We’re rolling out updates to our privacy features and policies in the coming weeks. You’ll have more control over your personal information and more detail on what information we keep and what we do with it. The updates will also make sure we comply with new privacy laws, and will help you do the same for your own website or store.
The above blog post is WordPress.com’s site owners first look at what Automattic, WordPress.com’s parent company, is doing to help site owners comply with the General Data Protection Regulation coming into effect on May 25. If you haven’t seen it yet, please read it in its entirety.
If you are a site owner here, besides the WordPress.com Blog post, you’ll want to read the Automattic Privacy FAQ, particularly the section for site owners, as well as the information on Jetpack regarding commenting. On top of that, there’s also now a privacy.blog where further updates will be posted.
When It Rains…
While Staff have been providing some helpful pointers in the forums, the phrase most often repeated there is that they cannot give users legal advice specific to their site because they are not our lawyers. And that, as irritating or disappointing as it may be, is correct.
Do You Need A DPA?
It was also mentioned in the WordPress.com blog post that users with a paid upgrade that require a Data Processing Agreement (DPA) can request one. I admit I’m confused about this point because I understood that every WordPress.com site owner requires such an agreement with Automattic to process data for EU individuals on our behalf. Am I wrong? Does the fact that I’m running a site without a paid upgrade make any difference as far as the GDPR is concerned? On the MailChimp site they’ve conveniently provided a sample of their DPA saying,
From Statement to Policy
Concerning the stats collected on this site, there have also been updates to both Google’s Privacy Statement and changes happening on Clicky, which at one point considered shutting down due to the cost of bringing their service into compliance. As far as I can tell the biggest impact the GDPR is going to have for website owners is on visitor statistics and tracking. Depending on your point of view, that may be a good thing or bad thing.
In the end, we’ll all eventually benefit from these changes in privacy and data rights. I just hope we casual blog and website owners manage to maintain our sanity getting there.