EU GDPR

25 May 2018

Oh No, Not Another One: My Statement About Privacy Statements

by Freddy J. Nager, Founder of Atomic Tango LLC + Guy Who Used To Like Cookies; image from the official EU GDPR website

Let me guess: your email box was flooded with so many privacy statements this past week that you thought GDPR stood for “God Damn Privacy Revisions.”

You’re close.

GDPR stands for the European Union’s General Data Protection Regulation — not the most memorable name ever. In fact, when I first saw GDPR I thought it stood for German Democratic People’s Republic.

I was close.

But instead of being a diktat from the East German secret police, GDPR addresses Big Brother of another sort: the capitalist tech companies who have been tracking, stalking, leaking, buying, and selling every bit of data they could vacuum up about our lives.

Yes, I’m talking about the People’s Republic of Zuckerberg.

In short, the European Union laid down the law for businesses all over the world on how they could handle personal information about EU citizens. Any company that has ever accumulated the least bit of data from an EU citizen — or might do so — needs to abide or hide.

Some chose to hide, blocking Europeans rather than revising their practices, policies, and privacy statements.

But I welcome Europeans. I have European friends and colleagues and students, including some who have written for this site. I want them to visit Atomic Tango often.

So, yes, I too am issuing my own privacy statement. Since I can’t afford a Chief Data Protection Officer (CDPO — not to be confused with the Star Wars droid), I have done it myself while consulting online sources (including WordPress, which helped me develop this official Privacy Policy) and my own whims (see below).

Cookies

I use cookies, particularly the Thin Mints hawked by the little uniformed pushers called “Girl Scouts.” I still have the side effects of their somehow legal trade clinging to my waistline.

When people visit my website, it places a cookie of another kind — a bit of code — into their browser. That code is used by my analytics programs — specifically Google Analytics and WordPress — to tell me what my visitors are doing anonymously. I have no idea who they are — they’re just aggregated numbers — but I can see how many are repeat visitors, how long they stay, what pages they visit, where they come from, and where they go after they leave. That info helps me make my site more to the liking of visitors in general. It also tells me whether I’m wasting my time.

Even though the info is completely anonymous, I understand how some people might feel uncomfortable sharing it. In which case, they can go into their browser settings to block cookies. (Kind of like what I try to do when presented a box of coconut and chocolate Samoas. Oh, so evil and delicious.)

If you choose to block cookies, no worries: you can still enjoy my website. Not saying you will — that’s just my goal.

By the way, I don’t use cookies to run tracking or retargeting ads. Like the vast majority of sentient beings, I find those ads creepy and annoying and simply bad marketing.

Affiliate Links

Some of my articles feature links to products on Amazon. If you click on those links then buy anything, I get a small commission to support the Atomic Tango Martini Fund.

Amazon doesn’t tell me who clicked or what they purchased. Like the cookies, it’s all anonymous. Again, I understand how that still might make some people uncomfortable, particularly if they’re buying something embarrassing, like books by Seth Godin. In that case, simply don’t click on the links or, if you do, don’t buy anything immediately following the click.

And by the way, I would never endorse a product I don’t believe in, such as books by Seth Godin.

Email Addresses

I’m happy to see stricter email policies. I frequently download marketing white papers and studies from various companies, and find most them to be simply glorified brochures. Within days, my email box gets flooded with sales pitches from other companies I never heard of — some of them competitors who didn’t bother to research who I am, and who then subject me to poorly written tedium. (If you’re going to spam me, at least entertain me.)

So I treat my subscriber email addresses with respect. In fact, I treat them as if they’re radioactive — I don’t touch them or even look at them. I just let my automated syndication program send out the new articles. That means I never share, sell, publicize, or otherwise use subscriber email addresses for any other reason, and subscribers are free to unsubscribe at any time, deleting their email addresses from my system forever.

On another note, visitors previously had to provide a name and email address to comment on my blog posts. That was to keep spammers and trolls at a minimum, though that rarely works anymore, given how many spammers and trolls have email addresses like lk2j34l2j34l@l23kjl234008.com. (Please don’t email that — I made it up, but as the gods of randomness would have it, it could connect you with a spammer or troll.) So I got rid of that requirement. After all, few people ever comment on blogs anymore. (Damn you, social networks, for comment hoarding.)

As for any past comments posted on my blog, those writers can contact me and let me know which of their comments they’d like me to remove, and I will delete them ASAP, usually 24 hours or perhaps a bit longer if I’m on vacation or incapacitated. It will be as if that comment never happened. Like some unfavorable news event in a People’s Democratic Republic.

Parting Shot

And that’s it for my little site… so far. I think. I hope. (If I missed something, please let me know, but don’t tell me your email address.) I’m no lawyer, and the GDPR rules are so vague yet complex that even companies with in-house legal teams would rather block Europeans than figure them out.

In fact, when I asked Amazon for help creating a GDPR-compliant privacy policy pertaining to their Associates (affiliate) program, they essentially said, “Oh hell no, you’re on your own”:

“Unfortunately, we can’t speak on the GDPR regulations placed on you by Europe; this is something you need to speak with your local government about, or an attorney to obtain the proper regulations and guidelines in relation to the Amazon Associates Program.”

Thanks for all your help, multi-billion-dollar megacorporation with a giant legal team.

What’s more, each member nation of the EU will soon devise their own data and privacy laws. And that’s exactly what a small California-based business like mine wants to spend time doing: monitoring the laws of other countries on top of multinational laws, in addition to local municipal, county, state, and federal laws here in the U.S. of A.

So short of taking down my website altogether (tempting, very tempting), I will likely have to make more changes.

I do know that I’ll think twice before requesting any visitor information down the road. For example, one rule stipulates that Europeans under 18 must have parental permission before providing even an email address.

And I’m liable for that?

Now, if I were to ask every visitor who wants to subscribe or contact or comment what country they’re citizens of (they could be living in Los Angeles, but EU laws protect them no matter where they reside) and how old they are, and demand that they provide proof or written permission from their parents, well, wouldn’t that actually violate their privacy and require collecting their data, which they could remove at any time, thus revoking said permission?

God Damn Privacy Revisions.

Tags : , , , , ,

Freddy is the Founder & Creative Strategist of Atomic Tango. He also teaches at the University of Southern California (go Trojans!), shoots pool somewhat adequately, and herds cats. Freddy received his BA from Harvard and his MBA from USC.

Check Out These Related Articles

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.