.


Tickling the imagination one book at a time
Bill Hiatt | fiction website | education website | Facebook author page | Twitter

Offline Puddleduck

  • Status: Scheherazade
  • *****
  • Posts: 1067
  • Gender: Female
    • View Profile
Re: Are you GDPR compliant?
« Reply #44 on: May 27, 2018, 07:15:10 AM »
Do you have any social media buttons or similar on your site? If there's one for Pinterest, that's where the cookie is coming from.


Ah, it looks like I did have that on one of my pages. I've taken it off, so hopefully that cookie's gone now.

Offline Day Leitao

  • Status: Lewis Carroll
  • **
  • Posts: 238
  • Gender: Female
    • View Profile
    • Author Sites
Re: Are you GDPR compliant?
« Reply #45 on: May 27, 2018, 07:39:10 AM »
I think people are overreacting about GDPR, especially concerning mailing lists. The regulation is about data.

I will say that it got me thinking about privacy, and I think this is a great regulation. I hope more countries follow. I removed Google Analytics from all my sites, and installed Slimstat only in the websites that I really need to track conversions. I am flying blind in the ones I do not really care. It is one of the few stats plugin that will not share the data with a third party. Even Jetpack shares it with Wordpress.com  Slimstat also allows you to enable privacy mode and honour Do Not Track requests. Haha, this is not to promote the plugin. There are other similar plugins, and I thought it was a change for good. I am no longer feeding Google's Big Brother, and I think about it and feel bad I ever did. I never had Facebook pixels because I think they are even worse than Google in their handling of data. In fact, I think this regulation is aimed mostly at Facebook.

Of course, I could always continue using Google Analytics, but I stopped to think about it, and I don't want Google to have my visitors' data. I also don't want to state in my privacy policy: oh, by the way, I'm sharing your browsing behaviour with Google. Also I do not know how it works in terms of consent. If I have Google Analytics, how in the world can I get explicit consent from visitors to share their data?

For mailing lists, Canada already has a strict law that got people overreacting and panicking some time ago, but it is also for the best. I was careful to be compliant with the Canadian regulation and it is quite similar to the European regulation.

Online Nic

  • Status: Arthur C Clarke
  • *****
  • Posts: 2759
  • Gender: Male
    • View Profile
Re: Are you GDPR compliant?
« Reply #46 on: May 27, 2018, 10:20:08 AM »
Thanks for the correction. I'll just point out that "US legalities" will matter if a US court is asked to require collection or to extradite. There are exceptions to extradition, including dual criminality. In other words, if the offense for which a country is trying to extradite is not a crime in the country in which extradition is being sought, then extradition may be denied. The US has not thus far signed any specific agreement to grant extradition in cases involving GDPR violations. If the situation is as irrational as you suggest, it would be a good bet that extradition would be denied. Nonetheless, I'll consult with my attorney and report back once he's had time to research the situation.

Of course, that's how the UK held on to our hackers. Doesn't make it any less of a hassle, does it? And if one's income and goods are impounded the moment they travel across or enter European space, this also can cause a few awkward moments.

The point I tried to make is that just because the US legal system is different doesn't automatically mean laws governing activities in other countries won't have any effect on you. See VAT for example, which had a huge effect on any company dealing with the EU and which gets prosecuted tit-for-tat between the two entities. A similar agreement is in the works for GDPR.

Online Nic

  • Status: Arthur C Clarke
  • *****
  • Posts: 2759
  • Gender: Male
    • View Profile
Re: Are you GDPR compliant?
« Reply #47 on: May 27, 2018, 10:22:15 AM »
I think people are overreacting about GDPR, especially concerning mailing lists. The regulation is about data.

I think you need to inform yourself about what is "data" as defined by the GDPR.  ;D That's where the panic originated from.

Offline Bill Hiatt

  • Status: Dostoevsky
  • ******
  • Posts: 3336
  • Gender: Male
  • California
    • View Profile
    • Bill Hiatt's Author Website
Re: Are you GDPR compliant?
« Reply #48 on: May 27, 2018, 11:26:52 AM »
The point I tried to make is that just because the US legal system is different doesn't automatically mean laws governing activities in other countries won't have any effect on you. See VAT for example, which had a huge effect on any company dealing with the EU and which gets prosecuted tit-for-tat between the two entities. A similar agreement is in the works for GDPR.
I never argued that laws governing activities in other countries won't affect US citizens. You're quite right about that. Nor should it, as long as those laws are reasonable.

The problem is that you're presenting some of those laws as being completely unreasonable. I look at what it says on the European Commission website, and I say to myself, "Compliance isn't that hard to achieve." I look at your comments and want to take my website down and give up.

The US has already expressed a general cooperation with GDPR, but, if you're right about the way it will actually work in practice, I doubt there will ever be the kind of solid agreement you're visualizing, at least as far as extradition is concerned. The issue is a lot thornier than VAT. All governments like to collect taxes , and most of them moved in the direction of collecting on internet transactions.

It's not that people aren't interesting in internet privacy in the US, particularly after the recent Facebook debacle. In some ways, that leads to a sympathetic climate for GDPR. However, if a lot of businesses, particularly small ones, get hit with big fines on what Americans would think of as relatively trivial issues, that sympathy will likely fade fast. I'd like to think the EU would be reasonable about the way it enforces GDPR, but if it isn't, well, the US has an election coming up in 2018, and some are already looking toward the presidential election in 2020. If GDPR really blows up into a compliance nightmare, no major political figure is going to want to be seen as supporting that.

Of course, indie authors aren't perhaps as exposed as companies actually selling in Europe. As I pointed out earlier, we generally sell through distributors. I'd say this is not a good time to sell from one's own website, because that requires more tracking to work. Assuming one isn't selling, it's possible to minimize the amount of data collected by a website. Direct data collection generally happens through the need to create an account and log in. A website that doesn't require a login in order to access site features removed the incentive to create an account. (I have exactly one account on my website--my own.) As far as cookies are concerned, as I've said before, the GDPR plugin I use would let me block all but essential cookies even if a user consents. I've checked the site, and everything works without cookies. No direct business with EU nations, no information collected would seem to equal no exposure under GDPR, even if it's enforced in an irrational way.

I like this discussion because it's forced me to question if what I'm doing is truly essential. I removed Google Analytics from my site this morning and deleted my Analytics account (which will in 35 days permanently delete all the associated data). It was interesting information, but frankly, I can live without it. If I were a big company, I might feel differently.


Tickling the imagination one book at a time
Bill Hiatt | fiction website | education website | Facebook author page | Twitter

Online Kwrite

  • Status: Madeleine L'Engle
  • **
  • Posts: 77
    • View Profile
Re: Are you GDPR compliant?
« Reply #49 on: May 27, 2018, 11:32:08 AM »
I did the Cookiebot thing and just got the scan back. It tells me there are 11 cookies on my site, including one from Pinterest, which makes no sense because I've never used Pinterest and have no need to have any sort of interface on my website for that. I've sent an email to Wix to ask them if they can help me get rid of the cookies. I don't want to just make a 'cookie policy' because I can hardly explain how the cookies are used if I don't even know why they're there, and I can't let people opt out of them if I don't even know how to get rid of them or turn them off. This is so annoying. I'm really hoping Wix will be helpful and I can get rid of these cookies.

Did your report came back like a bunch of code? I ran a Cookiebot scan and received my report. I have no idea what it's saying.