On May 25, 2018, enforcement begins on a new set of European Union (EU) regulations designed to protect the privacy rights of consumers online called the General Data Protection Regulations, or GDPR. These regulations are designed to protect EU consumers globally, not just within the boundaries of the EU, so it has the potential to affect American businesses and websites that have customers in the EU, even though the regulations are not part of the United States legal structure.
The idea is that if a person in the EU visits and gives personally identifying information (PII) to a website anywhere outside the EU, their personal information is protected because they are making the transaction from within the EU, even though the transaction itself may not take place in the EU. For instance, if someone from France visits this website and opts into the email subscription form at left using their email address, they are giving me personally identifying information, and it is my responsibility to be transparent about what that information will be used for, as well as providing the subscriber with the ability to opt out of the subscription easily if they so choose. Since I don’t actually sell anything through this website or my consulting website and don’t do business in the EU, my exposure appears to be limited to the caretaking of email addresses. At least, that’s how I interpret the research I’ve been doing.
To that end, here is my official statement regarding my intent for the PII of my site visitors.
- I will never sell your personally identifying information. I will never give it to anyone without directly asking your permission first (and likely will never give it away for any reason.)
- The regulations state that any opt-in features should require active input from the user, like checking a checkbox that is not already prepopulated or another “binary choice given equal prominence.” This site already complies with that, because a user must type in an email address and actively click a Subscribe button to join my site’s subscription list, which I then manage personally, not through any third party.
- This website is the only entity authorized to use any personally identifying information gathered from visitors (email addresses, in this case), and it will only use that information for purposes of notification about website updates or direct interaction initiated by visitors to the site.
- You are free to leave the subscription list at any time. Just visit the Contact page and let me know you want your address removed. I will comply as soon as I am able, after which you will receive one confirmation email from me at the address you provided on the Contact form, but no more subscription or site related emails after that.
- Per the requirements of the regulations, I will begin keeping private records documenting how and when visitors provided me with personally identifying information, what that information consists of (email addresses), and what the visitor is consenting to (email notifications of new blog posts or relevant site-related changes.)
If you have any questions or concerns, please use the Contact page to let me know. Thank you for your time and understanding.
Stacy A. Johnson
Owner and Maintainer, lytspeed.com
May 23, 2018