Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
#217 2018-04-30 16:27:25
Re: Txp cookies, visitor logging, and GDPR stuff in general
jakob wrote #311527:
1. We have archives of past summer courses with photos of participants taking part. The past participants value them as a reminder, and new participants value them as an indicator of the course vibe. It’s impossible to go back and ask them all again.
I can’t say anything with regard to GDPR compliance, sorry, but what I do see happening in general from this Reg is orgs buckling down on their content strategy plans and processes, or will need to create them to begin with. For example, all kinds of content auditing will become routine, and making plans for how to deal with it. Addressing critical questions like retention times and so on. Tying all these things together.
2. More contentious is perhaps the fact that a lot of such organisations (and probably many others) have their own researched lists of mailing recipients that they have been using since the days of postal mailings and word mailmerges. At some point in the past, those were entered into some mailing system, first some excel/access/outlook setup, later an online service. These aren’t purchased mass-mailing lists so these organisations aren’t nasty guys, it’s just their list of contacts. I suspect that’s fairly widespread practice regardless of whether correct or not. However, we don’t have a record of their consent anywhere, though many have been in the system and receiving emails for years.
This one is more clear. Fact is, a lot of people are on mail lists they would not choose to be if they knew they were, and if they did know and valued the list, they won’t mind abiding by the requirement to re-consent so you don’t get in trouble.
As an org, my position would be to start honest ASAP. Having to abide by the ‘opt-in consent’ situation, I would start a new, empty list with all the usual opt-in bells and whistles, then send a list message to the old list saying, ‘it’s GDPR time, folks. This list is closing on May 25th and all your accounts will be deleted with it. If you still want the good juice, you must subscribe at [this new list] by that time, or any time after, but the old list will be gone to the ether.’
Proactive triage is the prudent move.
Offline
#218 2018-04-30 20:05:43
Re: Txp cookies, visitor logging, and GDPR stuff in general
michaelkpate wrote #311534:
:-) It’s another aside, but I agree … partially (though don’t care much for the author’s tone of language sigh). It has made Street View virtually unusable in Germany to the point that Google have given up putting their Street View data online. The place where I live was scanned by Google several years ago but the data has never gone online. You can only see panoramas that users have uploaded … that are not then pixelated, making a mockery of the original purpose.
Otherwise … well, it’s so easy to poke ridicule from afar but much harder to understand what it means at a psychological level to a country like Germany until you’ve lived here for a while and began to understand how surveillance affected the lives of so many people at the most fundamental level and bred distrust in society and the establishment. Even after many years of living in the former East Germany, I ‘understand’ it but don’t ‘feel’ it the same way as many people here do. It’s really no wonder that people get jumpy about it …
TXP Builders – finely-crafted code, design and txp
Offline
#219 2018-04-30 21:08:19
Re: Txp cookies, visitor logging, and GDPR stuff in general
jakob wrote #311539:
(though don’t care much for the author’s tone of language sigh).
Jeff Jarvis is the Director of the Tow-Knight Center for Entrepreneurial Journalism and a
Professor at the City University of New York. He gets invited to speak at German Media Conferences on a fairly regular basis as well as having pieces published by the German Press.
He also writes at his own blog, BuzzMachine, and well as Medium.
So while he hasn’t lived in Germany, he has thought a lot about these issues, from an American perspective.
Offline
#220 2018-05-01 09:46:57
Re: Txp cookies, visitor logging, and GDPR stuff in general
Should we forget the right to be forgotten? Here’s on opinion in the guardian.
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
#221 2018-05-02 06:57:10
Re: Txp cookies, visitor logging, and GDPR stuff in general
Heard back from legal counsel at Protonmail. They are not only compliant, they sent me a DPA. I need only sign it digitally and send a copy back.
Just need one now from WebFaction and I’m set.
So, Planeth, Protonmail, at least, can go in your databse, I guess. But probably need an explainer about the DPA as there is no direct link yet that I find.
P.s. Reach PM at ‘support’ by email.
Offline
#222 2018-05-02 07:40:08
Re: Txp cookies, visitor logging, and GDPR stuff in general
Destry wrote #311556:
Heard back from legal counsel at Protonmail. They are not only compliant, they sent me a DPA. I need only sign it digitally and send a copy back.
Good for them!
And that is good to know in case I need something like that (still haven’t heard anything from Dreamhost). Thanks for investigating that one.
Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern
Offline
#223 2018-05-02 07:50:16
Re: Txp cookies, visitor logging, and GDPR stuff in general
Also, Protonmail reports a recent high increase in phishing attempts on PM servers.
Be smart about the emails you open, links you click.
Offline
#224 2018-05-02 09:18:53
Re: Txp cookies, visitor logging, and GDPR stuff in general
jakob wrote #311533:
I am interested to know what to do about legacy data, though, and about the nuisance factor of informing / re-asking everyone.
In the case of mail lists, including all legacy contact info, I’m pretty sure it’s similar to how I described, and exactly as the Guardian is doing, as Phil pointed out.
Here’s another example. I just got a message from a conference mail list I’ve been on for the last 10 years. They’re now using MailChimp. Here are parts of the message:
You may have heard about the new General Data Protection Regulation (“GDPR”), that comes into effect May 25, 2018. To help comply with GDPR consent requirements, we need to confirm that you would like to receive content from us.
…
If you’d like to continue hearing from us, we ask you that you please update your subscription settings. If we don’t hear from you, after May 26, 2018 we’ll automatically remove you from our database.
Then at the bottom it provides a Mailchimp button ‘Update Settings’. And in the message footer (a Mailchimp template) there are also links for ‘Unsubscribe’ and ‘Update Settings’
The assumption here is they will be deleted if they do nothing, or a user can unsubscribe sooner or accept (give consent) by chang settings.
My experience with mail list unsubscriptions is not perfect. I’m not always (rarely) unsubscribed, so I’d hope not doing anything here would get me forgotten once and for all. I’d be less trusting of the ‘Unsubscribe’ button, though in the case of a Mailchimp list, it’s probably safe, and especially in light of gdpr.
Bloke wrote #311529:
The issue, as jakob highlights, is that email click through rates for getting people to opt-in in the first place is probably less than 10%. And that’s assuming they haven’t already marked your marketing materials as instant spam. The conscientious, sure, will click and either continue to receive correspondence or will use the opportunity to review their
spammarketing footprint and get out.
Ah, yeah. I now appreciate what you’re saying there. It takes a few hammer strokes in this stuff.
Last edited by Destry (2018-05-02 11:22:19)
Offline
#225 2018-05-02 12:10:42
Re: Txp cookies, visitor logging, and GDPR stuff in general
From a standpoint of data breaches, how do firms stand that leak personally identifiable information under GDPR?
I noticed in recent memory that both gmail and hotmail changed their sign-in process to a two-step system. So instead of username and password being on one page and if you mistype something it says “sorry, one of the above bits of info is incorrect” after form submission (thus leaking nothing) they now do this:
- Enter your username
- Click Next
- Enter your password
- Click Login
If you enter an account name that doesn’t exist in step 1, it tells you immediately when you execute step 2 and won’t take you to the enter password step. Thus to locate the existence of anyone’s email address (personally identifiable info?) is a simple case of trying various words until it lets you into the password step.
Granted, when GDPR hits you won’t be able to use that information for marketing purposes without opt-in (heck it shoudn’t be allowed now but that’s the world we live in) but is that termed a leak of personal info?
PayPal do the same two-step thing, but if you type random text – even with nonexistent domains – it still takes you to the enter password step. Never thought I’d say this but… Good PayPal.
The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.
Txp Builders – finely-crafted code, design and Txp
Offline
#226 2018-05-02 13:45:39
Re: Txp cookies, visitor logging, and GDPR stuff in general
Destry wrote #311556:
So, Planeth, Protonmail, at least, can go in your databse, I guess.
Thanks Destry?. Done
Offline
#227 2018-05-02 15:03:47
Re: Txp cookies, visitor logging, and GDPR stuff in general
Hosted in this repository are the technical specifications for IAB Europe Transparency and Consent Framework that will help the digital advertising industry interpret and comply with EU rules on data protection and privacy – notably the General Data Protection Regulation (GDPR) that comes into effect on May 25, 2018. – GDPR Transparency and Consent Framework
Offline
#228 2018-05-02 15:23:13
Re: Txp cookies, visitor logging, and GDPR stuff in general
Destry wrote #311556:
Just need one now from WebFaction and I’m set.
interested in this. let us know what you hear
…. texted postive
Offline