GDPR – Complying and Access

You write a blog and someone reads your blog and they comment, or they sign up to read the newsletter you send out occasionally to readers.

Or you sell something online – a pen, a book, a wooly hat, an iPhone case – and you get paid.

You have the name, address, email address, and maybe some other information such as birthday or the customer’s liking for woolly hats.

Surely, none of it is the kind of stuff that the framers of GDPR (the General Data Protection Regulations) are really worried about.

Surely, what they are worried about is people who have other people’s ‘sensitive personal information’ (racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health, or data concerning a natural person’s sex life or sexual orientation).

What happens in reality is that we all get swept up in the dust storm and have to comply. In the pre-digital age, whenever governments brought out these kinds of regulations, businesses went to see their lawyers and the printers rubbed their hands with glee at the thought of all those reprints they would be asked to do – of brochures and leaflets and notices – all the stuff that would be necessary.

But in the digital age where we do it all ourselves, I just see a pain in the behind for thousands and thousands and thousands of bloggers and small businesses when it is surely blindingly obvious that 99.9% of what is intended to be protected has nothing at all to do with those bloggers or those small businesses.

Double Opt-In In the Age Of GDPR

If your original opt-in was a double opt-in (the recipient signed up with an email address on your site and also confirmed their desire by clicking on the link that arrived in their email inbox) and then you don’t need to get consent again.

Double opt-in has been around for a while and the reason for it and the reason I say you ‘have’ to be double opt-in is that if you are not, then some malicious person could sign up with someone else’s email and you would be sending newsletters to someone who never requested them.

Emailing someone who didn’t request you to email them has been outlawed under the regulations (Privacy and Electronic Communications Regulations) for a long while. GDPR highlights it and makes the penalties stronger.

Steps To Take For GDPR

For the benefit of those who need GDPR advice – this is my take on what you need if you have a website.

You need a page that sets out your privacy policy policy, a page that sets out your cookie policy (or a section about cookies in your privacy policy page) and a means for your visitors to signify cookie consent or an indication of where to go to find out more.

If your site is built on WordPress, you are in luck because the very latest version (4.9.6) practically does it all for you, at least gives you the framework to write out your privacy policy statement. If you haven’t already got a page setting out your privacy policy then go to your admin dashboard, and in Settings, you will see a section named ‘Privacy’ – click on that and choose the ‘Or: create new page’ WordPress will do that for you and set out the sections you need to fill in. You still have to read up on the GDPR requirements (who collects the info, what kind of info, etc.) but the bones of it are there.

Next, you need a page in which you set out your cookie policy. OR, you can put the cookie policy in a section in the Privacy Policy page. The contents are pretty standard, so find a good site (the BBC, Marks and Spencer, WordPress, Google, etc.) and crib the bits you need.

Finally, you need a cookie consent form. You can no longer tell people that you deem their consent by them continuing to use your site, or maybe you can, but it’s easy to be safe rather than sorry. You need a little banner that people can click to say they are alright with cookies. They don’t have to click it – you just have to have it there for them to click. I have tried various plugins and the one I use on our e-commerce site is called EU Cookie Law (by Alex Moss and others). It is in the WordPress repository and it is free. You can style it as you want and place it bottom right, top right etc – and link it to your Cookie Policy page.

Access

Is this the intended consequence of GDPR? Go to a page on a website and be confronted with a popover that hides the content. Don’t click ‘I accept’ for cookies. Instead click on ‘more info’ or ‘preferences’ or whatever is there.

Say ‘No’ to cookies and refresh the page you want to see.

Be confronted again with the same popover that hides the content. You know what to do this time because you have been here before. Click ‘Accept’ because there is no other way to read the article.

So what we have here is a kind of paywall that says ‘If you want to play, do it my way.’ Or to put it another way, it is forcing consent to cookies as the price of reading the content. Surely that is against the spirit of the GDPR?

One thing – Google penalises sites that use popups that cover content – maybe that will nudge webmasters to stop using popups that require consent as the price of access.

Tales From The Third Dementia

I don’t have anything I want to write beyond that I dreamed up the idea of the third dementia and I wanted to record it somewhere. It’s pure ego.

I also thought of the fourth dementia, but somehow it doesn’t grab me. We, the human race, have lots of experiences in the third dimension, and that seems enough dimensions to work with – so third dementia it is.

If they ever make a pilot, I think someone talking over the poor person’s head would be as dark as it needs to get. Does she like to listen to music? Does he remember where he lives? All those painful sentences.

Maybe there is room for the Fourth Dementia – a space one enters and immediately forgets having entered once one leaves.

Sarkozy, Gaddafi, and Passive Corruption

EuroNews reports today that

PARIS (Reuters) – Judges in France placed former French president Nicolas Sarkozy under formal investigation on Wednesday over allegations of illegal campaign financing, a judicial source said.

Sarkozy was released from under judicial supervision after two days of questioning over allegations that his 2007 election campaign received funding from the late Libyan leader Muammar Gaddafi, the source said.

He is being investigated for illicit campaign financing, misappropriation of Libyan public funds and passive corruption, the source said confirming a report in Le Monde newspaper.

I wondered what passive corruption was – perhaps it meant not speaking up when something that is obviously intended as a bribe is given as a gift.

The Lexology website describes how the Anti-corruption Law on Transparency, the Fight against Corruption and the Modernisation of the Economy (the Sapin II Law) introduced in 2016, operates:

The Criminal Code distinguishes between active and passive corruption:

Articles 433-1 and following of the Criminal Code criminalise active corruption when a person, either directly or indirectly, unlawfully induces or attempts to induce a public official to accept a bribe by proffering an offer, promise, donation, gift or reward.
Articles 432-11 and following punish passive corruption, which is characterised as when a public official, either directly or indirectly, solicits a bribe by requesting or accepting without right any offer, promise, donation, gift and advantage by another person.

It seems to me that 432-11 must be hard to prosecute. What is to distinguish a donation or a gift of support from a bribe if there is no concomitant promise?

I see some of the wilder accusations are that Sarkozy had Gaddafi killed to stop him revealing the connection.

Update 31 March 2019

I just re-read this and wondered what had happened since March 2018. The Financial Times reported last October that a Paris court rejected an appeal by Sarkozy against a decision to have him stand trial and that his lawyer said the ruling would be appealed to France’s highest court, the Cour de Cassation.

It also gave details of the claim by a Ziad Takieddine, who claimed to be a middleman in the alleged transaction, that he had took €5m in cash from Tripoli to Paris in 2006 and passed it to Sarkozy’s then chief of staff, Claude Guéant.

There is another thread to this, which is that in 2012 Mediapart magazine published a document purportedly signed by a senior figure in Libya in 2006 that showed that Sarkozy’s 2007 election campaign was partly funded by Gaddafi.

Sarkozy claimed the document was false and in January this year (2019) the Cour de Cassation ruled against Sarkozy’s appeal to have the document rejected as false.

What Exactly Is Fake in Digital

I was thinking about Po.et – Jarrod Dicker’s project for an open-source blockchain Ledger to classify, identify, and monitor content throughout its entire life cycle.

If every mined coin could have a source stamped into it to distinguish authentic from shady, then maybe digital currency has a future.

Otherwise, the core problem with digital – that the original and the copy are indistinguishable – marks the end of cryptocurrencies.

My One And Only Strip Cartoon

bubble

I made this with Bitstrips in 2009 and I am so proud of it. A play within a play – a joke within a joke.

Susan B Anthony

In 1872, Susan B Anthony was convicted and fined for attempting to vote in her hometown of Rochester, New York.

Six years later, in 1878, Anthony and her colleague Elizabeth Cady Stanton had an amendment put before Congress giving women the right to vote.

It became the Nineteenth Amendment to the U.S. Constitution in 1920.