The GDPR flop - I tested it with a complaint!
A lot of websites have stubborn pop up plugins that force you to accept or you can't enter, right there is a breach of GDPR because you should be able to use the services without accepting, but they'll pretend to give you an opt out so it looks like they are complying.
What happens when you try to opt out
I already blogged that trying to get into Rocketmail / Oath they had a particularly scary one that said they needed to access my devices and no clear way to opt out - just a maze of links telling me I could go opt out if I so desired, and so I actually took the time and followed through all the links to try and opt out and couldn't.
On many other sites I notice we get redirected to a privacy policy that they think covers them but again no real way to opt out, because they'd be letting you opt out of their way to make money on ads, those that do provide true opt out would be the exceptions.
And then on some sites there were big buttons I could click - but instead of one opt out button there were 300 individual ones, some of which demanded I go onto their privacy policies to opt out too - and some saying that I'd already opted in somewhere else even though I didn't know because that was one of the sites forced it for me to enter. See how they are not working together.
I tried to report GDPR breach
Ok, how are we even to understand a 'breach' anymore, the difference between sensitive and non-sensitive data has got lost. Your bank details and medical records are not exactly being strewn across the cyber universe - or are they - we'll never know what those 3 party profilers accessing our devices are actually up to. All I knew was Rocketmail and other sites were making an idiot out of us, being offered a choice that is not a choice - that was my complaint:
--If it is the law to offer me a choice then where is it - there is no choice and don't make me say or think that I had one!--
Who are they kidding! You won't be able to use the full internet without accepting, even if you get out of it on one site you'll be tied into 3rd party ad companies via another vital site you need to access anyway.
So I contacted the national GDPR complaints in this country and they were't interested - of course not. Their excuse was I had to contact the website 'in breach' and use a special form to do so but that was not possible to do. The particular website I was complaining about had no way to contact or accept a form. End of story.
The giant sites out there are making a fortune on ads and THAT is not going to change. Why pretend to offer choice and comply is what bugs me, the farce of it all. If they do something really really naughty and it's exposed then I'm sure they'll get a little slap, but it'd have to be real big for anyone to give a damn.
No Concensus - Settling Period - CYA
You are just not going to get a concensus in ways to deal with GDPR, the dust is also still settling and in some surprisingly farcical stupid ways, so maybe just understand the purpose of it in protecting breach of sensitive personal data, permission to use someone's email, photo, name only if they are European, do what you like to the Americans lol. Cover the basics. Once you can show you are making an effort then technically you're covered.
On my blogs I already showed you the good videos to watch that explained GDPR, and a shortcut SPAD - security, privacy, accountability and data - that applies to us as affiliate marketers. And if you know what GDPR is actually about then you won't be so confused.
Those using adsense have to play a certain game of jumping through hoops because they wrote some stuff into their Ts&Cs to protect their revenue and make it look like you are offering an opt out when really you aren't, like the big sites this is all exterior gloss and a nod to the 'accountability' part of the law, if you look like you are doing something then your ass is covered.
What compliance could look like
If people were really to take personal or sensitive data seriously then in reality they should be more concerned about sharing the photo or name of a European resident without their permission and THAT is not happening, we all screenshot comments all the time including in here at WA, and until someone actually complains then you'll likely keep getting away with it. As the national GDPR complaints system wants contact between the two parties first.
Is GDPR about opting in or out of ads?
Well if they were serious about that then there'd just be a big 'remove me' or 'opt out' button to do it in one, and that just isn't popping up!! Of course no one would opt in to being followed or being marketed at, so they don't make it easy to opt out! They don't want to lose money. Their revelations as to how they psychologically profile us in light of GDPR was all a bit scary, but no one at a higher level is dealing with that and what are we affiliate marketers doing that compares with that?
Sounds like just use your common sense on being careful with someone's identity, which anyone with manners would do anyway. AND fulfill any requiremnets that come your way - that is being accountable.
*Some people are talking about cookie pop ups, well that's a different law and covered by Marion Black. Again cya cover your ass seems to be the only valid reason anyone uses them, as they are another farce that alerts us to something we cannot actually choose either.
A reminder of the basics
As someone not using Adsense I have very few alterations or extra plugins on my sites, until and unless google slams us with an algo, but I do keep an eye on Security, Privacy, Accountability, Data
- Security: Security is easy at WA, work on it if hosted elsewhere, and update those plugins
- Privacy: make sure you have the updated privacy policy at WA in the templates
- Accountability: I've followed what is known to date on 'best practice' for affiliate marketers eg we have the updated privacy policy here at WA, we jumped through some of the google updates when they came out, we keep up with updates on compliance
- Data: with Europeans you have to get permission as to how you use their data, that's why there's confusion with popups - if they sign up to receive something from you have they actually signed up to marketing campaigns too - that's where telling them what they are signing up to is built into so many plugins but you could actually state it on your site - but they also have to have a choice not to have their email used for marketing, and to unsubscribe. Wordpress has some of that built in, they had an update to the Tools so people can ask to be removed etc
I covered this more in my blog on it, it's a mess out there in terms of bad legal advice and marekting opportunities for plugins.
Mary
Recent Comments
34
I gotta say, reading this before getting my own sites up and running, it's a little intimidating... GDPR, yes I've heard of it, even over here in Canada, there's privacy and controls on the electronic data for the professions I am in as well (accounting and taxes), it's all so much to take in all up front. one day at a time and fix what I did wrong at the start? probably my only option.
Thanks for the detailed writeup @mozmary.
just take it as it comes, likely not too much to fix, compliance is getting built into things going forward, and see my old blog on it being more than a privacy policy
yes, some of them are so aggressive I just bounce off to another site and it was predictable ...
well I can't 'advise', some poeple don't have gdpr pop ups and some do, I don't, but I'm not running adsense or any program that demands them either
Good afternoon Mary,
When I thought I kind of understood it all I am lost again in the labyrinth thanks to your post.
I will leave my website as it is and hope for the best, I have done my best.
Thank you for the update, you are also doing very much your best.
Greetings from the south of Spain, Taetske
doing your best is being accountable, you have something to show them if in the unlikely event you got asked, and you can always agree to change things if in the unlikely event they get pushy
- it's partly about show, as we can see with the big earners!
Thanks for doing all that and sharing, Mary.
I guess with hindsight we could see it wasn't going to be plain sailing.
Everyone will have had probs with these pop-ups. I confess I usually just Accept as it's the easiest option :-) although I have gone through the options on some sites just for fun :-) but at the end of the day, I only give my email to the sites I want to give it to and I seem to be pretty much programmed to automatically ignore ads :-) I might actually click on one every couple of weeks.
If anyone is really concerned they can delete the site's cookies. But it's all a nuisance, none the less.
As for our WA sites, we can only do what we can do,
Ian
Nicely put! That's pretty much how I cruise too. We'll never know how deeply they are tracking us. The worst of it is for sites who use those pop ups, they can be so annoying at times I don't proceed so they are losing traffic and increasing bounce rate imo if they pop ups are too stubborn about letting us proceed. Certainly nothing uniform on that too, so not everyone is losing out equally :D
Yeah. Not wanting to be conspiratorial about it :-) but tracking is the thin end of the wedge. Actually, it's not so thin now.
But had another thought. Most browsers have a privacy mode which, I think, deletes all cookies when you close it. Now, I don't want to remove ALL cookies from ALL sites as they have many benefits, but if you're going to access a site that you don't want to track you, try private browsing.
See more comments
Thanks for sharing, Mary.
Thank you Roger!
You're welcome, Mary.