Thursday, May 31, 2018

How to Fight Back Against Privacy Breaks!

When installing apps, for example, to be able for readers to share your posts or blog articles to LinkedIn, Twitter, Facebook... you name it - a window shows up wants you to allow access for a number of functions:

This application will be able to

  • Read Tweets from your timeline
  • See who you follow, and follow new people
  • Update your profile
  • Post Tweets for you

Will not be able to:
Access your direct messages.
See your email address.
See your Twitter password.
A High Privacy Price, Social Media Users Have to Pay... 
and all these companies make money with your work, and on top of this, selling the data.

Google and Facebook are at the heart of today’s personal data extraction industry, and that this industry defines (as well as supports) much of our lives online.

Our data and data about us is the crude that Facebook, Twitter, LinkedIn and Google extract, refine and sell to advertisers.  This by itself would not be a bad thing - if it were done with our clearly expressed (rather than merely implied) permission, and if we had our own valves to control which personal data flows around.
And if we could scale across all the companies we deal with, rather than countless different valves, many worthless, buried in the settings pages of the Web’s personal data extraction systems, as well as in all the extractive mobile apps of the world.
It’s natural to look for policy solutions to the problems.  There are some good regulations around already. Most notably, the GDPR in Europe has energized countless developers to start providing tools to individuals (no longer just “consumers” or “users”) in order to control personal data that flows into the world, and how that data might be used.

Even if surveillance marketers find ways around the GDPR (which some will), advertisers themselves are starting to realize that tracking people like animals only fails outright, but that the human beings who constitute the actual marketplace have mounted the biggest boycott in history against it.

These companies benefitted from the corrective influence of fully empowered individuals and societies: voices that can be heard directly, consciously and personally, rather than mere data flows observed by machines.

That direct influence will be far more helpful than anything they’re learning now - just by following our shadows and sniffing our exhaust, mostly against our wishes.  A Must-Read is "The Tradeoff Fallacy: How Marketers are Misrepresenting American Consumers and Opening Them Up to Exploitation', a report by Joseph Turow, Michael Hennessy and Nora Draper of the Annenberg School for Communication at the University of Pennsylvania.
Our influence will be most corrective when all personal data extraction companies become, what lawyers call second parties.  That’s when they agree to our terms as first parties. These terms are in development today at Customer Commons, Kantara and elsewhere. They will prevail once they get deployed in our browsers and apps, and companies start agreeing.  Which will in many cases give them instant GDPR compliance, which is required by next May, with severe fines for noncompliance.

Meanwhile, new government policies that see us only as passive victims will risk protecting yesterday from last Thursday with regulations that last decades or longer.  So let’s hold off - until we have terms of our own, let's start performing as first parties (on an Internet designed to support exactly that), and the GDPR takes full effect.  Not that more consumer-protecting federal regulation is going to happen in the United States anyway under the current administration: all the flow is in the other direction.

By the way, I believe nobody “owns” the Internet, any more than anybody owns gravity or sunlight. 


Tuesday, May 15, 2018

Big Topic Everywhere: The New GDPR Rules

The GDPR (General Data Protection Regulation) requires website owners to be transparent about how they collect, use and share personal data.  It also gives individuals more access and more choice when it comes to how their own personal data is collected, used, and shared. 
GDPR affects anyone who collects data from people in the EU, such as newsletter subscribers, freebies sign-up or purchasers of digital or tangible goods.

The law goes into effect on May 25, 2018 - which is next week!

It’s a European law that grants personal data rights to individuals in the European Union. However, its requirements apply to all sites and online businesses who collect, store and process personal data about individuals in the EU.

Wordpress, for example, offers a Plugin that assists website and webshop owners with European Privacy Regulations (GDPR) in English and German language.  Get it here:

If you are using a trusted provider like ConstantContact, AWeber, or MailChimp, for example, you are likely in good hands. These companies are what GDPR calls data processors, which means that they have a responsibility with the data you collect for your email list. They will do a lot of the heavy lifting for you. 

They are providing checkboxes to help you gain lawful consent. They might also create a segment for EU people in the back end of your email so that you can obtain consent from those people already on your list.
MailChimp Newsletter Service Informs Their Customers: We are excited to announce that new tools are available to make your GDPR preparations easier. 
  • GDPR-friendly forms. In just a few clicks, you can set up a form that collects (and records) the consent you need from your contacts.
  • Improved contact managementThe process of updating, exporting, and sharing a contact’s data upon their request is now quicker and simpler.
  • An updated data processing agreement. We’ve certified to the EU-U.S. Privacy Shield Framework and the Swiss-U.S Privacy Shield Framework, so once you complete our new DPA and obtain appropriate consent, you can legally transfer contact data from the EU to MailChimp in the U.S.
You might ask:  Does anyone read my privacy policy page?  Does it even matter?  Well, it’s a legal contract between you and your readers.  And now under GDPR, your privacy policy should be linked to in every form where you ask someone to sign up for your email list.