GDPR & WordPress

Posted on by LittleFears

Grr. I’m pro-GDPR. Data security and privacy are concerns of mine. But how the piss-feckery did Facebook and the like think they were going to continue to abuse peoples data without something like this having to come into force.

We, good people of the EU, are missing American websites today. Sorry about that. Also, Facebook, within 24 hours, haha, bloody ha.

For most of the internet, nothing changes. We just need to to have a few more warnings and we all need a privacy policy. For my self-hosted WordPress blog friends, being compliant is easy. Open Jetpack. Click the banner at the top about EU & Privacy. Fill in the privacy policy page template (takes 2 minutes) and you’re done. That’s it.

The only way that gets more involved is if you collect data and do anything else with it. Such as “download my free ebook, gimme your email address,” then add people to mailing lists. Or storing data outside of WordPress. Or if you’re collecting data and doing nefarious things with it. If you are collecting data and doing nefarious things with it, please stop. You’re being a dick and fucking it up for the rest of us.

To read my privacy policy, click here. It’s the WordPress template, with my email and web address on.

An edit to add, GJ’s description of how she summoned cookies and a privacy policy on the WordPress.com personal plan.

On a the personal plan site you navigate to the customise section, then go to widgets, select a section you want to add the privacy notice to, I used the lowest footer, footer 3. Select the consent and privacy widget, then update the details as required, setting how the banner reacts and the address of your privacy policy and publish. Done.

You can drop Gareth a thank you over at http://gjstevenscom.wordpress.com/

 

Another edit to add a tip from Aimer.

For anyone else on WordPress.com… WordPress adds the cookie banner automatically. If you add the cookie widget yourself, the banner never closes. Deleting the widget solves the problem.

You can drop Aimer a thank you over at https://aimerboyz.com/

91 thoughts on “GDPR & WordPress”

    1. If you’re on self-hosted WordPress, just click the banner on the Jetpack page. Sets up the page for you and everything.

      Like

  2. Self hosted wordpress sites may very well store data outside of wordpress since they use an external database server like mysql or mariadb. That sentence “storing data outside wordpress” would seem on face value to cause problems for those folks with self hosted wordpress. I will ask my friend Jonas though since he has recently taken down his blog due to concerns with the GDPR regs.

    Like

    1. Good point. But if you’re running comments through JetPack, it’s all stored on their server isnt it? I’m sure I’ve moved website and pulled subscribers and comments across direct from WordPress.

      Like

      1. Well, seems to me if you have a self hosted wordpress site that comments and posts are stored in an external database that connects over a regular IP port to wordpress. The database server may be on the same system or it may not but the actual source of information is not wordpress. WordPress does not archive or keep any information like this as far as I know. It makes a database connection to either an external or internal DB server where the data is actually stored. This is only for self-hosted wordpress sites. I am not sure how wordpress.com does all this but I suspect there is some cluster of DB servers behind the wp.com domain.

        Like

      2. WordPress keeps dropping you into spam. Sorry, naughty Akismet.

        In that case, it’s still possible to put a note in your privacy policy stating where data is being stored (at the bottom of mine I have a link to Penguin Host). The use of data is not being changed, just the location it’s stored. Could include a link to the hosts’ privacy policy too. Surely that would cover it?

        Like

      3. I’m not sure. The part that is concerning is that the data itself. Posts. comments, etc are not really stored in wordpress at all but in a database server. I’m not sure what that means or if it means anything at all. WordPress and plugins are just a bunch of hosted files. The file wp-config.php in a self hosted wordpress installation tells wordpress where to connect to a database server, its hostname, user, and password information. How wordpress.com does this is beyond me since we are shielded from all that.

        Like

    1. Howdy Charlotte. You have comments and subscriptions turned on. That means you’re not exempt. Are you self hosted or WordPress.com hosted?

      Like

      2. Excellent. For privacy policy, copy paste mine. Stick a link to it somewhere. Change email, site name and Web host to WordPress.Com.

        Like

  5. I’m also pro but it’s ridiculous. So far, I have received so many emails from places that I’ve never heard of but that somehow have my address… which is funny in a way because it shows they have collected my data, data that now they’re “trying” to protect.

    Just tried to work and saw websites that can’t be accessed, lol.

    The sad truth is that self-proclaimed fake humanitarians like the FB “genius” keep making money out of scandals. Btw, was pretty shocked that he owns Instagram… and in the end, I might delete them all.

    Thanks for your post anyway!

    Like

  6. I am in the US. This is why I bailed on Facebook. I don’t think I am smart enough to collect data. I am sure I am not nefarious, last I checked. I also noticed I could not post until I “agreed & accepted” that this site uses cookies. I do know what these are, the non-edible kind, but do not know how to use them, either.

    Like

    1. I’m afraid my cookies are not the edible kind (and I could sure use a bag of them right now).

      I haven’t logged in to Facebook for an age. My page is still up. I think I’l wait for them to sort the current consent issue out before I do log in heh.

      Like

      1. You can deactivate f-boook for years, like me… go back, and it’s activated! So I deleted it. I read (that’s meaningless too) that it’s “gone” in two weeks. We know they keep everything as long they can – deem forever.

        BTW – What is a GDPR?

        I’m having trouble with calypso trying take up more disk space. I just copy my stuff, and delete it. Crap on this place too.

        Cookies are like ticks, Edith. They try and suck your life’s info out of everything. Must be why they want mine so badly. I’m a tick-ologist lately… sort of by accident. Call me the “cookie monster” in the trash can.

        If I can do it, anyone can! (That’s the Candy Man… a song.)
        Smile!

        To-da-loo!

        Like

      2. Website cookies. Another great idea, big companies (and the humans behind them) had to ruin…

        Like

      3. I never got your reply! Got others. Something is screwed up here.

        People always ruin things, don’t they? wink
        Looked up GDPR. I do that stuff, plus I was missing friends yesterday. It was very quiet, and didn’t understand why. Got it!

        Glad I stopped by!

        Like

    1. Just trying to find that out. I’ll drop a link to the post when I have the info. GJ mentions it’s just adding a widget and making the page.

      Like

  9. Thanks for sharing! As an aside–I love all of the memes circulating the interwebs due to GDPR. Full-on belly laughs. XD

    Like

    1. Have added mine now. The instructions are a little different as I’m on the personal plan, so its just a case of adding a footer widget and creating a privacy policy page. Thank you again!

      Like

      1. No problem. If you can provide a 2-3 line description of what you did on a .com website, I can put you into the post with a link to your site as credit.

        Like

      2. No worries. On a the personal plan site you navigate to the customise section, then go to widgets, select a section you want to add the privacy notice to, I used the lowest footer, footer 3. Select the consent and privacy widget, then update the details as required, setting how the banner reacts and the address of your privacy policy and publish. Done.

        Like

      7. Yes, I added the widget, but it doesn’t work properly. It keeps popping back up even after you hit close. Plus, I have to add a privacy policy page.
        Thanks for checking 🙂

        Like

  11. It’s a bunch of rubbish. Now each blog I visit has a stupid banner that must be clicked to go away. How this affects North American sites escapes me. Seems the internet is slowly being strangled to death by the PC Police and other entities, forcing what they believe is right and good for the lot of us. Bunk!

    Like

    1. Gonna disagree with ya there man. I do feel the whole situation is a load of shite, but the Googles and Facebooks have been taking the piss with data for an age. The EU has dished out fines on them repeatedly. They’ve had ages to fix their ways. They haven’t. New laws come in because of them arseholes and straight out the gate, they are abusing data again. So do you create one rule or one person and one rule for another? That’s never going to hold up. So now we all have to deal with it. As for American websites, they can just make themselves invisible to the EU, as the newspapers, I linked to have.

      Like

      3. Bingo! What do persons with power want? More power of course. But guess what, ya can’t take it with you to your grave… haha!

        Like

    1. You’re welcome. Really, unless anyone intends to use data in different ways, it’s really not a big deal.

      Like

    1. The intent of GDPR is to make people be clear about what websites are doing with data (because the companies can’t be trusted). That’s really all there is to it for most of us.

      Like

  14. Thank you for helping clear this up.
    The sad thing is that more important data is lost by insurance companies and here in the US somebody can take out a line of credit in your name without anyone double checking the signature on the paperwork.

    Like

    1. Yeah, that’s another reason we all now have to suffer from this. EU said please sort your data protection or we’ll have to bring in rules. Facebook said they’d move all data to the US where there are no data laws to get around any rules but continue to do business with EU countries.

      Like

      1. The thing that gets me a little hot under the color is that I’m not Facebook or Google etc. I don’t run ads on my site. My blog is publicity for my business. Sure, phase 2 will include a way for people to order prints etc but I’m not a hard sale guy.

        I don’t really talk much about what my day job is but I’m a Fraud analyst. I know for a FACT that there’s more risk of losing more important data through banks, insurance providers and the like.

        Like

      2. Are there any data regulations on the banks over there? Over here our banks are required to publish details on complaints data breaches over here. Both the DPA and FCA ensure the banks behave (as well as they can) with our data.

        Like

      3. The regulations are pretty much the same to the best of my knowledge. However, they all seem to say oops a lot. It’s not good when a major corporation says oops.
        So basically, if they lose control of your social security information ( not sure what the UK version is) all they really have to do is send you letter.

        With that kind of data someone could take out loans in your name, buy weapons in your name, get a passport etc.
        Given the risks, I’m not too worried that Little Fears might grab my IP for marketing purposes and I’d rather see the US and EU spend more resources on the larger problem.

        Like

      4. In the UK, the banks get hefty fines for data breaches. They keep saying on the news UK banks could face up to £6.4 billion a year in fines under the updated data protection act.

        I assume US banks have no such worries?

        Like

  15. Assuming I have to do nothing since I am just using free service. Enjoy reading your blog in my free time of boredom like now. Cheers.

    Like

    1. Well, as long as WordPress is making it clear what data is going where, you should be fine. When I browse your site, I get the bottom banner pop up.

      Like

  16. I work in marketing here in Blighty, so everyone has been banging on about it non-stop. I’ve been completely ignoring it, frankly. “GD PR? Who’s GD? Why does he need PR?” etc. But I hope it goes smoothly for the nice people of this world.

    Like

    1. Haha, clever. Yeah, I need to go into my old workplace and update all their websites next week. Should have called me in sooner!

      Like

  17. I read facebook moved its EU subscribers to servers in the US as an end-run. I’m not sure if the article was accurate but even a hint at fb mischief was the last straw. As for the new compliance law – I did the basic. Now I feel I need to do more lol

    Like

    1. They tried it on. EU said please sort your data protection or we’ll have to bring in rules. Facebook said they’d move all data to the US where there are no data laws to get around any EU rules but continue to do business with EU countries. So now we all have to deal with it because Facebook (and others) flat out refused to even try to respect peoples data.

      Like

      1. I deleted my fb account. I hope it sticks. I know it offends when we blame the victims (us) but collectively, we could have handled FB way better than any government. We could have “myspaced” them

        Like

  19. Privacy Page added, possibly properly 🙂 Thanks, Peter.

    For anyone else on WordPress.com… WordPress adds the cookie banner automatically. If you add the cookie widget yourself, the banner never closes. Deleting the widget solves the problem.

    Like

  20. Thankyou so much for this. I’m on a Personal Plan. Have always had the Cookie Banner Widget on my home page. I deleted and re-installed it to be sure I had a compliant up-to-date version for GDPR. If I click on the Cookie Policy link within the banner, THAT page then includes a Privacy Policy link, so I’ve naively assumed that’s me done? :/ I asked WP if I needed to do anything regarding email subscribers, so to confirm to anyone else wondering the same question; your email followers already consented when they signed up, most of the GDPR emails coming out are unnecessary as they’re really FYI for stuff you’d already agreed to. And there is an unsubscribe button on every email they get from your blog. I do find most of the new privacy setting wordings more confusing than they were before!

    Like

  21. Thanks for sharing this (and your humour as usual is top brass). Just have to start going through all my sites and updating privacy policy just in case. Better compliant than sorry.

    Like

    1. It’s so easy to do. Really, unless you’re wanting to do something more with the data, the WordPress policy is copy-pasteable.

      Like

  22. Hell, there is no privacy. We can rock and roll and piss and moan and they still know what ads to send based on what we bought last time out. Even opting out of notifications rarely opts you out of Oh, yeah. Fears buys biscuits without gluten and Phil can;t tolerate artificial sweeteners. Whether they know how that makes us vote, I don’t know. But I do know years ago I got an insurance license and I can tell you this. Me or some kid at Taco Bueno who steals your identity, or sells your CC info, or is even careless with it? $2,500 automatic, up to 10K and 2 years. A major corpoartion sells my shopping habits? Yeah, yeah. Rules, like locks, are for honest people and children.

    Like

    1. Privacy, for the most part, is indeed a myth. Especially in Americaland. But do we just continue down this path to an Orwellian society? Or do we try and change it now so future generations have some semblance of privacy. Where do we even start? Well, with GDPR… But you know what I mean. We have to do something or we’ll all just sleepwalk into a world of no privacy rather than limited privacy. Humans can’t be trusted with data. That much, we unfortunately, do know.

      Like

      1. As long as commerce is in the picture those that be will rape the land and the people only to discover they really can’t take it with them and when everyone forgot how they got rich they’ll rebadge the football stadium and put transmitters in our 1oo calorie pretzel packs so we’ll get an email telling us they’re on sale, but only if we act NOW. Humans can’t be tusted with data and forget privacy, we’ll be lucky if our grandkids know what a buffalo is. However I do reserve my right to raise hell about that, even if it falls on deaf ears. Ain’t no money in buffalo, except right now, for trendy, expensive burgers to go with craft beer which is way more important to the investors than the buffalo population.

        Like

  23. The whole thing that bugs me about all the hoopla over Facebook is that Facebook acts like they are doing you a favor now by protecting your personal data and they are sorry it happened. But this is not their first time it has happened and it’s not like they had a choice in the matter they were told clean their mess up and then the GDPR came into effect. So they had no choice but to clean up their act.

    Another thing is the whole thing about the GCPR is not being taken much seriously by the general public. But this could be caused from people constantly being bombarded with notices about their personal data being stolen. They just don’t think this will change much of anything. Maybe they are right. The European Union is looking out for Europe and not the U.S.
    But I did read it would have some effect and that must be true. Businesses online are changing their policies so they read in plain English, and some of the top ones are going to use all of the rules because it makes better sense to comply than try to divide the users up into two groups or more. Time will tell.

    Like

    1. Frickin ruddy Facebooks… Yeah, they could have taken a bit more responsibility over the years and this wouldn’t have been necessary.

      Thing is for me, about GDPR, we can start trying to tackle privacy and data security now, while it’s still relatively young tech, or we can let it roll. If we let it roll it’s already obvious we will end up an Orwellian future that Black Mirrors been teaching us about this last few years. And we are dumb enough species to just walk right into it.

      Like

  24. Oh gosh. Things like this melt my brain. I’ve read this a few times and don’t really understand…but I am going to go to my widgets right now and add a privacy policy. How awful. It never occurred to me that people who request email addresses to comment may be doing something with that info. I may be misspeaking here…my brain is super slow in situations like this. But thank You!!! You continue to rock. I’m off right now to add my privacy policy. Yikes.

    Like

    1. Eh, in the blogging world it’s a teeny tiny amount of people that may do something nefarious. Like adding your email address to mailing lists without your permission. Or the LinkedIn folk who compile massive lists of email address contacts then sell them to marketing companies.

      The reason we’re all having to do this is more because of the Facebooks of the world who have been hoovering up every bit of data they can and going full Big Brother without clearly stating what they are doing. You then end up with com[anies like Cambridge Analytica who abuse the shit outta your data without consent. As I’ve said a few times in comments, the EU can’t make one rule for big data companies and one rule for everyone else. So we all now have to deal with it.

      Like

      2. Crazy. The whole thing. Thanks again for the enlightenment! I wish the banner said “WordPress uses cookies”. I hate it looking like I, perhaps, use them. But it feels really nice giving people a heads up. I wonder if there is any site/host anywhere that doesn’t use them. Lord. I have come accustomed to knowing I’m being watched. Which is SO odd. Big Brother indeed. Ack!

        Like

      3. A website with no comments, likes, contact forms or adverts might not have cookies. My old site never had anything like that because I didn’t want to pay bandwidth heh.

        Like

  25. Oh Lord, I SO apologize, Peter. I know I’m absolutely dense as a doorknob in these situations. You’re crazy busy. But….I searched my widgets and found the cookies and privacy banner. So, I should add it to my widgets? I see how…but I see also here that You share how to delete it so it just goes away. Which do I want? At this point, it doesn’t show up…but I’ve seen it on a lot of blogs lately and didn’t understand. OH! wow. Looking down right now, I see Yours is displayed. Okay. I always ignore them when I see them. So I’m going to go add mine as well. I think I’m starting to understand. It allows a visitor to opt out. Right? God. Ignore me if I’m being a pain in the ass! Cheers and Thanks again for Your time in sharing this! And Aimer is amazing!!! 🙂

    Like

    1. Aww mate, don’t worry, you’re not being a pain! Drag the widget into any side bar and it will appear in the correct place on your blog.

      Like

      1. Thank You, Peter! By Jove I think I’ve got it!!! I sent Aimer a thank You as well. I feel all techno savvy now!!! Thanks for Your kindness and patience!!! Cheers! 🙂

        Like

Leave a reply to forresting365 Cancel reply