May 26, 2018

GDPR: what actions must a blogger take immediately?

GDPR is making website owners, businesses and social media platforms jittery all over the world. But that is good for the World Wide Web and you, the internet user and the BLOGGER. It is good for businesses themselves. It is a bitter pill that was required since long but has been delivered only now.

A bit of concepts before we go to the practical aspects of this new regulation from blogger's point of view. If you are interested in jumping to the practical bit, click here.

What is GDPR?


GDPR stands for General Data Protection Regulation. It has been enforced by the European Union for protection of private data of individuals. It clarifies various aspects of personal data, privacy and consent required from individuals while using their personal data. In simple terms, it is a mechanism to regulate how personal data is collected and handled, so that it is not misused.

The regulation has come into force from 25th May 2018.

You can get a quick glance of GDPR provisions on the European Commission website at the given link. This link is for even greater details on data regulations from the horse's mouth.
 

Why are such strict data protection rules required? Is personal data that unsafe over internet?


The moment an individual enters any internet based system, his personal information keeps being seen and stored, much of it without his consent. Even with consent, which is sometimes made automatic (e.g. while logging in) and sometimes taken innocuously (e.g as part of surveys), the data once captured can then be stored, analyzed and used for different purposes. It is also sold to others who may use the data for unethical works. Many cases of data being leaked from highly reputed companies have also been reported in the recent past.

There was a crying need to have strict provisions relating to how people's data is dealt with by receivers of that data. It is good that EU, which had been working on it for last two years, has finally brought the regulation in the form GDPR.

Why is there panic and why are the companies outside EU worried?


Panic because the rules have been applied from 25th May, 2018 and many companies have not prepared themselves for it.

Panic also because whosoever serves the EU citizens through its website attracts the provisions. GDPR applies to entities within the EU region as well as to those located elsewhere but giving services to EU citizens. That covers all major global companies and a large majority of individuals having a presence on the internet. In the internet world, there are no national boundaries and thus there is a scramble the world over for compliance. In addition, other countries may follow suit and bring their own similar laws.

GDPR is exhaustive. It starts with collection of data, for which it mandates proactively giving information on use of data and active consent of the individual whose data is being received. Those in the business of collecting, storing and processing data are also required to inform citizens how the data is used in the hand of the data collector. It then applies to the controller and processor of data. The controller is a person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing of personal data, and the processor is a person, public authority, agency or other body which processes personal data on behalf of the controller. That covers all entities who receive, store, process and use data.

The penalties are strict for any data/ privacy breach. The maximum penalty for corporates is mind-boggling: 4% of their global turnover!

On the very first day of coming into force of GDPR, Facebook and Google have been slapped lawsuits of over 3.7 billion Euros each, though both have rolled out quite elaborate policies and clarifications in advance!

A number of big sites are reported to be unavailable in many European countries from the 25th May.

As a blogger, do I need to do anything about GDPR?


Blogger automatically serves information to EU visitors.
As a blogger, you might be collecting data in some deliberate and/ or unknown ways. Cookies, for example, are the small bit of code that websites leave on the user's browser and capture data. Cookies are not malicious code, and they help in some ways such as fast loading of a website the next time. But they do capture data.

Comment forms - either in-build or third-party form - usually ask for personal data. Same with contact forms.

Bloggers usually collect information such as name and email when letting people subscribe to their feed/ updates.

Bloggers often collect data through emailers such as MailChimp.

On many blogs, the blogger adds plugins for interactivity, serving ebooks, etc. The opt-in forms for using these facilities capture personal details.

Some blogs ask readers to log in before proceeding further or for premium offers.

Therefore as a blogger you need to be transparent and proactive about how you collect personal information and how you use it, and give that person a choice. An expert has suggested the following and I agree with that: If you do not directly deal with people in the EU, and yet might have people from that region visiting your blog or even clicking on your ads and even buying a thing by clicking on your blog's ads, you need not worry. First, be clean about your doings: never abuse others' data. If you do that, you are already complying with much of all that is required. Second, inform everybody about your privacy and data policies. Third, take consent whenever collecting data.

 

Actions bloggers should take

  • If you are in the EU, and you are actively collecting user data while selling a product or when someone subscribes to your blog, you must already have registered with the EU Commissioner. 
  • Even if you are not located inside the European Union, into e-commerce or specifically serving European population, follow the general provisions of data protection regulation. They will help you in the long run. You will also be seen as a responsible blogger.
  • Have a cookie policy. Have data-use policy.
These policies are nothing but declarations on how you collect data, what data you collect, how you use, store and share that data. It is better that you jot down all data that you are actively or passively collecting on the blog, and be transparent about it. Put it in a stand-alone page and refer visitors to this page through a popup and also when you ask someone to opt in for subscription in future.
  • Ask visitors (especially first-time visitors) to look at the cookies policy and other policies before proceeding further.
  • If you use an email marketer (AWeber, MailChimp, etc), be sure that they have added the necessary warning to the form. Most big ones have already done that. 
  • Send an email to all existing email subscribers giving them a choice whether they want to retain the subscription, change data or unsubscribe. Major email marketing agencies already have a subscription alert template customized for GDPR.
  • If you use Google AdSense, any affiliate marketing (e.g. Amazon, CJ) code or Google Analytics code on your website, these codes will be collecting user data. You need to be sure that necessary actions are taken by the code-serving agencies. If you find them deficient, contact them and make this declaration also in your own policy document.
  • Do not have auto opt-ins - e.g. for collecting data when a person clicks on your link for ebook and you allow him to download the ebook on his entering his email, without telling him that you are collecting the data and would use it later for sending emails to him.
  • It appears that the users of Blogger, Wordpress, LiveJournal and such other free blogging platforms need not bother if they have not used any third-party facility on the blog. It is assumed that all such big platforms show up the basic consent form and other information when their blogs are visited by people in the European Union. Some platforms do not allow any such activity but paid accounts of Wordpress and all Blogger accounts can apply additional codes (analytics, plugins, widgets, etc) and so should be careful.
  • Bloggers who have monetized the blog in any way need to ensure that they comply adequately with the provisions of GDPR.
  • If you use a plugin for capturing data on people, announce that and seek consent before you capture data through that plugin the next time. 
  • Do not collect data if not required. 
  • Do not have opt-in forms in which there is pre-ticked boxes for consent.
Finally, - unless you are into big business through the blog - don't worry too much because the regulation is mostly meant to check data misuse by big companies. At the same time, be clear and ethical about collecting and using others' personal data. It always helps to be transparent even if the law does not operate in your country.

Disclaimer: This is not a legal and legally-binding opinion but a general advisory on use of data according to GDPR.

May 23, 2018

Road to Taste: a well-maintained travel blog

Road to Taste
http://roadtotaste.com/

The blog is born out of our passion for travel and love for food. We, Saumya and Vishu, love sharing our travel stories with the world and inspire people to travel as much as possible. The experiences garnered by traveling are unmatched.

Recently Saumya went on a dream trip of Palace on Wheels organized by Ministry of Tourism. She was one of the 60 bloggers chosen from around the world and amongst the three from India. Definitely a proud moment for us!

While Saumya loves to capture the world through her lens and is the creative mastermind behind the blog, Vishu takes care of the technicalities and writing. Traveling and exploring places along with enjoying various cuisines is the crux of our work. While traveling takes the major portion of the blog, collaborations with brands and tourism boards also come along the way. We have worked with brands like Google, Accor Group of Hotels, Nikon, UBER, Huawei Honor, Incredible India, UP Tourism, Uttarakhand Tourism, Radisson Hotels and resorts, Milton and Orra Jewellery.


- Vishu and Saumya

May 15, 2018

Social media and blogging updates: offers by Facebook and Google, SEO

Facebook F8 Conference: increments, no blasts


In the latest annual conference, Facebook has announced some new features that will be available later this year on Facebook, Messenger, Instagram and Whatsapp. A peep into what is in store:
  • A feature to clear history from Facebook account, about information received from various websites and apps.
  • Camera to get new capabilities on Facebook, which includes turning pics into 3D.  
  • A dating feature on Facebook app, that would make it possible to date as on Tinder.
  • AR (augmented reality) effects on Instagram and Messenger.
  • AI enhancements and improved bot capabilities on Messenger 2.0.
  • Translation of messages on Messenger.
  • Video chatting feature on Instagram.
  • Group calling on Whatsapp, perhaps both - audio and video calling.
  

Google showcases its AI prowess, improvements across apps

Google also had its annual I/O Conference, focusing on new developments and software improvements. These include:
  • A more capable and human-like Google Assistant, accompanied by Duplex - which could call on your behalf!
  • New version of Android, Android P.
  • New features on Google News, Google Photos, Gmail and Google Maps.
    

Non-profit organizations now like to directly connect with the public, less through the media


A University of Kansas study finds that international non-profit organizations have shifted their use of channels of online communication and target audience over a decade.

While in 2007, for online communication with people, these organizations used their websites, followed by blogs, podcasts, videocasts and wikis, they now use their own site followed by social media. Within social media, Facebook comes first, followed by Twitter, blogs and Instagram.

The shift in the publics that they target is more pronounced. Earlier, the focus was on promoting the organization's image, fund-raising and the media, and now the focus is on reaching the general public, potential donors, existing donors and the media in that order. Reaching the media gets a low priority now.

The study covered 150 non-profit professionals in top international NGO organizations based in the US. 

More on the study can be seen here.

Twitter wants you to change password, but why?


Twitter has issued a cautionary advice on its blog, asking account holders to change their password because it has found a bug that logs passwords in the system before it is masked. 

Twitter says, it has not found anybody having misused the logs. Once it discovered the bug, it proactively deleted all such internal logs is plugging the loophole. It says, Out of an abundance of caution, we ask that you consider changing your password on all services where you’ve used this password.

Another proof that our data with tech biggie is not guaranteed to be in safe hands.

The blog post can be visited here.

Cambridge Analytica closes down


The controversial firm that is supposed to have used Facebook data for influencing voters in many countries, has closed down. Knowledgeable people are not sure whether it would not arise in a new avatar.

A takeaway from Hootsuite study: socialization helps SEO


A recent study has validated the impression that engaging, sharing on social media really helps in better search rankings, and it happens directly - not just because more links get distributed through social accounts.

The researchers have also some advice for publishers and marketers. They say, quality of content and backlinks matters as much as their numbers. And paid promotion really helps SEO.
Yes, social can help with SEO. But that shouldn’t give you a free pass to over-post and spam people’s feeds. If you do that, you risk annoying followers. And then they might ignore your posts, or worse, stop following you entirely.
Quality of posts—not quantity—is key. Yes, regular posting is important, but if you’re not offering your audience value there’s no point.
Remember, it might only take one new backlink to significantly improve the search rank of a URL (depending on how competitive the keyword is and how authoritative the site is that links to your own). If you impress the right person enough to share your content on their website, you’ll see a boost in search rank and search visibility.
Social marketers should also take note of the implications of paid promotion on SEO. Indeed, our findings show that paid promotion has nearly double the SEO benefit of organic promotion.
SEO should be thoughtfully integrated into your broader social marketing strategy, but it should not be the driving force. If you focus on creating and sharing quality content, you’ll be in good shape. Quality is, after all, the number one ranking factor in Google.