The GDPR (General Data Protection Regulation) went into effect May 25 which required anyone serving “Data Subjects” (EU citizens in Europe? EU citizens living or visiting abroad? Visitors to Europe? Who knows? The law is unclear.) via the internet to follow stringent privacy laws. Since the internet has a funny way of ignoring international boundaries – you know, World Wide Web – the law ends up affecting anyone who operates a website. The result was a deluge of privacy notices sent to your email box, all of which you promptly trashed without reading.

Don’t get me wrong – privacy and a website owner’s responsibility to treat your data with proper respect is important. The law, however, requires someone like me who collects very little data on my visitors to prepare and follow a new privacy policy, an exercise that took a lot of time when I would have rather been writing stories. My old privacy policy simply did not meet the new requirements, however, so I tackled the task.

When I sat down to prepare my first draft, I took seriously the requirement that the policy must be in “clear and plain” language. Perhaps just a wee bit too seriously. Since I was using my dictation software to write, the first draft contained some asides and editorial comments that don’t properly fit in an official document. Still, it is presented below for your amusement. (The final – and approved – privacy policy can be found here.)

NOTE: The headings you see below were questions the template I was using suggested answering to make your policy as clear as possible. And the phrasing of the answers attempted to follow their suggested phrases. In fact, I went off track with the very first heading.

---

Who We Are

We? Are you kidding me? We are me.

Who We Are I Am

I am D.K. Wall. My website is https://dkwall.com. I even have a phone number, though it is just a free Google Voice account and all calls go to the voicemail. Crap, that probably requires a privacy disclosure since its operated by Google. If you call that number and leave a voicemail, that’s data. And it’s stored. Until I erase it. This damn document just got longer and I haven’t written the first paragraph. Just don’t mention the phone number and use the PO Box instead. The post office is part of the federal government and they are great at keeping secrets. No privacy disclosure needed there.

Why We I Collect Your Data

I’m an author and a photographer. I hope you will buy my books and photographs. Though, I must get the first damn book published before anyone can buy it. I would be working on revisions right now except I am having to draft a privacy statement. It’s a bunch of government bureaucrats fault that the book isn’t finished yet. Wonder if my editor will believe that?

Data We I Collect Automatically

If you are reading this, you are on my website. My servers are peering into your house and gathering the names of your children and pets, your credit card numbers, and all manner of nefarious information.

No, wait, my servers aren’t that smart. I wish I had thought of Alexa that could listen to your conversations and broadcast them to your friends, but I didn’t. I just rent a VPS (Virtual Private Server) from a company in New York. Oh, crap, that’s another privacy disclosure.

That server shows you my web pages. To do that, the server must know which page you want to see (apparently, randomly generated webpages don’t make for happy website visitors) and where to send it (i.e., your IP address or where your computer is). I guess, technically, someone smarter than me could look at your IP address and figure out you are reading this at work (Shouldn’t you be working? Quick, hide the screen, your boss is coming). But, see, that doesn’t really help because all I would know is that someone at your IP address is on my server. And to even know that, I would have to bother to get the IP address and then figure out where it was coming from. I don’t have time for that. I’m trying to write novels. If you are so freaked out that your IP address is being tracked, just use a VPN. Lots of companies offer the service, so just go Google for one. Of course, then Google will know that you are looking for a VPN. But, hey, at least I won’t have any chance of knowing that you are reading this from your office, just that you are a person with something to hide.

Anyway, my server tracks those page requests and IP addresses in a log. If I was really dying for something to do, I could read those logs – which are thousands and thousands of lines long – and find what stories on my website you (or your IP address which we have already established doesn’t mean I know who you are) are reading. But (1) I don’t have time and (2) as you will see later, there is a much easier way to find out what is popular on my website, so I just delete those logs so they don’t take up hard drive space. Poof. Your privacy has been restored. Not like I could figure anything out about you anyway.

Personal Data We I Collect

Let’s get personal. I can figure out your name and what you are thinking. Magic, huh? And how can I do that? Because you TELL ME YOUR NAME in one of three ways. If you don’t do one of these things, I have no clue.:

Contact Form – If you send me a message via the contact form, you will enter your name (or whatever name you make up), your email address (because if you make that up, I can’t respond to you), and whatever you type in the big box labeled “Your Message.” When you hit send, I have that data. Yep, shocking, I know. Who knew that the information you submitted to me on a form comes to me?

Believe it or not, software updates added a little checkbox to my contact form to prove that you understand what I just said. What’s next? A little checkbox on email saying you understand that by hitting send your email will be emailed to someone else’s email box where they would have access to it.

Where do I store that data? In my email. That’s right, I am cheap. I don’t have one of those fancy contact forms that stores the message on my server. No trace of it exists there. Nope, your message just goes to my email box. Which sits in my email server. A different VPS in New York. Crap, another privacy disclosure.

What do I do with the data? I read it. Then I respond, if appropriate. Then I delete it. Poof. Privacy restored.

Subscribe to the newsletter – If you want to be notified via email about new posts, I offer a newsletter. To subscribe, you need to provide your email. For some technical reasons that are entirely too complicated to go into here, I must have your email address in order to send you an email. And I keep that email address for as long as you subscribe. That way I can keep sending you newsletters until you tell me to stop.

When you unsubscribe, I delete your records. Not because I am trying to protect your data. Because I am cheap. The more subscribers I have, the more the newsletter costs me. If you don’t want the newsletter anymore, I don’t want to pay just to keep you on file. Poof, you are gone.

When I send that newsletter, I use an email delivery service. That means the newsletter goes through their server. And to deliver it to you, they have to have your email address. Of course, they send eleventy-seven bazillion messages a year, so I seriously doubt anyone there cares, but it’s still another privacy disclosure for me to include. Crap.

Comments on posts – If you comment on a post, you will enter your name (or, whatever name you make up), your email address, your website address (totally optional – you don’t have to reveal that) and your comment. When you click “Post Comment” (wait for it – this is technical) your comment will be posted for all to see. Again, shocking. Ok, your email address isn’t posted, but it is stored on the server. And here’s the kicker. I keep this data forever. That’s right, your comment stays connected to that post for as long as that post is up. And I rarely take down posts.

A couple of third parties – both owned by the same company – help process comments. The first compares the information you provide against a list of known spammers. I don’t want my comment sections filled with advertisements for fake Ray Ban sunglasses, pornography websites, and “male performance enhancement” drugs. I think we can agree we don’t need those comments. That service blocks tens of thousands of those. To provide that service, they scan your comment for obvious flags (such as links to male performance enhancement drug websites) and known spammer IP addresses.

The other third party puts up those little avatars beside people’s comments. You can sign up for their service and the avatar appears everywhere you comment. To do that, they have to check your email address against their database.

By the way, you may notice that some people’s names are hyperlinked and if you click it, you will go their website. That would be the “net” part of the internet. Because, of course, the internet was built to share information. I don’t control their websites. Honestly, I don’t.

Third Party Data Collection

Ah, now for the Big Bad Wolf. Yes, the wolves are in the house. Google, Amazon, and Facebook know you are here. Hell, they probably know what you had for breakfast. Here’s how they track you here – and everywhere else – and what you can do about it:

Analytics – Analytics are the statistical data about who visits my website. What stories are popular (or not), what photographs get the most view, how many people of different age brackets visit the website, stuff like that. I use this information for two reasons:

Ego – When you are a writer, you sit in an office all by yourself and work on a computer. There is no cheering section rooting you on. Seeing how many people read a story is cool. It motivates me to write the next story.

Marketing – Forgive me, but I want to sell books (whenever I can finally get the damn things published). To do that, I need to attract people to the website who will buy my books. The data I receive helps me target market to other people just like you.

So where do I get this information from? Google and a company you may never have heard of but is everywhere, AddThis.

Google Analytics – Google makes a deal with website owners. They give us free reporting about how people interact with our websites such as how many people read a story I post or view photographs I share. Here’s the trick – I can’t tell if you personally read it. Google doesn’t tell me. I have no way of knowing that. But they do give me a neat little analytics board so I can see what’s popular and what took a swan dive off of the writer’s desk.

If you are paranoid, stopping Google from watching you on my site won’t really help. You need to tell Google not to watch you anywhere. Just remember that if you turn off tracking, then Google no longer counts you when you read one of my stories. That deflates my ego. But go ahead. I can take it. Besides, I won’t ever know because you will visit like a little ghost, swooping in and out of my website without being noticed.

AddThis – Let’s pause a second. Are you enjoying this article? Don’t you want to share it with your friends? Go ahead, click on one of those social media share buttons hovering nearby. Email this to a friend. Post the article on your favorite network. Post it on your second favorite. While you are at it, post it everywhere.

Guess what? AddThis just tracked that. That’s who they are. They track the sharing of articles to social media. And they give me cool little analytics, too. And, just like the other big guys, they have opt-out choices if you want them not to track you.

Facebook – I would love to use the Facebook Pixel. It provides wicked good data about who visits your sites from them. But I am just not comfortable yet with the way they handle data. Nor do I like how hard they make it for people to opt-out. So, you’re not being tracked here by Facebook. At least, not by me. Of course, you should realize Facebook still tracks a ton about you. And they know if you came here from Facebook (because they track it there, not because I track it here). Visit your settings in your Facebook account and see what they track and how they use your data.

Advertising – Forgive me, I like to eat. Until I have books to sell, advertising is my only source of revenue. It ain’t much – enough to pay the cost of my servers mainly – and it will probably go away once I start selling books, but every little bit helps. My ads come from only two places:

Google Ads – All those ads on the website from various companies, except Amazon, are provided by Google. The ads you see are different than the ones I see. They are targeted. The whole idea is that you will see ads that will interest you. Good for you because you see things you might want. Good for the advertiser because they don’t waste money buying ads for people who don’t care about their products. Oh, and good for me, because I get paid to allow Google to place those ads. Now I don’t get told anything about you personally. And I don’t get told anything about the advertiser you see. I don’t know what ads you see, what ads you click, or what you buy. Nothing. Nada. Zero. I just get a big, fat check from Google. Ok, fine, I get a skinny little check. Don’t like Google targeting ads to you? Turn it off at Google. Of course, then I don’t get paid for your visit. But, go ahead, read for free. I can’t stop you.

Amazon Ads – See Google Ads above. Substitute Amazon. The only difference is that Amazon doesn’t pay me for the advertising space. They pay me a commission if you buy something after clicking their ad. I still don’t get to know who bought things. Don’t like Amazon targeting you with things you might be tempted to buy? Tell them to stop.

Cookies

Personally, I prefer chocolate chip, but this is about computer cookies. Yes, I use them. Cookies make the internet work. They remember things so you don’t have to fill in every form. You know when you click on a blue link and then you come back to it later and it’s purple? Yeah, well, that’s a cookie. It remembers you did that. You can block cookies – all of them. But don’t rely on me or some other website owner to do that for you. The controls are right there in your browser. Turn them off. Now notice how nothing works on your browser and you can’t do anything. Congratulations. You have just figured out cookies.

Social Media

If you interact with one of my social media accounts by posting comments or “liking” posts, I can see that. That’s kind of the point of the “social” part of social media. But just in case you missed that point, hopefully this little comment cleared that right up.

Notice to Children

According to the GDPR, I am not allowed to collect any information about you if you are under 16 years old. At the same time, I can’t figure out if you are under 16 unless I ask everyone their age which would be collecting private information. So, if you are under 16 years old, don’t sign up for my newsletter, don’t post comments, and don’t use the contact form without a parent’s permission. Good thing teenagers never sneak around behind their parents’ backs and do things they aren’t supposed to.

Right to be forgotten

By law, the EU says I have to give you the right to be forgotten. Which is ironic because as a writer, I am begging not to be forgotten. But, seriously, if it bugs you so much, I will delete all of the data I have on you. Which basically are those comments we mentioned above. And I will have to stop emailing you the newsletter because I forgot your email address. I don’t keep anything else. Now the world will never remember your witty comment.

Summary

Let’s review. (1) I collect only necessary data to operate the website; (2) I collect additional data only if you provide it to me via newsletter subscriptions, comments, or the contact form; (3) The big bad boys of Google, Facebook and Amazon are watching you; and (4) Don’t get caught reading my website at work.

Don’t you feel better?

---

Today’s title background image is a photo by Kristina Flour and licensed under Creative Commons: 0.0 License via Unsplash