Skip to main content

What about GDPR and my website? We use Google’s services on it



Good question, glad you asked. So GDPR is the new “General Data Protection Regulation” and comes into force May 25th 2018 for us EU residing souls. Although in principle it seems like headache inducing bureaucracy, it is in fact a well needed set of laws that prevent the current systemic interchange and flow of personal data on a massive scale. It’s kind of like someone finally inventing the seat belt for the automobile. It’s not perfect and it’s overly complicated so this is definitely a V1.0 but it will improve over time.

Anyway, back to my question – GDPR in a nutshell has beef with any company using data for purposes that aren’t strictly essential to justify their collection – and it’s particularly hormonal towards companies that hoard data about individuals (versus business). For most of us, that’s probably not a major concern, tighten up your policies, document them and you’re good. However, there is a bit of a sticky spot when it comes to the concept of ‘third party data controllers’ – a data controller is someone who can control the data, manipulate it if you like. Data processors are the other side of the coin and they simply provide the means to collect data and store it normally, nothing else. However, Google does fall in to the ‘third party data controller’ category and where it gets particularly sticky is the fact that our websites these days use TONNES of Google provided goodies. These include but not limited to:
  •          Maps – so you can have that nice zoomy map showing everyone where the office is
  •          Fonts – yes, fonts(!), are now mostly downloaded directly from Google’s servers
  •          Jquery – a nerdy programming tool for web developers, is hosted on Google’s servers
  •          Analytics – the thing that tells you how few visitors have visited your website
  •          Adwords – this is a biggy – the thing that serves up yours and others advertisements

Ordinarily, most of these tools would be collecting anonymous data, which is largely OK, however, since it all gets filtered back to Google HQ on US based servers, it’s not at all difficult for Google to use basic device fingerprinting (ie. The combination of computer you’re using, the web browser, the updates it has and the homepage that is set) to form a unique picture of exactly who the visitor is. 

All in all, you need to find out Google’s policies on data retention, processing, usage and storage to be fully compliant. This is no mean feat and all tolled, personally, is more paperwork that I’d care to think about just so someone can have a clicky map to find out where my office is. 

This is definitely non-essential for business use and collection of such data is unwarranted. Same goes for the font we use on our website. Worst of all, pretty much all of Google’s servers are US based, meaning they don’t strictly comply with GDPR. If these tools are essential to the website, you’ll need to do homework, otherwise weigh up how much they’re needed. Here’s a quick checklist to solve many issues:

  • Right click your website in Chrome and click ‘View Page Source’ and look for the word google. If you see links to Google websites then your website is accessing Google resources remotely. Eg: http://fonts.googleapis.com/css?family=...... You’d therefore be wise to ask your developer to copy that resource (if allowed) to your web host directly so you’re not going all the way to Google’s servers to access it, rather just access it locally. Same applies to JQuery.
  • Analytics is also a sore point, it’s a great tool but it sets dozens of cookies and you need to have a watertight privacy policy. Why not analyse your own logfile if you don’t heavily rely on Analytics – tools such as weblogexpert.com or goaccess.io for example. Critically, digest my point below on the big change on the implicit acceptance of cookies change, it’s now not allowed.
  • Update your cookie policy, the Civic UK tool is a great wizard to get it GDPR compliant https://www.civicuk.com/cookie-control - a big change these days is that implicit acceptance of cookies is not allowed, they have to click ‘Accept’ before they can be set. If the user doesn’t click the ‘Accept’ button, then Google Analytics et al will not collect jack and basically become a pretty much irrelevant tool, since the data it reflects will only be that of those who accept the privacy policy. How many ‘Accept’ buttons do you click? Not many, and that won’t change.
  • Adwords is even more intrusive as far as GDPR is concerned, if you host other people’s adverts on your website and it’s a big revenue generator that you can’t do without, again get ready for the homework, otherwise it might be cheaper to remove them.
I’m not Google bashing here, I’m simply highlighting touchpoints – the fact is we ALL use Google. There are other providers that also have equally opaque policies on data collection (eg. Chat bots or chat forms on your website) and you will need their data policies and document them to continue using their tools too.

The era of downloading a cool widget and plonking it on your website for all and sundry has alas come to an end, by doing that you’re exposing the data of your visitors and customers to third parties that could lose or abuse it (just look at the recent Facebook leak and mark my words, Google will be on the leaky list very soon if it isn’t already)

GDPR is a bit of a headache but we all have to endure it, think of it as your virtual seat belt and maybe that will make the whole process a bit more digestible.

Comments

Popular posts from this blog

Brighten up Blue Monday with 20% discount for phone line rental

Brighten up Blue Monday with 20% discount for phone line rental buzzbox Telecom, a leading UK telecoms company that offers fully featured cloud-based phone systems, is helping its potential customers to brighten up their so-called Blue Monday – the saddest day of the year- by offering a 20% discount for three months for business telephone line rental, if they sign up within this week.

If a business phone contract is coming to an end or a potential client is in the process of starting up a new business empire this January, buzzbox can change their existing phone service with a package rich in features (call recording, diverting to mobile, voicemail, hold music, keeping your number), at a fraction of the cost. The offer for this week, until 19 January 2018, will be 20% off a business telephone line rental for three months and thereafter it is a monthly rolling contract, which means that potential customers can cancel their contract at any time.

Stuart Spice, Founder and Director of …

Why Our Love Affair with the Cloud is Changing

There's a new thing called Cloud Repatriation in the computing world. I suppose it's the opposite of expatriation which officially means 'to withdraw oneself from residence in one's native country'. In this context however, the term refers to repatriating your servers and computing power into your office and getting it off the cloud. In simple terms, take all that effort you spent shoving your stuff into the cloud - and reverse it.
'But why!?' I hear you cry. Or perhaps you’re not, since by asking that very question you probably already know full well why. But in case you are still asking 'But why!?', let me jog your memory.
Go Cloud, go go go!
The concept of shoving all of your worldly digital belongings onto someone else’s kit was all the rage some years ago. It was 'safe', 'fast', 'cheaper' and 'convenient'. It seemed like a good idea, for only a few quid per month, I could have the latest version of some software …

Is 5G going to take over the world – and our rusty old landlines?

I’m going to be popping over to the world famous monstrously sized (and ticket priced) Mobile World Congress in Barcelona next week. There’s going to be lots of exciting releases and stories on the table, but I expect the big song and dance will be made around the forthcoming 5G standard -which promises to boost 4G speeds by tenfold and its reliability.

Of late though, there’s been a lot of talk about how 5G will make the IoT a reality by expanding the size of the already massive internet into something hundreds of times bigger as we connect every device we can think of to it, including fridges, freezers and underpants (I made that last one up, but I wouldn’t be surprised).

But the big excitement for me (and probably because I’m from the country with the worst broadband), is the potential for 5G to replace broadband connections that currently use our landlines. For most of us, broadband speeds are unacceptable and BT and their like have been peddling ‘fibre infinity’ products for yea…