In this article we are not discussing on what is GDPR or DSGVO. You can get more information by visiting (& reading) euggdpr.org website & GDPR Wiki Page.
In a nutshell, the GDPR is designed to unify data protection rules across Europe and set out compliance obligations for the movement of data within the EU and between EU member states and their global partners. Essentially, it aims to improve the handling and storage of personal data and keep it safe from misuse.
Disclosure: We are not lawyers or involve with the legal industry. We do not work with Google or Blogger platform. Our blog(s) is not operated within EU countries/members. What we are sharing here is what we believe or we have understood on the discussed topic.
Since that blogs on Blogger platform can be accessed anywhere around the world, when data is collected for example via Blogger comments sign-ins, contact form or even a blog's email subscription, your blog must comply to this GDPR ruling which protects EU residents.
Million dollar question -- Does your blog(s) on Blogger complies with GDPR?
Quick answer: Yes & No -- based on our limited understanding.
Here are the 2 main factors Blogger user needs to understand clearly:-
- You, the blog owner(s)/operator(s) is categorized as "data controller" by GDPR - an individual/organisation that collects data from EU residents.
- Google via Blogger platform is categorized as "data processors" by GDPR -- an organisation that processes the data from EU residents on behalf of "data controllers".
"data controllers" and "data processors" as an organisations, must comply to these GDPR enforcements by EU.
As "data controllers" -- data collected, processed & kept by Google via Blogger platform -- Google have made the necessary updates in respecting these new regulation changes: https://www.google.com/policies/privacy/
Read more on how Google uses data when you use Google partners' sites or applications: https://www.google.com/intl/en/policies/privacy/partners/
However, Blogger blog owners needs to further identify to what extent the liabilities that comes as "data controller" when data is passed/collected via their Blogger blog pages.
Notify Your EU Readers -- Make it Clear & Transparent!
To start, make sure your blog users from EU could identify clearly -- who is doing what & when -- with personal data submitted via forms at your Blogger blog pages.
Make it clear to your EU users how data is passed, processed & stored. Adding a clear notification at submission forms may help slimming down the chances IF violating GDPR regulation.
You can view how our sister blog is using the AMP Notification component to display a clear notification notifying users how personal data is processed when commenting is involved: https://blog.irsah.com/2018/03/facebook-published-comments-disappears.html#HTML99
One thing we are not clear is on the opt-in option requirement -- to display & stored by "data controllers" and/or "data processors" if personal data is submitted via forms -- which shows that EU users have agreed & understood on how personal data is processed & kept before attempting further actions.
We have narrowed down several workarounds & options to extend existing Blogger forms functionality to allow some kind of notification sent via forms to display this opt-ins agreement, IF however Blogger platform does not provide one.
Stay tune for further updates here at our blog or at our sister's blog for more easy to install & use Blogger plugins to help Blogger blog users to comply with this GDPR update.
So what do you think? Any other suggestions to comply with this new regulations by EU for Blogger blogs?
Leave a comment below as Facebook, Disqus & Google+ comments system have completed (or in the process) updates to comply with GDPR. Read in full on our commenting system GDPR compliance here.