Welcome to episode 147 of the Food Blogger Pro podcast! This week on the podcast, Bjork talks with Danielle Liss from Hashtag Legal and Businessese about understanding GDPR.
Last week on the podcast, Bjork chatted with Kate Kordsmeier from Root & Revel about how she generated a full-time income from her blog in just two years. To go back and listen to that episode, click here.
GDPR for Influencers
Have you heard of GDPR? It’s a regulation in the EU about data protection, and it affects everyone with readers in the EU.
These four letters are causing a lot of confusion and raising questions in our niche, so Danielle is here today to help us all understand its impact.
It’s important to understand the rules and regulations of GDPR so that we can protect ourselves as bloggers and business owners, but it’s also important so that we can protect the privacy of our readers. You’ll learn how to audit your site for compliance, the difference between different types of data, and how you might be collecting data on your site visitors without knowing it.
In this episode, Danielle shares:
- What GDPR is and why it’s important for influencers
- How you might be collecting data on your visitors
- The difference between personal and sensitive data is
- Why you should audit your site
- Why disclosing the information you collect might help your relationship with your readers
- How you can stay up-to-date on GDPR updates
Listen to the Food Blogger Pro Podcast below or check it out on iTunes or Google Play Music:
Resources:
- Google Security Checkup
- 099: Sponsored Content and Getting Paid What Your Work is Worth with Danielle Liss
- Hashtag Legal
- GDPR checklist on Businessese
- GDPR plugin
If you have any comments, questions, or suggestions for interviews, be sure to email them to [email protected].
Thanks to our Reviewer of the Week, Caroline! If you’d like to be featured, leave a review for us on iTunes and include your name and blog name in the review.
If you’d like to jump to the comments section, click here.
Transcript:
Bjork Ostrom: In this episode, we talk to Danielle Liss about the important but sometimes confusing GDPR regulations.
Bjork Ostrom: Hey, there everybody! This is Bjork Ostrom and you are listening to the Food Blogger Pro podcast. This podcast is brought to you by WP Tasty. What is WP Tasty? Well, WP Tasty stands for WordPress and WordPress Tasty. It is a tasty place for you to get your WordPress plugins. We started with a recipe plugin called Tasty Recipes and we have recently launched another plugin called Tasty Pins, which allows you to optimize for Pinterest as well as SEO.
Bjork Ostrom: As you know from listening to this podcast, we are at the point now where Pinterest says it’s really important to create super qualified and optimized descriptions for Pinterest. What does that mean? Well, it means a natural language description of what the post is about that is enticing and includes hashtags within the content, as well, because Pinterest is saying it’s important to start including hashtags and optimize for a keyword, as well.
Bjork Ostrom: So if the recipe is a chocolate chip cookies recipe, you wanna make sure that you’re key wording that in the way that it will show up on Pinterest. But the hard thing is with an image there’s also the alt text, which shouldn’t be optimized for Pinterest, it should be optimized for describing what the actual image is about, not the post that you are posting about, or in the case of a food blog, the recipe. It’s hard, because previously you just had the alt text or maybe the alt text and the title text for an image that you could use.
Bjork Ostrom: But with Tasty Pins, it allows you to separate those out and have something you can use just for Pinterest text as well as the alt text just to describe the image. We talk more about that at WPTasty.com/tasty-pins. A recent update also allows you to include multiple long images. So if you have a long image that you want people to see when they click pin on your post, but you don’t want those to show up in the post, you can use Tasty Pins to hide those images on your post.
Bjork Ostrom: The Tasty Recipes is for food bloggers that wanna optimize their recipes for search engines and for Pinterest as well. You can check that out at WPTasty.com/tasty-recipes.
Bjork Ostrom: Each week, we do a Tasty Tip. What is the Tasty Tip? Well, the Tasty Tip is a piece of advice for you as a content creator, as a blogger, as a business owner, for you to just do a little level up. It’s never anything that’s too complicated or overwhelming, but it’s just an opportunity for you to implement one small thing to help you do what you do a little bit better.
Bjork Ostrom: Today we’re gonna be talking a lot about data and we’re gonna be talking about rules and regulations and it might sound boring, but it’s actually really important and pretty interesting when you get into it. One of the tools that I talk about on this podcast is the tool or the site on Google, the area on Google, where you can see all of the different information that they have on you. That is the Google Dashboard. This is the dashboard of personal information and privacy-related content on Google.
Bjork Ostrom: One of the areas that is kind of cool is the security checkup on Google. You can get there by going to MyAccount.Google.com/security-checkup. We’ll link to that in the show notes. What that will do is it will show you the important security-related things for your account. You’ll either have a green check mark or you’ll have notifications or warnings about things that you need to implement and update. There’d be security-related warnings. For instance, maybe you don’t have two-step verification turned on where when you try and log in from an unrecognized device it sends you a text message with a six-digit code that you enter in.
Bjork Ostrom: It’s a really important thing to have implemented on sites that allow you to do that. This security checkup will walk you through the process of making sure that all of the different important security stuff for your Google account, if you have one, is up and running. Again, we’ll link to that in the show notes if you wanna check that out. It’d be a really important thing to do, especially for us people that are listening to this podcast.
Bjork Ostrom: Everything that we do is based online. It is all online content that we’re doing and our data is really important not only to understand how it’s used, which we’re gonna talk about in this podcast, but also to make sure that it’s secure. So if you have a Google account, make sure to use that security checkup to make sure that you are taken care of.
Bjork Ostrom: All right, today we are talking with Danielle Liss. She’s a Food Blogger Pro expert, which means that she is involved with multiple events that we do but she’s also involved in the community forums. One of the great things about the Food Blogger Pro experts is that we also get to have them on the podcast occasionally to talk about important relevant information and current events, like GDPR. If you’re not familiar with what that is, you’ll get very familiar with it as we jump into this interview with Danielle.
Bjork Ostrom: She’s gonna talk about what it is, why it’s important, what you need to understand with it. It’s gonna be a great interview. Excited to talk to Danielle. Let’s go ahead and jump in. Danielle, welcome to the podcast.
Danielle Liss: Thank you so much. I’m excited to be here.
Bjork Ostrom: Yeah, excited to have you back. So little bit of background for people that have not listened to previous episodes or who are not Food Blogger Pro members. Danielle is a Food Blogger Pro expert and she’s an expert in a couple different categories. So some of the things that we’re gonna be talking about today, but also this idea of influencer marketing and understanding that world, which falls into the category of negotiation and things like that. Can you tell a little bit of your background, Danielle, and how you have an expertise in this real specific niche that’s so helpful for people that are listening to this podcast?
Danielle Liss: Thank you so much. Yes, of course. I’ve been blogging for a really long time, and by been blogging I mean I do it like maybe once a year now.
Bjork Ostrom: Okay.
Danielle Liss: Right? I started in 2004, and it was always just a hobby thing for me. I’ve been a lawyer. I started in law school, actually so I have been blogging longer than practicing.
Danielle Liss: So when I was working in litigation I didn’t love it. That’s a nice way to put it. And I had this other second world of blogging that I really loved. It ended up that I started speaking at conferences and I left private practice to go work as Chief Marketing Officer and General Counsel for an influencer network.
Danielle Liss: So while I was there, I really got to know the influencer marketing space and this was 2011, 2012 is when I left to go work there full time. So influencer marketing was in its infancy at that point. At that stage, all brands cared about was we wanna be mentioned on 50 blogs.
Danielle Liss: Well, obviously the market has changed quite a bit and people are really talking more about engagement rates and things like that so I’ve had a chance to kind of grow up as the industry is growing up on both the legal side and on the marketing side so I’ve got a lot of, we also have a law firm called Hashtag Legal, so we have a lot of clients who are networks, bloggers, influencers, brands, ad managing networks.
Danielle Liss: So we’ve got this really diverse group that we work with so we’re really able to see it from all sides and help people grow and scale their influencer business just with some of the easier back-end tips.
Bjork Ostrom: Yeah. And we’re gonna be talking about something really specific within that niche, which is GDPR, this kind of potentially seemingly scary European Union set of rules and regulations that are going into play.
Bjork Ostrom: I wanted to take some time to talk about that, ’cause I think it’s important to know that it’s not just general law. Obviously people have a general law practice and would be able to serve multiple different industries and people, but you have this real specific niche. Love the name Hashtag Legal and idea being it’s kind of this influencer world. It’s people that are getting paid by using hashtags, right? So people that are listening to this podcast have a blog, they have social media, but now there’s all of these things that wrap around that, that are industry-related regulations.
Bjork Ostrom: And we need to be informed of these things in order to operate at a high level, which everybody wants to do. And one of those things is this GDPR and for those that aren’t familiar, can you explain what this is and why we need to be aware of this?
Danielle Liss: Absolutely. I think that most people who are US-based, probably haven’t heard the letters GDPR until, I think it was late February, early March, because that was when a date was attached to when you need to be compliant.
Danielle Liss: So GDPR stands for general data protection regulation and you will always hear people referring to it as GDPR. It’s a European Union law that’s taking effect on May 25th of this year. And the goal of the law is to give greater protection to somebody’s personal information. So it’s gonna place stricter requirements on the companies who possess personal data of those who are EU residents.
Danielle Liss: And this is where it gets interesting for US-based businesses, because if you are a US-based business who is possessing information about an EU resident, then you need to be compliant, because it can be for anyone who has the data from someone who is in the EU.
Bjork Ostrom: Got it. One of the things that you said was possessing information about somebody that would be in the European Union, so somebody in Europe, we’ll just say that to simplify. What does it mean to possess data? What does it mean to have somebody’s data, because I think a lot of bloggers would think, “I don’t actually have any data. I just have my blog and people come there.”
Bjork Ostrom: So what are some ways that people would be collecting data, maybe in a way that they don’t even know?
Danielle Liss: I think there are quite a few areas for bloggers that you may not even think about. So when we talk about, the information that they are concerned about with GDPR is personal information or sensitive information. So there’s two categories.
Danielle Liss: Personal information can be something like a person’s name, it’s that simple. A name, an IP address, their email address, things along those lines. So really, a lot of things that you’re doing as a blogger, something as simple as Google Analytics, if it’s capturing an IP address, can make you subject to GDPR, if you’ve got people from the EU who are visiting.
Danielle Liss: When they talk about sensitive information, that is things like somebody’s race or ethnic background, whether or not, what their political opinions are, things along those lines. Most bloggers, unless you’re doing a reader survey of some sort, I don’t know that most people are collecting that type of information. Heck, they even include genetic information there, I’m guessing most influencers aren’t collecting something like that, unless you’re talking about your results.
Danielle Liss: But for the most part, think about the things where you collect information. Comments, that’s both name, email address, sometimes it’ll register an IP address. You may have a contact form where people can specifically voluntarily submit information to you.
Danielle Liss: Or if you’re using affiliate marketing, there’s cookies. So cookies also come into play because it can be tracking behavior. And they look at tracking someone’s behavior, particularly like adding a cookie to the browser, as something that you need to get consent for.
Danielle Liss: So really this policy is all about making sure that if I was an EU resident, I’m just gonna use myself as an example. If it was me, and I’m going to your website and you are capturing some of my personal data, you need to get consent from me in order to do that.
Danielle Liss: That’s really the key, is making this about informed consent.
Bjork Ostrom: Mm-hmm (affirmative).
Bjork Ostrom: So one of the things that you’d said, and just for clarity, is this IP address. I think that’s a really important thing because a lot internet tools, whether that be Google Analytics, or oftentimes a email provider, will collect the IP address. And for those that aren’t familiar with what an IP address is, essentially it’s like an identifier for your, it’s like your computer’s home address. And that changes based on where you’re connected to the internet, so if I’m connected here at home, my IP address is gonna be different than if I’m connected at a coffee shop. But an IP address can be used to track people and it can be used to track people really specifically to a certain address or a certain location.
Bjork Ostrom: And so, essentially what you’re saying is anytime that any of this information’s collected, whether that be your name, your email address and IP address, these regulations around GDPR are saying we want to give more control to the consumer versus, essentially what’s happening right now, which is all of these companies, blogs included, our sites included that we run, are collecting this information without ever really getting consent from the user, so it’s a really big win for the consumer, in that it gives them power to have more control over their personal data, which, as we’ve seen with Facebook recently, this is a really important thing.
Bjork Ostrom: But then there’s this bummer for business owners, because now they have to deal with this. And a follow-up question that I have is, let’s say you’re a blogger or a business owner, and you don’t operate within the EU, will this still apply to you? Do you still need to take this into consideration or would you kinda shrug and say, “Well, they’re not gonna do anything so I don’t need to worry about it.”
Danielle Liss: The way that I look at this. I’m gonna compare this to the FTC. And say remember when the FTC revised their requirements and everyone freaked out about disclosure and then everybody said, you know what? I still don’t have to comply, because they’re not prosecuting bloggers.
Danielle Liss: And then they started sending notices to bloggers. No one wants to be first, because you can be fined. And I think that that is something, it’s important to remember. Do you really wanna take the chance? You can weigh the risk and make determinations.
Danielle Liss: But the penalties for non-compliance, they vary depending on the severity of what you’ve done. The maximum fine can be 4% of your annual global turnover, or 20 million Euros, so it’s a pretty steep fine. Do I think that most bloggers are gonna fall into that sort of really high fine data abuse category? Probably not, but complying isn’t gonna be that difficult, so I don’t want people to just kind of shut down and say, “I’m not gonna do it.” You know when you’re covering your ears when you’re a little kid and saying, “No!”
Danielle Liss: I don’t think that it has to be that bad, and quite honestly, I will be extremely surprised if we don’t see states here adopting similar measures. Because California requires privacy policies, so I would not be surprised to see California add on to that and put on some type of data protection layer.
Bjork Ostrom: Yeah. It’s interesting to hear in some of the Facebook hearings, when Mark Zuckerberg, the CEO of Facebook was testifying before multiple different, he was before congress and some other, he testified in some other places as well. But he would often, or I think he had said, don’t quote me on this, but that Facebook, with GDPR, they will be applying that not just in Europe, but across the board.
Bjork Ostrom: And so that kind of lines up with what you’re saying, where I would assume for some people that are implementing this, they might just blanket implement that, especially some of these bigger companies.
Bjork Ostrom: Related to that, would it be possible, or would it be recommended for let’s say, a blog that is maybe a solopreneur or somebody that has maybe a couple team members helping, so a small business, maybe they don’t have a lot of resources and they’re concerned about implementing a bunch of these things and the impact it would have on maybe traffic, or they’d be worried about people not coming to their site if they implemented some of these additional check boxes and things like that. Would it make sense just to apply this, the updates and to adhere to some of the regulations just in Europe by setting certain settings within a plug-in to say only apply this to anybody that’s coming from Europe? Or right now, would you say you should blanket apply this to every person that comes to your site?
Danielle Liss: If you have the ability, through a plug-in, to say show this to EU members or residents, then yes. I think that you can do that. I think it gets a little bit tricky because anyone who is in the EU is meant to be protected by GDPR. So I could be living there for six months for a work project and then I’m considered subject to that.
Danielle Liss: So you just wanna be careful to make sure that you are capturing everybody that needs to be captured, but yes, I think that if you have that ability, you can do it. Because I know there were, if you’re familiar with it, the EU also passed, maybe a year or two ago, the EU cookie wall, which I think was the precursor to GDPR. And it was essentially saying if you use cookies on your site, people need to give consent before you do that.
Danielle Liss: I’ve been to many sites that are owned by EU companies that will ask me to opt in for cookies, I click a box and I go on my merry way and you can access the content. So it doesn’t typically have to be a big deal, but check, ’cause I think that what you said is really important. When you’re a small business, this kinda thing can be really hard and overwhelming so take a look at the resources that are available to you and the first thing that I recommend, do an audit of what it is that you’re doing that makes a difference.
Danielle Liss: If the only thing that you’re, if you don’t have an email list that you have people opting into, if the main things that you’re looking at are comments and a contact form, probably you can easily take care of those by doing just a checkbox. You may not need overlays.
Danielle Liss: The overlays are really going to be if you are capturing information about people, like their IP address, that is not anonymous. So I believe that Google has different settings where you can anonymize the data there and if you’re doing that, then you don’t have to disclose for Google Analytics, so it really comes down to what else are you using cookies for that might capture the data. Are you doing affiliate marketing? Do you have a Facebook pixel installed? So take a look at what you’re doing and who you’re sharing information with and then you can kind of back into it and say, “Okay, this is what I need based on the features that my website has.”
Bjork Ostrom: Got it. So let’s do this. Let’s take it from a high level and then kind of drill down piece by piece to look at it. At the highest level possible, you talked about this a little bit before, but just in a little snippet, what is the European Union trying to do with implementing GDPR?
Danielle Liss: So with implementing GDPR, they wanna give greater protection to a person’s information by placing stricter requirements and making sure that the people whose information is being collected have greater control over how it’s collected, stored and used.
Danielle Liss: One of the things that they have, for example, is the right to be forgotten. So someone should be able to email you and say, “I don’t want you to keep my stuff.” And you may have to retain some records for legal reasons, but they want people to have the ability to say, “I don’t want you to have my file.” Or people can have the right to access it. So they can say, “What do you have about me?”
Danielle Liss: ’Cause I think that what you’re saying particularly about Facebook is so important, because I think that we’re in this industry, right? So we know how much data is being collected on a regular basis about us, but I think that people who aren’t necessarily in this space, they have no clue. Like I still get questions from my mom like I went to this website and I looked at a thing and now Facebook is talking about it-
Bjork Ostrom: Yes. Yeah. Following me around, yeah.
Danielle Liss: Are they following me?
Bjork Ostrom: Yeah. Are they listening to me through my phone?
Danielle Liss: ’Cause they’re a person and they can do that kinda thing. But you know, I think that people still have those questions and they may not be as savvy, so this is really to make sure that people are aware.
Danielle Liss: I know that the Facebook pixel is on half of the websites that I go to, have at it. Just be cautious with what you’re giving permissions for.
Bjork Ostrom: Yeah. It’s interesting, Google does this in a way, where you can go to your dashboard, your Google dashboard, which is Myaccount.google.com/dashboard if you have a Google, any type of Google product. And then there’s all of these ways you can see all of the different data that they have, so you can go to an area that’s called My Activity, and it shows you all of the information.
Bjork Ostrom: What’s interesting is like for me, I scroll through this and it shows me my search history and so I have a bunch of information on GDPR here, so they know that I’ve been looking at GDPR, but then it would also have anywhere I traveled, because it’s hooked into Google Maps and you start to realize, okay, it knows all the videos I’ve watched and so there is a lot of this data that people have.
Bjork Ostrom: But it makes sense for these big companies, because the Googles, the Twitters, the Facebooks, we understand those as data companies, but for a blogger what would be the categories that we need to be aware of that could potentially be collecting data? You had mentioned a few of those-
Danielle Liss: Mm-hmm (affirmative)-
Bjork Ostrom: … affiliate marketing, there’s a pixel, and for those that aren’t familiar, a pixel is a, it’s literally a tiny little photo, it’s a 1X1 pixel that technically shows up on your site, but nobody sees it, but they have that there to collect data. So Facebook has one of those and Google tracks information for Google Analytics.
Bjork Ostrom: What are some other pillars that people need to be aware of that could be collecting personal data? So we’ve looked at the reason why, now we’re going to the next level and saying, where does that exist for bloggers?
Danielle Liss: Sure. Google Analytics, I think is, like you said, I think that’s probably gonna be the most common one. I think that Facebook pixel, any type of tracking pixel that you may have. And the one area that may not come to mind for people, that I definitely wanna make sure you’re thinking of as a blogger, is sponsored content, because a lot of companies, if you were doing sponsored content, if they say you need to embed this link so that we can track your results, you need to find out what’s being tracked, because if an IP address is potentially being captured, then you would wanna make sure that you were disclosing there.
Bjork Ostrom: Yup.
Danielle Liss: I think the other big ones to think about are the places that you really think of as voluntary, like your email opt-ins. People are obviously signing up because they want to, they’re giving you their email address, and people are probably thinking if they just click on submit, doesn’t that mean they know what’s happening?
Bjork Ostrom: Mm-hmm (affirmative)-
Danielle Liss: Not necessarily. You know, I’m always gonna pick on my poor mom in this, but she has no clue what’s happening when she puts her email address in. So make sure you’re getting consent. I think comments and contact forms are probably two easy ones to cover. Make sure you’re being clear. I’m collecting this data for purposes of communication. If you don’t wanna submit it, make sure you’re clicking here to say you accept the fact that your information may be stored, and for comments, it’ll be displayed publicly, right? So people need to know that what they’re entering, not their email, but their name or if they put a URL in, that could potentially be listed on somebody’s website.
Bjork Ostrom: Mm-hmm (affirmative)-
Bjork Ostrom: So yeah, go ahead.
Danielle Liss: I would say also, depending upon where you are in your business as a blogger, if you have any products that are for sale, that’s also gonna be a big one that you want to make sure people understand what you’re collecting and that you’re probably in most cases, also using a payment processor like Stripe or PayPal or something along those lines so not only are you keeping the information, you’re also gonna have third party service providers that are involved in the process as well.
Bjork Ostrom: Got it.
Bjork Ostrom: So one of the questions that I have, and I would assume some other people have, is a lot of these things involve a third party, so it’s Google Analytics, it’s Facebook, it’s maybe an email provider that’s doing the opt-in. Do I need to be the one, or do we need to be the one that is making these updates and changes or will we be able to lean on some of these services to make sure that they are adhering to these rules?
Danielle Liss: From what we are seeing, we are gonna be able to lean on a lot of the bigger services, which I think is fantastic. Our businesses use ConvertKit, so we’re getting the emails from them and they’re sending out things saying we’re going to have GDPR tools available, which I think is fantastic that they’re offering this level of support and people would be able, I have not gone that deep into it yet, but I believe that you’ll be able to select, I need to get a consent box here, I need to do that. So definitely look at your third party service providers.
Danielle Liss: You still have the obligation that would be on you, because you are the point where the data is being collected, so make sure that you are still getting that consent, but I think that the tools that we use, they’re going to make it easy for people to give that consent.
Bjork Ostrom: Got it.
Bjork Ostrom: And that’s something that you’ve mentioned a couple different times, and I feel like that’s something we can drill down into next.
Bjork Ostrom: So we talked about high level, why it’s happening, then what the different buckets are that it impacts. Google Analytics, Facebook pixels, email opt-ins, comments, comment forms, products where you’d be collecting information.
Bjork Ostrom: You had mentioned cookies and the idea of tracking along the way and then we have said a lot of these services will hopefully provide some way for you, either they’ll aid you in doing it, or maybe they’ll implement something that will take care of it. But for the areas that that wouldn’t happen, how do we know as influencers, content creators, bloggers, how do we know that we’re covering ourselves? To make sure that we’re checking off all the things that we need to and this maybe be a good place to mention the checklists that you have and where people could download that.
Danielle Liss: Mm-hmm (affirmative).
Danielle Liss: We have put together a checklist that you can find at Businessese, that’s business with e-s-e at the end of it, dot com, slash, GDPR. And our goal with the checklist was to make sure that people can kind of look through all of their main areas and say okay, this I need to do here, this I need to do here.
Danielle Liss: What I recommend, very first step, to make sure you’re compliant, do that audit. Look at what you have on your site and see what information is being collected and honestly, this might be a good time for you to do some plug-in clean up. If you realize I haven’t used this thing in a million years, but it’s still sitting there, potentially collecting something, it’s a good time to delete it and maybe it improves your site’s speed at the same time. Fantastic, right? Bonuses.
Danielle Liss: So go through your site, see what is there and then look at it sort of step by step. At what point is your audience member seeing what you are doing? Because I think that there’s, for me, there’s two different classes here. I think one of the biggest pieces is voluntarily-submitted information. If it is not happening the second somebody comes to your site, you can ask them for consent at the time you’re collecting that information, so you can do it on your comment form. You can do it on your contact form. Whatever it is that you’re doing.
Danielle Liss: Or if, for example, like Food Blogger Pro is a really great example. A membership site. You definitely wanna make sure that you are getting that permission, so they know you’re storing this information. Do you use a third party host for that? Are you using Wish List and Wish List might have access to personal information? Just be clear about what they’re giving authorization for.
Danielle Liss: The second piece is look at who is collecting information via cookies. So this is gonna be things that are tracking your affiliate programs. And look at your affiliate programs. Find out from the ones that you are using, what it is that they capture. And then just put on your consent, I recommend, find a plug-in that you like. One that we have looked at that seems to have a lot of really great features is the GDPR plug-in. And you can set it in a bunch of different ways so that it can add a simple overlay that says, “We use cookies for the following.” And you got the approval, then they can go into the site.
Danielle Liss: So it doesn’t have to be super complicated.
Bjork Ostrom: Got it.
Bjork Ostrom: So the plug-in to mention that, we will link to that in the show notes. You can also get their book going to WordPress.org/plug-ins/GDPR. And to continue our drill down to get into more specifics, one of the things that you said that I think is a really good thing for people to understand is the two types of information that people would be submitting.
Bjork Ostrom: One would be with their knowledge and the other would be without their knowledge. And if they are submitting information without their knowledge, like you said, cookies or tracking or anything like that, there has to be an opt-in before that happens. So if somebody comes to your site and you’re collecting IP information, you would have to say accept.
Bjork Ostrom: Then the other would be somebody knows that it’s gonna happen and in that case, they would have to check a box to say okay. This is all right. One of the solutions is using something like this plug-in that allows you to build in this information and add this.
Bjork Ostrom: With this plug-in specifically, do you know, is this able to track location of where people are and only show it to certain people or is this kind of generically showing it across the board?
Danielle Liss: That I have not had an opportunity to dive that far into it yet.
Bjork Ostrom: Sure. Got it.
Bjork Ostrom: And one of the other things you had mentioned was that it’s possible to anonymize data, so let’s say Google Analytics, instead of collecting data, EU-related data that has personalized information, you had said personal or sensitive. Instead of collecting that, you could just anonymize it. So the other option would be, instead of getting consent to collect, it’s just not collecting the data in the first place. Is that right?
Danielle Liss: Yes.
Bjork Ostrom: Got it.
Bjork Ostrom: I know some people will be thinking this, because let’s say they’re early on and they’re just getting started with their site and maybe 90% of their traffic is let’s say from US and Canada, would it ever make sense to say I’m just too scared of doing this? I’m just gonna block all EU traffic, have you ever heard people talk about that or think about that or do you think that’s too drastic?
Danielle Liss: I have heard people talking about it this week. Especially this week and I think that that is a decision that you can make for your business, because if it’s not something that makes sense for you and you don’t want that traffic, and you have the ability to block that from viewing your site because you don’t want to do this, then absolutely. If you have the technological ability to do that. I think that for some people, it can depend on what you see in an audit.
Danielle Liss: If you found that you had like half your traffic coming from the EU, do you really wanna turn that off? Maybe not. But if you find that it’s like .5% of your traffic, maybe it does make sense for you. So I think that, I really do recommend that you make an audit as that first step so that you have a good idea of what this means for you and your business.
Bjork Ostrom: Yeah. Got it.
Bjork Ostrom: And the audit again is going through, looking at that checklist that you talked about and saying where are these different areas that I’m using any of these different things? Contact forms, comments, some of the other things you had mentioned, affiliate marketing and then saying what then do I do with that knowing that I’m using it?
Danielle Liss: Exactly. Just have a good idea of what it is that you collect and then you can make an informed decision from there, because for some people, if you’re making $2 a year off of an Amazon link in an old post somewhere, do you care that much? Is that $2 worth making it compliant or would you rather just take that off so that you don’t have to deal with any of the cookies that they would be using?
Danielle Liss: So I think for some people, it’s going to be, figure out what you have and then make a business decision from there about what makes the most sense for you moving forward.
Bjork Ostrom: Got it.
Bjork Ostrom: And our take with it, in terms of the different types that we have and businesses, if people are interested is to say what’s the low-hanging fruit and how can we immediately start moving on that. Knowing that it might not be possible for us to get to 100% right off the bat, but we wanna be chipping away at this, and starting with the things that make the most sense.
Bjork Ostrom: For us, those would be, the first place we’d look at, and we haven’t done this yet, but Google Analytics and saying how can we address the issue of collecting data and information with Google Analytics. They just recently sent out an email which we can create a PDF of that if people wanna see it, if they missed it. And link to that in the show notes as well, about how you can address GDPR within Google Analytics.
Bjork Ostrom: And some of the other things for us would be email. That would be another low-hanging fruit that we’d be able to implement some of those check boxes, like you said, to let people know the information that will be collected when they are opting in to a list that they are subscribing to.
Bjork Ostrom: The other thing that we have realized that we’ll need to change is with one of the tools we use, it’s called Intercom. It’s a chat exchange that we have with people that chat. It’s not a chat bot but it’s a chat widget or app, is people will oftentimes enter their email addresses after chatting back and forth and that’s technically not an opt-in to then get emails so we need to treat those email addresses differently than we would if somebody were to be manually opting in and saying I wanna subscribe to this or be a part of this email list. So that was a conversation we were just having today.
Bjork Ostrom: One of the questions that I have. This is kinda going back a little bit, but is it possible for a country or would it be possible for the EU to sue a blogger? Is that something that exists or vice versa, would it be possible for the FTC in the US to sue somebody in Europe?
Danielle Liss: I think that they can ask for compliance, so yes, US companies do need to be compliant if they are collecting data from an EU resident. And I think that that’s really the key is are they collecting the data from somebody who’s there, because there can be an argument that you’re availing yourself of that jurisdiction by going to get data from the people who are there. I don’t know that we’re going to see a lot of it. The piece of it that concerns me the most for bloggers is when you look at something like the FTC, they use everybody in the chain of an advertisement. And what that means is you could be hired by a really big company, really big company tells you very specifically in your contract, you can’t disclose, and they then hire you. Even though really big company told you that, you’re still liable for it. My biggest concern in terms of bloggers is what if under GDPR, they decide to use Facebook as a target and they say anybody who wasn’t disclosing the Facebook pixel is going to be investigated?
Bjork Ostrom: Sure.
Danielle Liss: That would be my biggest concern for bloggers starting out. I don’t think that bloggers are the focus of this, to start. I don’t think that this is, I think that most bloggers are, think about it, 4% of your revenue. I think that we see a lot of pro bloggers who are making $100,000. So I don’t know how much they’re really gonna jump through hoops to try to get a $4,000 fine. I think that they are gonna be looking at the much bigger data handlers, like a Facebook or something along those lines. I think it’s always smart to be compliant, particularly if there is the potential that this would be adapted by other countries. Better to get on it now, than to ignore it.
Danielle Liss: But my view on it is, do you really wanna be, do you want that risk? And for some people, they don’t care at all. But for me, I will always say do the compliance, get on there, because quite honestly, I think that right now, particularly given everything that has happened with Facebook, people are scared of data collection. I don’t think that it’s transparent to people who are not in the industry, who don’t just know what’s going on, so I think that it’s something that, to me, I trust it more when people are honest about what they’re doing and what they’re collecting, so I think that it can be a good thing between you and your audience. Tell them what they’re signing up for. You don’t want tricks, because then you’re not getting the right people anyway, so as long as you’re honest and straightforward about it, I think that that adds a layer of trust between you and the people that you are, that are your viewers.
Bjork Ostrom: Mm-hmm (affirmative).
Bjork Ostrom: Yeah. It’s interesting. It has to be done in a way that really, clearly communicates, which is, blogging right? It’s communicating clearly. I just had a situation recently, where it was one of my dad’s friends, I connected with him.
Bjork Ostrom: I’d built a pottery site for my dad and he went and looked at the privacy policy and he’s like, he followed up with me, and he’s like, isn’t this overkill? And it was in response to some of the Facebook stuff that had been happening. He’s like aren’t you gonna scare people off by all of this data collection that you’re doing? I was like, we have to have that in there if we’re using Google Analytics.
Bjork Ostrom: It’s just a simple tool that we’re using, but the reality is, it’s collecting a lot of information, and I think that will be one of the hard things with this is the fact that you will be potentially telling people that you’re collecting data about something that they might not fully understand and therefore, I wonder if that will impact their response to whatever it is that they would do without having that information, which is a little bit of the opposite of what you’re saying and I’m not completely convinced on it yet, but I just wonder how many people fully understand what it is, whereas you and I feel very confident about like cookies. We know that’s happening all the time, but I wonder for people that don’t know that, once they do know that, if then they’ll be hesitant about interacting with whatever it is that product or email opt-in or whatever it might be. You have any thoughts on that?
Danielle Liss: So when it comes to whether or not people may shy away, I think that that is definitely a possibility, but I think that we are at a point where people are starting to understand data more and if they realize every single site I go to is asking me for this, this is not a grand conspiracy, because I can tell you, I pick on my mom constantly. I’m gonna pick on my dad here for a moment. My dad is the ultimate conspiracy theorist so he’s gonna think that there is a plot, because he wants to look up something very, what he thinks is something very simple and I’m just like, “Dad, it’s okay. It’s not a big deal.”
Bjork Ostrom: Yeah.
Danielle Liss: But I think that one of the things that’s really important about GDPR is they want clear explanations. They don’t want legalese, which I think is really important. You don’t wanna just refer somebody and say we collect data. Go here to find more. And then it’s like this ten-page document that’s super chock full of legalese, they want clear statements as to what you’re doing and how you use the data. You can always refer people to your privacy and say if you want more, go here. But what they want is simply for you to say we collect, we may place a cookie on your browser so that we can help your experience with the site.
Bjork Ostrom: Mm-hmm (affirmative)-
Danielle Liss: That might be for something as simple as display ads. We track your behavior, we track if you click on something, we track to help the user experience. If people are really reading it, I think they’ll be like, “Oh, okay.” I don’t see any issue with that. I think that for some people, if they’re my dad, yeah. They may click off of it, but I think for the most part, we are in a period of, I don’t think it’s just up to us to educate, I think people are seeking out more information on data to find out what’s happening, what’s being used.
Danielle Liss: How long have grocery store cards been a thing, like decades, right? They are just the most massive data collection out there. Was it Catalina Nielson, I think? So it’s another level, and I remember at one point, of course my conspiracy theorist dad was just like, do you know what they’re collecting with your grocery store card? And I’m like, I’m okay with it. I want my discounts and I think that we’re going to enter a similar phase right now with what people are doing online and an understanding about exactly what it is that we collect, because everything’s been really like smoke and mirrors for a while, right?
Bjork Ostrom: Yup.
Danielle Liss: So the more people start to understand it, the better. And I think that by using very clear non-legalese type language, to be honest with people about what we’re collecting, that’s good. There shouldn’t be tricks. I’m all for people being transparent and saying I’ve got a Facebook pixel on here so that I can send you ads.
Bjork Ostrom: Mm-hmm (affirmative)-
Danielle Liss: Be honest about what you’re doing. We’ve gotten to this sort of mentality where everybody’s like, I have this special free offer for you. Do this thing, or take this webinar. Where I think that we all know what’s gonna happen, and it’s gonna be a sales pitch, but I don’t think a lot of other people are clear that when they sign up for the one free thing, they’re gonna be put into a funnel for a whole lot of other things. So the more that we can be clear about what our intent is, I think that we are going to, I honestly think we’re gonna see probably fewer unsubscribes, because people are very clear about what they’re signing up for and I also think that we may see better results, like better conversions because again, when people know, you’re gonna have a better opportunity to target your actual customer instead of just throwing a net and hoping for the best.
Bjork Ostrom: Right. Yeah, it’s similar to, and you had mentioned this before, but with any affiliate marketing. Disclosing that so people know, so and to that being a positive thing. It builds trust and it’s clear communication. In general, moving towards an internet where people understand better and better what’s happening with their data, which is a good thing and we see that as being such an important thing, especially with all this stuff with Facebook happening and listening to that unfold. So very interesting. Very important and also complicated. It’s not an easy topic and for people that want to stay in the loop on this stuff, but not necessarily as in the loop as you are, ’cause you need to be super in the loop, what is the best way for them to stay up-to-date on it? Do you have an email list where you update about this or do you post blog posts about it? We mentioned that checklist that you have, as well.
Danielle Liss: We do. Where we are keeping everything up-to-date. We are trying to keep businessese.com/GDPR as our hub, as a place where people can get information. We have a link to a podcast episode we did. We have a link to the checklist, if people wanna download that. But we’re also gonna do some very specific tutorial type of posts that we will, once those are published, link there, as well. Because we wanna make sure that if people have questions on how to anonymize their data, honestly, I didn’t know the word anonymize was a thing, until like a week ago.
Danielle Liss: So when we’re talking about doing things like that, we wanna make sure that people have easy explanations that don’t get just covered and covered in layers of pieces that they can’t understand. We’re trying to make sure that we’re cutting out some of the confusion. So that’s what we’re really gonna be using as our hub to try to put as much information as we can together on GDPR, to take some of the overwhelm out of it for people.
Bjork Ostrom: Awesome. That’s great. And we’ll be sure to link to that so people can see that. Danielle, as people wanna work with you, if they wanna know what you’re up to, what’s the best way to get ahold of you and to check out what you’re doing online?
Danielle Liss: Absolutely. Either businessese.com or Hashtag-legal.com
Bjork Ostrom: Awesome. Great. Danielle, thanks so much for coming on the podcast. Super fun to talk to you. Thanks for being a Food Blogger Pro expert. We really appreciate you and it’s fun to connect, as always.
Danielle Liss: Thank you so much.
Alexa Peduzzi: Wow, what an episode right? Danielle shared a lot of really important and helpful information in this episode so if you have any questions, I highly suggest you check out businessese.com/GDPR, and that’s where you can download the checklist for your GDPR efforts and stay up-to-date on all things GDPR.
Alexa Peduzzi: And now it’s time for the reviewer of the week, and this one comes from Caroline. And it says this podcast is full of pithy, valuable information for both newbie and expert bloggers and entrepreneurs. Bjork does a great job of asking the right questions and getting pearls from his many guests. As a person with a week-old blog, I’m getting so much value out of the 10 to 20 episodes I’ve heard so far. The variety of focus is amazing, too. Marketing, writing, food styling photos, et cetera. Keep it coming.
Alexa Peduzzi: Thank you so much, Caroline. And we’re so glad that your have started your blog and have found the podcast helpful in your blogging journey. And if any of you out there have any recommendations for any upcoming episodes, we’d love to hear it and you can submit your requests at foodbloggerpro.com/podcast/request.
Alexa Peduzzi: And from all of us here at FBP HQ, make it a great week.
The link is broken on the GDPR plugin. Is it possible to update? I’d love to make sure I am looking at the one you guys recommend.
Hi, Stephanie! It’s working for me! Go ahead and try it again. If that doesn’t work, here’s the direct link: https://wordpress.org/plugi… It’ll take you to a page that looks like the attached image. 🙂 https://uploads.disquscdn.c…
Awesome! Thank you.
It’s this link I was trying – https://uploads.disquscdn.c…