Published

Some long-winded thoughts on privacy policies and consent popups

This Q&A is compiled from conversations I have had with many, many clients and collaborators who have had a hard time navigating things like the GDPR, privacy policies, cookie notices, consent messaging, and other related topics.

Here are all the questions covered below:

Read more

Published

Switching from Google Analytics to Matomo (f.k.a. Piwik) on WordPress

It’s a new decade, time to leave Google Analytics.

A big part of me wants to say screw it, just get rid of analytics altogether. But I find it interesting. I’ve never used it to decide what to write, and I don’t think I ever will, but it’s just fascinating to find out what makes the rounds. I’ll never know why a short post about repairing my mom’s straw bag was my most popular post for years, but I’m glad to know a lot of people checked it out.

So I decided to keep my Google Analytics property in place and just locked it down as much as I could. I adjusted the script to respect users’ Do Not Track browser settings (Paul Fawkesley has a short article about how to do this). I also configured Google Analytics to anonymise IP addresses, and I deliberately disabled Data Collection for Advertising Features, Demographics and Interest Reports, User-ID, and all data-sharing settings. I also set a low data retention policy to make sure old data would get deleted.

None of this changed the fact that I was still sharing data with Google.

Read more

Published

I’m on the bandwagon

Just published a privacy policy. The styles don’t really support multi-level headings right now, that will have to come later.

It’s probably overkill to have such a long privacy policy for a personal website, but it felt like a useful exercise. I like the fact that an essential part of GDPR is that these policies have to be readable and easy to understand. That makes them both a policy and an educational opportunity. A lot of people don’t really know why they need to be careful with their data or how to do that and honestly, that’s fair enough. Data privacy has been under-appreciated for a long time. If we talk about it enough though, and be patient with one another, that can improve.

There are downsides to the GDPR hullabaloo though… so many people are applying quick, artificial fixes. Pop-ups, spammy-looking emails saying “please re-register!” that themselves feel like spam… It all feels a little web 1.0 at the moment. There’s a real fine line between being considerate and useful vs being shouty and in the way of day-to-day life on the web. There’s no quick fix really, it takes time and care to look long and hard at this stuff.