Since I last wrote about the privacy updates that are mandated by the EU to cover website traffic on American websites by EU nationals, much has happened.
Several clients have shared their thoughts with us on why the sudden change. Some are listed below.
“I do feel lucky about not getting caught, but also want to be safe.”
“I’ve just had a lawyer call me and I feel like I need immediate action on the privacy updates as I don’t want to end up in court on a new matter.”
As for me, my perspective is that it is not expensive or hard to do the implementation to be in compliance with the GDPR. I am risk adverse and feel that eventually the US will institute some controls so we will be ahead of the game by changing our own websites now.
Privacy AND Facebook, do they work together or against each other. Now that Facebook has revealed the depth of its depravity, in the search for more advertising dollars, and the EU has taken issue with Facebook’s and Google’s very lax standards and created tough new privacy regulations. We have a new world reality.
What you thought was private simply never was, we just didn’t know that. This lack of transparency was all used to make money off of your information and to create deep data mining preference to sell ads targeting you. But it did not stop there, this data was then shared around with others on the Web, without your knowledge or approval.
Enter in our new world. Facebook has encouraged a level of sharing that we have all embraced. We wanted to see news, videos, and recommendations. We wanted to connect with others that were friends, family, those we had past history with, as well as past colleagues. Facebook took that information and used it for its own gain. But, if that was not bad enough, Facebook allowed others we did not know about to take our data, demographics, and preferences and share them with third, fourth, and even fifth parties. Even using our own profiles to access anyone else’s profile connected to ours and take their data too. The end result was the reality of “privacy” we thought we had in our own individual accounts was false.
As draconian as the EU privacy guidelines are for websites to adhere to by May 25, 2018, I applaud them and embrace them. We should all know what is done with our information. We should know that we can now ask to have it removed – easier for those in the EU to demand than US residents. We should know who our data is being shared with for data mining and ad serving.
As for myself, I have removed all but one or two things from my Facebook profile. Facebook does not need to know my political or religious views. Nor should it know my age and for that matter at this point even location.
I personally am actually looking for alternatives to Facebook as this recent privacy issue has revealed the heart and soul of Facebook as a platform, and I do not like what I see. We were all lulled into thinking that Facebook was fun a place to connect, but now I perceive it as a place to steal my privacy and personal data from me all for the single-minded use of making money off of me.
On May 25th the European Union’s (EU) new security policy goes into force. Even if you are not located in the EU, you should do a careful review as you may still be able to be sighted with a penalty as website visitors may be located in the EU.
Below are my recommendations on what to do with the pending 5/25/18 EU required changes.
First, it is important to know that I am not a security policy consultant, but I am making recommendations to you that may be helpful as you review your own policies and procedures.
Even though you may not advertise or target the EU, website owners are still required to protect and adhere to the guidelines that the EU has laid out and is forcing Google and other tech firms to embrace legally.
Move to https from http to allow for a greater level of website security and encryption of form submissions from an https page.
Enewsletters – stop doing auto subscribe for any newsletters (if you still do this). EU Users, now based on the new requirements, must state that they are desiring to opt in to your list.
No online forms should request sensitive information like health information, insurability, etc. If you need this for your business, you need to find a more secure way to ask than using a website form. In the USA we have HIPAA rules and you should already be compliant.
Review in Google Analytics the new data retention sections and other settings that Google has recently rolled out and that are live now. These are available now under the admin section. You will need to work through each option to choose the one that is right for you and then list your selections for transparency on the policies page in the Analytics section. I have personally selected data retention for my own site of 14 months, right now the default is 26 months.
There are a number of other new settings in the admin section in Google Analytics on server sessions and visitor identification. You will want to look at that for sure to make sure you do not need a new configuration update.
I would recommend you move to the newest version of Google Analytics code if you can at this time so that you can affect change to some of these settings that are only available to sites using the new code snippet.
Review your own website visitor geo information. If you have a number of visitors from the EU, you may also need to create a cookie approval doorway option for your site. One where the user has to click their approval for a cookie set to enter into your website. This becomes crucial to get this approval if you are using Google Remarketing, Google AdWords, and any website tracking tool or conversion codes. If you are using Facebook Remarketing you need to get cookie approvals too.
Become aware of the EU data retention rules, operations to remove personal data when requested, but most of all be transparent of what you do with information you collect.
If you are heavily involved in selling to or have strong visitor numbers from the EU, get up to speed now on what is required as it may be time consuming to make changes and institute new security policies.