G D P R F T W ! O R , H OW I L E A R N E D TO STO P WO R RY I N G A N D LOV E P R I VACY BY D E S I G N @jeckman

N OT E : I A M N OT A L AW Y E R @jeckman

I N T H E B E G I N N I N G @jeckman

C O O K I E S Photo by John Dancy on Unsplash @jeckman

“One day in June 1994, Lou Montulli sat down at his keyboard to fix one of the biggest problems facing the fledgling World Wide Web -- and, as so often happens in the world of technology, he created another one. At 24, Mr. Montulli was the ninth employee [at] Netscape Communications. . . he quickly came up with an ingenious idea to address the problem and hammered out a five-page document describing the technology that he and co-workers would design to give the Web a memory. The solution called for each Web site's computer to place a small file on each visitor's machine that would track what the visitor's computer did at that site. . . . It was a turning point in the history of computing: at a stroke, cookies changed the Web from a place of discontinuous visits into a rich environment in which to shop, to play -- even, for some people, to live. Cookies fundamentally altered the nature of surfing the Web from being a relatively anonymous activity, like wandering the streets of a large city, to the kind of environment where records of one's transactions, movements and even desires could be stored, sorted, mined and sold.” - John Schwartz https://www.nytimes.com/2001/09/04/business/giving-web-a-memory-cost-its-users-privacy.html @jeckman

P 3 P https://www.w3.org/P3P/brochure.html @jeckman

P 3 P The Platform for Privacy Preferences Project (P3P) is an obsolete protocol allowing websites to declare their intended use of information they collect about web browser users. Designed to give users more control of their personal information when browsing, P3P was developed by the World Wide Web Consortium (W3C) and officially recommended on April 16, 2002. Development ceased shortly thereafter and there have been very few implementations of P3P. https://en.wikipedia.org/wiki/P3P https://www.w3.org/P3P/brochure.html @jeckman

D O N OT T R AC K ( D N T ) https://www.eff.org/issues/do-not-track @jeckman

D O N OT T R AC K ( D N T ) https://allaboutdnt.com/ @jeckman

@jeckman

John Eckman • @jeckman • #wcpub – J O H N N Y A P P L E S E E D “Type a quote here.” https://www.betterads.org/ @jeckman

@jeckman

E N T E R T H E G D P R @jeckman

R E M E M B E R : I A M N OT A L AW Y E R @jeckman

https://twitter.com/RebelEmG/status/988442580902989824 The General Data Protection Regulation (GDPR) is an EU regulation that went into effect on May 25th, 2018. GDPR aims to give individuals (EU citizens) more control over their personal data, by requiring that businesses gain more explicit consent from them to collect and use it. @jeckman

https://twitter.com/lesteph/status/988401663810723840 Understanding: At its core, GDPR is designed to protect user data and empower users to have a better understanding of: 1. What data is being collected about them. 2. How and why their data is being used. Control: GDPR is also designed to give users better control over their data. Users must be able to: 1. Tell companies what they can/cannot do with their data. 2. Request a record of all data stored about them. 3. Amend any data stored about them if it is not correct. 4. Request the deletion of any/all data stored about them. @jeckman

https://twitter.com/samnickerson/status/988673113109028864 Reach: GDPR is designed to protect all EU citizens and residents. It doesn’t matter whether the company capturing/ processing data is based in the EU, the only thing that matters is that the data you are capturing belongs to an EU Citizen.
 
 @jeckman

https://twitter.com/AlbFreeman/status/988678211998449665 Individual Rights: All EU Citizens are entitled to a series of individual rights under GDPR. 1. The right to be informed 2. The right of access 3. The right to rectification 4. The right to erasure 5. The right to restrict processing 6. The right to data portability 7. The right to object 8. Rights in relation to automated decision making and profiling @jeckman

https://twitter.com/everylilbreeze/status/997381429322571776 5 Areas of Focus: There are 5 areas that the GDPR focuses on. These provide a framework for data capture: 1. Purpose 2. Limited 3. Accurate 4. Time Limited 5. Secure @jeckman

https://twitter.com/klillington/status/997063126322434049 Purpose: there are six legally acceptable reasons that a company can process user data. All data processing needs to fit into one of these categories and should be documented. 1. Consent: a user has given clear consent for you to process their personal data for a specific purpose. 2. Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract. 3. Legal obligation: the processing is necessary for you to comply with the law. 4. Vital interests: the processing is necessary to protect someone’s life. 5. Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law. 6. Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. @jeckman

https://twitter.com/CamHamTT/status/99994671805256 Limited: No data should be captured or stored unless it is specifically required for an approved data processing activity. Accurate: All data that is captured should be accurate and kept up to date for as long as it is stored. Users should be able to submit amendments to any data and records should then be updated accordingly. @jeckman

https://twitter.com/evankirstel/status/1000344045221228544 Time Limited: Data should only be stored for as long as required to process the data. Once you are no longer processing the data, it should be deleted. Secure: All data processing and storage needs to be secure by design and security practices should be well documented. This includes both technical infrastructure as well as access rights/policies. @jeckman

https://open.spotify.com/playlist/5Pe51v0sHLybSEkX0m0JRf Data principles: 1. Capture/store as little data as possible. 2. Document what data you are capturing/ storing, why where it is being stored and for how long. 3. Encrypt data wherever possible. 4. Use anonymised data wherever possible. 5. Make sure that any data you are capturing has an explicit opt-in. 6. Make it easy for users to make requests of their data. 7. Make sure to keep your data up-to-date and accurate. @jeckman

P R I VACY BY D E S I G N Photo by Dayne Topkin on Unsplash @jeckman

https://gdpr-info.eu/art-25-gdpr/ @jeckman

ST I L L N OT A L AW Y E R @jeckman

W H AT D O I D O? @jeckman Photo by rawpixel on Unsplash

Assess & Document: What data do we collect about visitors and customers? How is that data collected, stored, and used? What is the purpose for which that data is collected and used? How do we inform users of the purpose, intent, retention, and permissions with respect to their data? TA K E OW N E R S H I P Plan: What features on our site need to be revisited? Where can we limit our use of data, in scope, in timeline, or in purpose? Where can we limit our data gathering? How long will it take to get us into compliance? @jeckman

D I V E R S I F Y R E V E N U E ST R E A M S Photo by Maria Imelda on Unsplash @jeckman

C U LT I VAT E T R A N S PA R E N CY & H O N E ST Y Photo by Kelli Dougal on Unsplash @jeckman

Don’t Panic: Enforcement of the GDPR will most likely first impact businesses with significant financial interests and assets in the EU. If you have enough financial presence in the EU, you can afford a GDPR compliance consultant. B U T I J U ST P U B L I S H A B LO G ! Have a Privacy Policy Be clear about what data you collect, how, and why Most Likely Impact: Third-party tools: • Analytics • Comments • Newsletters @jeckman

F O C U S O N T H E S P I R I T O F T H E L AW, N OT J U ST T H E L E T T E R Photo by Maria Freyenbacher on Unsplash @jeckman

D I D I M E N T I O N I A M N OT A L AW Y E R ? @jeckman

https://10up.com/about/ https://10up.com/careers/ @jeckman

Thank You! Feedback Welcome: @jeckman or john.eckman@10up.com