We missed last week’s Spain Sunday and we will miss next Sunday. So here is a long post about something that recently occurred in Europe.
This is a crash course to the internet and how it just changed. I think it is pretty interesting and worth understanding since you probably don’t understand the internet generally. We didn’t – but with GDPR coming into play we thought we would try to understand things better.
GDPR is the General Data Protection Regulation. It just changed the internet a little bit. Completely for the EU – European Union, and by proxy for everyone else. Google explains it best:
“On 25 May 2018, the most significant piece of European data protection legislation to be introduced in 20 years will come into force. The EU General Data Protection Regulation (GDPR) replaces the 1995 EU Data Protection Directive. The GDPR strengthens the rights that individuals have regarding personal data relating to them and seeks to unify data protection laws across Europe, regardless of where that data is processed.”
Basically it’s a new law for people in the EU (physically present in the EU, not just EU citizens) to
- control their own data
- protect their privacy online
- have the right to see what information companies have about them
- have any of this data/information deleted
- know about data breaches within 72 hours
It’s more complicated with how data is collected and stored. Some boil it down to “use the data or delete it” don’t just store everyone’s data for fun. It’s all very long but it boils down to protecting the user/consumer. Companies have to be more truthful and open about using your data. Companies have to be more careful about data (Russia is hacking everyone and everything right now). Companies only have to do these things if they’re getting sensitive information about you – and they all do.
The weird thing is that every website has to be compliant if there is a chance of anyone in the EU using their website. So websites chose to make small changes to make their website compliant for the 189.8 million Europeans who use the internet. They have the choice to either comply (with these reasonable requests) or block Europeans from seeing their website (thus losing traffic from nearly 200 million people). According to Medium.com “Any company that comes into contact with personal data of EU residents MUST ensure they comply with the GDPR or they run the risk of heavy fines.”
Also the GDPR hasn’t made many changes, yet. All it looks like right now is a small popup at the bottom of a website either asking you to consent or just telling you that they’re going to keep invading your privacy but at least now you know. Literally nothing has changed for the average user. Here are 10 examples:
This is all you see, however on their end they’re going to have to be more careful with our data (we obviously can’t see this). And if someone says “delete everything you know about me” they have to (as of now Facebook is refusing to do this).
The EU isn’t telling other countries what to do but if an American company is obtaining any identifiable information (sex, age, marital status, location) from any EU citizen they are meant to comply with that citizens rights. And that citizen has the right to not have their privacy completely violated.
What are cookies?
Cookies were invented in 1994 as a way to track online purchases and if a user had been to that website before. People didn’t even know they existed until a newspaper reported on them 2 years later in 1996. This article created a huge kerfuffle regarding privacy rights and visitor tracking. Oh, what was Google’s message? “The EU General Data Protection Regulation (GDPR) replaces the 1995 EU Data Protection Directive. ” So the EU was, again, ahead of the game regarding online privacy.
Anyway, cookies are like this – the internet is like a giant farmers market. When you visit a new stand (website) you are given a loyalty card (cookie). The card has your identifying information (from your computer) and information about the stand (website) you’re visiting. So like “Bob Boberson visited the Broccoli Stand on January 1st” Like a punch pass for buy 6 coffees get a 7th coffee free – cookies track how many times you’ve visited their stand/website and what you were doing there. After a few years your loyalty card would say “here are the thousands of times you’ve come to the Broccoli Stand, what you bought and when, what you talked about with the shopkeeper.” Cookies are really similar to a Value Card from Krogers/City Market – it sees everything you have ever bought. This is great until Krogers publishes how many thousands of adult diapers, condoms or whipped cream you’ve bought.
This is the problem with some cookies is that some are completely readable to other websites. So with the farmers market analogy, each stand you visit gives you a cookie/loyalty card. Except instead of giving it to you to hold, they stick it onto your back. So you have all these things stuck onto your back like a kick me sign. “I visited a stand to deal with my watermelon sized-hemorrhoid ,” “I have embarrassing sexual preferences” “I pushed a baby over, once” “I’m having marital problems” “I completely identify as a squirrel and wish my name was Snuffles.” Any of these strange, messed up things (which are your rights to do/think) are just on your back and everyone can see them -except you.
Facebook is completely insane about these kick-me-sign cookies on your back. There is a little F facebook logo on just about every website. By being present on other websites they’re, in a way, part of that website. So Facebook gives you a cookie on every website you’ve ever been to (just about). Facebook has seen every news article you have ever read, any porn you’ve ever seen online, almost everything you’ve ever researched, every restaurant you’ve looked up, every trip you’ve ever planned, every recipe you’ve made. Facebook has seen everything. Every. Single. Thing. And you never posted any of it to Facebook, they just tracked you through every other website (the cookies stuck on your back). In this analogy the cookies aren’t just taped to your back, Facebook is a straight up stalker sitting on your shoulder writing down everything you’ve ever done.
Facebook just got in huge trouble for this, rightly so. They weren’t just looking at this stuff for fun, they were selling it. And yeah, Facebook (like freedom) isn’t free. By visiting this free website you’re “paying” for it with your private information. Not so free anymore? But they overstepped basic things, to tracking and sharing everything. If you think you have nothing to hide, that’s great. But this brings us back to online rights vs physical rights you have. Physically when you’re in public you have no right to privacy, but when you’re in your home you have a right to privacy. Even if you have nothing to hide at home, you don’t want your drapes open every second of every day. You still have doors that keep people out.
When you’re online you’re using your personal device (phone, laptop, ipad that you paid for) to look up your own private things. You’re paying for your own internet. But you’re not paying for the website (Google, Facebook, Yahoo). They need ads to exist – to pay people to make the website, to pay for physical servers where the internet lives, to pay for air conditioners to keep the internet comfortable. And to pay for a security team to keep it safe. This isn’t free. Everyone acknowledges the necessity of advertisements. But many websites take it too far, they’re not just paying their bills – they’re completely exploiting your whole life to understand you. This can be hacked, exploited, stolen or yeah, sold.
When you watch TV you get random ads designed for people who are probably watching that show. Watching kids shows- you get toy and cereal advertisements. Watching sports? you’l get shaving advertisements. Online, though, it sees you’ve been looking at hemorrhoid cream, vitamins, ice cream, and larger pants – and suddenly you’re getting diaper and baby name advertisements. That’s right – it knows. Is this fair? There isn’t an answer to this question.
Websites try to sell cookies as a fun personalized experience. That cookies “Provide you with the best possible experience [and] Show you content and ads that are relevant to you.” The ads on the side of roads, on radios or on TV are random. The ones you see online were literally chosen for you. This is promoting a consumer culture but also very nice of them – no one wants to watch a taxidermy advertisement when they don’t care about it. This is great because the website gets money and you didn’t have to pay for it. It’s a mutual relationship. So maybe it is all fair. GDPR won’t take this away, it just wants to make it more transparent. A mutual relationship, for once. And to stop another Facebook full-on-stalking from happening again.
By the way, was this passed because of Facebook’s debacle? Probably not, it has been under discussion for 4 years and was decided on officially in April 2016. Facebook’s situation really got into public view in March 2018.
In short, cookies and you are a very complicated relationship. Websites want to see they’re doing a good job, they need money, they want to make better content. But your privacy can be completely lost in the process.
So full disclosure, here it is. Here is what we learn from the cookies we hand out:
- Most of our audience is from the USA (but we have had traffic from 41 countries).
- We’ve had 593 unique people visit who looked at 1,569 posts (so on average every person who comes looks at 2 posts).
- Most of our traffic comes from search engines (Google) but some are coming from Facebook.
Our Internet Has Changed
The fee for not being GDPR compliant (and remember they only have to inform people on their rights, allow people to delete their own data, and protect your private information) is 20 million Euros or 4% of the company’s global revenue (whichever is higher). This is a steep fine but reasonable to keep some big companies (which bid your private information to the highest bidder) under control.
Some companies are just not doing it. So when we go to some websites they look like this now:
Tronc is a news agency that owns Chicago Tribune, the Los Angeles Times, The San Diego Union-Tribune, the New York Daily News, the Hartford Courant, the Orlando Sentinel, Ft. Lauderdale’s Sun-Sentinel, and The Baltimore Sun. They don’t want to comply so they’re just blocking everything to everyone in the EU. When we go to these sites we see “Unfortunately, our website is currently unavailable in most European countries.” then a bunch of nonsense about how great their journalism is and that they’ll look into “technical compliance solutions.”
There is a big debate if they’re just trying to be red blooded stubborn donkeys won’t let Europe tell them what to do or if they collect enough data (and sell it) that they couldn’t possibly comply with the GDPR. (See also, Facebook and Google getting hit with lawsuits and proposed fines on the FIRST DAY of GDPR with folks in the EU”seek[ing] to fine Facebook 3.9 billion and Google 3.7 billion euro. On the FIRST DAY).
That’s all the average person really needs to know. We’ll have to see what happens with non-compliance, how they can even enforce it, and if we’ll ever get our data out of Facebook’s clutches (probably not).
One thought on “Spain Sunday: GDPR”
Excellent post. I often wondered about the the cost an airline ticket increasing due to browsing alone. It’s astounding how quickly cookies are able to formulate an ad campaign!