Back in 2018, I wrote about how I implemented GDPR, by taking it to the extreme. I created a totally privacy-first focused site. baekdal.com/thoughts/insid…
This does create a few complications, though... 1/..
Take newsletters. I obviously want to know how many people who get each newsletter, how many who open it, and how many of the links people click on... but to do this in a totally privacy-first way means getting rid of all personal identifiers. baekdal.com/analytics/gdpr…
All of this requires some tricky coding. For instance, I have spent this day building a new newsletter sending system. But I'm not sending the email directly, instead I use a mail server (like everyone else) ... but how do you do that in a privacy focused way?
Well, first of all, you find an enterprise mail service. The reason being that enterprise services do not do anything with your data (whereas consumer services almost always do).
Secondly, you turn OFF all tracking so that the mail service (third party) does not do any tracking at all, not even on your behalf.
Thirdly, you create a non-personal ID and attach it to the emails, along with the email address, (as described in the second tweet above), and then you do a one-way encryption to make it impossible to track a specific action back to any specific person.
And then you use that to do your own email analytics. This way, you still know how many people who open and click, and you can differentiate that per person ... but there is no way to link that back to each person. The link between the data has been permanently broken.
And while this does sound complicated, the actual code is only something like 10 lines. The complicated thing here is designing the model, the code is easy.
But why go to all this trouble? Well, because, as a media analyst, I want to understand what the limits are for publishers
I believe that, from a trend perspective, demand for more privacy is here to stay, and what we see today with GDPR is going to get even stronger in the future. And, I want to be prepared for this. Not just in how my site works, but more so in understanding what it takes.
Here is how I described the problem with GDPR dialog (see link in the first tweet):
• • •
Missing some Tweet in this thread? You can try to
force a refresh
So yesterday, I was having a meeting with a publisher where I needed to share several different screens... which is really annoying to do with Zoom. So something had to done about that ;)
What you see here is a multi-screen setup using OBS.
Screen 1: Me (full HD webcam view)
Screen 2: PowerPoint
Screen 3: Browser + me in split screen view
Screen 4: Full screen browser view
Screen 5: (not playing) ...a video
And I can then switch between them via the number keys
Here is a screenshot of what my 'switcher' look like. Each of the small pictures below is a preview of each view. The big window on the left is the preview (to set up the next view), and the big picture on the right is what is currently being shown to Zoom
I don't know about you, but I'm definitely starting to feel 'virtual event fatigue' ... there are so many events at the moment (several every week, even sometimes every day) that it's a bit overwhelming.
Another problem is also that virtual events require you to dedicate time. It's at a specific time ("Join us at 2 PM Thursday"), so it's very hard to manage. If it was instead 'on-demand', I could watch/listen whenever it fitted into my schedule instead.
I truly believe this is something we need to change. Virtual events are great, but we are currently doing them like 1980s TV shows (Watch this at 8PM Friday!!)
No they are not. If they were actually important to you, you would not show us this. GDPR came into effect on May 28, 2018 ... so it's pretty clear that this is not a priority for you at all.
Note to US publishers. I can understand why, as a local publisher in the US, that you don't want to deal with the cost and complication of implementing European legislation for an audience that is outside your market. I get that.
But then just say that. Don't lie to me.
What seriously annoys me as a media analyst is when publishers behave dishonestly. You say you care about my privacy, but you are asking me to give it up. That's not caring.
You say I'm important to you, but your actions say otherwise.
One thing I hate is how publishers try to twist GDPR into meaning something different, when the actual law is extremely clear.
Here is how 'consent' is defined.
So no, you cannot say: "By continuing to use our site you will automatically consent." That is simply not a thing.
It's the same about controllers vs processors. It's the data controller that people give consent to, and the processors act on behalf of that controller. What this means is that no processor can ever claim to have the right to do something on another site without a new consent.
If you give your consent to tracking on one newspaper to include FB tracking, then FB cannot claim to have the right to track someone on another site, arguing that you already gave your consent once. People didn't give their consent to FB. They gave it to the newspaper.