What does GDPR mean for bloggers?
I had originally had my posts all set and planned out for this week, but after seeing so much mis-information being spread online about how GDPR will affect bloggers, I really needed to step in. Unfortunately for everyone I know I am not rendered speechless much, but after reading some of the absolute nonsense online I really was. In case anyone wonders why I class myself as such an authority on this I work as a programmatic media buyer for an advertising agency – so I have had to familiarise myself with GDPR pretty well. So here are some of the main ways bloggers think GDPR is going to affect them, and how it won’t.
Mailing lists are a wonderful addition to blogs. I love getting an email to say someone has subscribed.
“So and so has recently subscribed to your blog”
So I go in and have a look to find the person and then subscribe back. One thing I noticed a while ago though, was that I didn’t get given their actual email address.
Funny that isn’t it?
That is because WordPress hold their data. When I update my site and add in my subscribe button that is where my responsibility ends. Think about it. Do you ever recall seeing a huge list of email, IP addresses and names of people subscribing to your blog? No. That is because you do not own this data. WordPress or Blogger or whoever you host your blog with own the data. Unless you go around with a pen and pad collecting email addresses and then manually keep them on a spreadsheet and email your blogs to everyone personally every time you write one – you are NOT the data controller. Big companies like WordPress, Google and Blogger will already have appointed their data controllers, be well aware of how GDPR will apply to them and be working hard on updating their privacy policies.
If you are using WordPress.org or another blogging website, it is more than likely they still hold all of the information like email addresses and IP’s in their platform. Therefore, it is their responsibility to keep it safe. Unless you actively put a retargeting pixel on your WordPress page or blog you do not need to warn users about cookies, because you are not collecting any.
Just because you put that box on your blog it does not mean that you own the data. You don’t. Data is valuable and companies are not that stupid. Comments are the same. Although you are given the email and IP of anyone who comments – this is information that is stored and kept secure by WordPress.
Cookies, IP Addresses, Adverts etc
This is where it gets a bit harder to explain. The reason big publishers are making so much noise about GDPR is because it is going to impact their advertising revenue. But this is because advertising on huge websites like the Daily Mail works in a COMPLETELY different way to affiliate or throwing in some Adsense on your blog.
Although programmatic is what I do day to day I still find it hard to explain. I am going to try my hardest so that you all understand the difference between being a data controller and not being one.
So say I’m the Daily Mail right?
First of all, sorry for all of the shit I print.
Second of all, I have all of this lovely advertising space on my website to sell. Let’s take the big banner at the top above Kim Kardashians tits. You see that one is classed as “above the fold” so is worth quite a bit.
But how on earth do I sell this?
Not many internet users are savvy to this, but there are things working in the background called ad exchanges. An ad exchange is basically a way for people and companies to buy and sell advertising space online.
So the Daily Mail use something called an SSP (supply side platform) and put their little banner space out to the open real time bidding exchange for people using DSP’s (demand side platforms) to bid on that space. Whoever wins the auction gets the space and the advert is shown. This all happens in milliseconds before the page has even loaded.
Now have you ever been browsing about on the internet and thought “HOLY SHIT HOW DID THEY KNOW I WAS LOOKING AT HOLIDAYS TO MARBELLA?”.
This is all down to cookies. Say I am a holiday website. You have clicked on my advert on the Daily Mail website, visited me but not booked anything. Good job I have set up a pixel on my website that collects a cookie when you visit. This now means that when I am buying my advertising space on the open exchange I can actually select to retarget you as someone who has visited my site before.
Clever stuff isn’t it? But why am I telling you this?
I am telling you this to show you that if you use Adsense or another third party to monetise you are in NO WAY obligated to register as a data controller. GDPR is meant to regulate huge publishers that sell their advertising inventory on the open exchange, and big brands and ad agencies that bid for the space. Unless, as a blogger, you are selling impressions on the open ad exchange through an SSP (which if you are I salute because you need a LOT of traffic to make that financially viable), then you are not the data controller.
If you use Adsense, it will be Google that collect the data, Google that store it, and ultimately Google who decide what to do with it. It is the same with WordPress and Blogger. WordPress and Blogger collect cookies from people visiting your site and are ultimately responsible for how they process it and what they do with it. Blog hosting sites are not stupid. The data of the people having a nosey around your blog is a lot more useful to them than it is to you – trust me, they wouldn’t let you be in control of it for all the tea in china.
Competitions, Giveaways, Email List Etc
Again, if you are using a third party plug in to collect any data from competitions, giveaways and email lists this falls down to them. You only need to register as a data controller if you go around manually saying to someone “give me your email address’, then adding it on to a spreadsheet and using it for something in the future.
If email addresses are collected through Mailchimp or another third party plug in or widget then they need to comply with GDPR. All of these companies have been aware of GDPR for years and have been hard at work preparing for it. It’s the same for your Gmail. If you have a list of contacts or emails in your Gmail this is in a securely hosted platform. Gmail would have thought about how GDPR effects them a LONG time ago and will be putting policies and procedures into place to make sure they comply.
The Bottom Line
I honestly can’t believe how much scaremongering has gone on and how worried bloggers are becoming over this. I don’t advertise on my blog but I know a lot about how it all works and literally 99% of what you do as a blogger is hosted by third parties who own the data. Unless you are selling your advertising space directly to the open RTB exchange you are not the first party data owner. Any data collected through WordPress, Blogger etc like emails isn’t actually collected by you as an individual, it is collected by them as a company.
Also when GDPR comes in they are going to have a lot bigger fish to fry with publishers and advertisers that are non-compliant to be worrying about people like bloggers. Unless WordPress, Blogger etc make a massive, MASSIVE error with their own compliance, GDPR will not effect you.
Please PLEASE can you just all calm your tits about this and stop thinking you have to register as a data controller. If anyone is still worried and wants a more detailed explanation of how it all works, feel free to reach out on Twitter.
Handy Privacy Policies