To Have a Personal Blog


There are many benefits to have a personal blog. However, it may not be so straightforward for many as for how to have a personal blog. Therefore, let me introduce you some basic information about it.

There are in general the following several categories of personal blogs.

  1. Blogging on managed blog platforms such as WordPress.com, Medium, and 微信公众平台 (Weixin Media Platform; Mainly for Chinese)
  2. Blogging on managed blogs on web hosting platforms such as the GoDaddy WordPress Hosting or more general web hosting platforms which provides WordPress alike applications as managed applications
  3. Blogging on blogs you constructed on your own VPSs (DIY)

The difficult growth from 1 to 3. For most people, only option 1 is do-able; but for many people, with some efforts, option 2 is also applicable. Option 1 is so easy that it’s not worth describing and option 3 is so complicated that it’s not easy to describe. Therefore, I will only elaborate option two. And in order to keep this post as an overview, setting up a personal blog in the means of option 2 is given in a separate post at [To Do: To Have a Personal Blog on netcup Webhosting].

GDPR

Use case: To avoid possible fines because the websites are (accessible/running/…) in Europe.

GDPR represents the more and more requirements and awareness of privacy. GDPR is not the only law which requires website owners to put more efforts on making websites. Unfortunately, this is not an easy task and it must be satisfied to avoid legal troubles.

There are lazy options, such as installing some cookie banner plugins. However, usually, for the majority cases, installing and showing cookie banner doesn’t do all the necessary things, i.e., showing cookie banners with buttons which tell some options but not really implemented the functionalities as told underneath doesn’t really make the website compliant. (It is kind of like I collected your cookie preference but I just ignore your preference because I didn’t implement the needed options – because banners are just tools to collect preferences but cannot change how the website and other plugins use cookies; could be easily be just a tool that didn’t do the things the site owners suppose it can do) The cookie usage must be handled in program code level – which is sadly not so easy and requires a lot of efforts.

Since I am using WordPress and this post is also a result of my effort to make my WordPress GDPR compliant, the following text only mainly cover how to have a GDPR compliant WordPress personal blog.

WordPress

WordPress is the most popular blog platform.

There are some basic information about WordPress.

  • The pre-installed plugin „Akismet Anti-Spam“ needs an account which is only free for non-commercial WordPress blogs. (Non-commercial requires: no ads, no selling products or services, no promoting a business and so on)
  • The from Automatic plugin „Jetpack – Sicherheit, Backups, Geschwindigkeit und Wachstum für WordPress“ also needs an account to activate

WordPress and GDPR

Fortunately, WordPress is so popularly adopted and it has fairly good support to be GDPR compliant.

Quotes

The following are some quotes I find reasonable and useful.

SOURCE: https://wordpress.com/support/your-site-and-the-gdpr/, Your WordPress.com Site and the GDPR

  • My Remark
    • WordPress.com is not the WordPress we manage by ourselves but a commercial blogging platform.
    • WordPress.com is run by the company which makes the open source WordPress which can be deployed by ourselves or our web hosting provides
    • The company which runs WordPress.com is called Automattic
  • Some of the steps you can take as a site owner are to:
    • Publish a Privacy Policy
      • https://automattic.com/privacy-notice/
      • https://automattic.com/cookies/
      • welcome to use ours as a template
      • release our Privacy Policy under a Creative Commons Sharealike license, which means you’re more than welcome to copy it, adapt it, and repurpose it for your own use
    • Provide a way for Your Site’s Visitors to Access/Delete their Data
      • One of the GDPR requirements for site owners, is that you tell people what personal data you have collected about them when they ask, and that you delete that data upon request.
    • Enable the Cookies & Consent Widget
      • https://wordpress.com/support/widgets/cookie-widget/
    • Only Install Third Party Plugins That are GDPR Ready
    • Get Permission before Sharing the Personal Data of your Site’s Visitors
  • I Heard that to be GDPR Compliant I Need to…
    • people who voluntarily chose to subscribe to your site … asked to be emailed with your site’s updates, so they have already consented to your emails
    • You likely don’t need to add a checkbox like this to your comment or contact forms.
    • A common misconception is that it’s not permissible to collect personal data like IP addresses
      • this is allowed as long as safeguards are in place to honor key rights established by GDPR
      • Chief among these are transparency about the data your site collects or transfers, which is what your site’s Privacy Policy is for, and choice and control over a the data’s use, which you offer to your users by honoring their deletion and access requests
    • EU law related to the proper handling of data being transferred elsewhere
    • The privacy features added to core WordPress help site owners publish a privacy policy, honor access/deletion requests from their site visitors, and gain consent for the data their site is collecting.
      • it’s possible an installed plugins will utilize the core privacy tools to manage compliance

SOURCE: https://wordpress.org/support/article/wordpress-privacy/, WordPress Privacy

  • My Remark
    • WordPress.org is the WordPress that we manage by ourselves.
  • User Privacy and your WordPress site
    • may be required to display a privacy policy disclosing your collection and sharing of personal data
      • Personal data includes things like your users’ name, email, birthdate, phone number, IP address and other data that can be used to identify them
    • may also be required to provide your users with the means to request a copy of the information you hold about them, or request its deletion
    • WordPress now includes several simple tools for site administrators … to inform users through a transparent privacy notice about data that is collected on your site
      • What data you collect about them,
      • Why and how you collect data,
      • And what you do with that data (including with whom who you might share that data).
  • Privacy Settings
    • This tool will create a dedicated page (or adapt an existing one) and provide prompts and headers to kickstart the process.
    • Site administrators can create this page by going to Settings > Privacy, where the Privacy Policy page setting is managed.
    • The prompts and headers provided in the tool by default are based on the expectations of Europe’s GDPR as a leading privacy standard.
  • Privacy Policy Editing Helper
    • The Editing Helper Drawing information from both WordPress core and a site’s themes and plugins pulls together a collected set of default texts which detail a site’s data collection and sharing, generating a starter text which you can use to complete your privacy policy.
    • This tool ONLY collects policy help texts from WordPress and participating plugins. 
      • Many sites will also embed third-party tools (such as email subscription services) which collect data in ways the the Editing Helper tool cannot detect, so the default template may not completely describe how your site might collect data about its user.
  • Export Personal Data tool
    • this tool by clicking on Tools > Export Personal Data exports in captured elsewhere
      • different from the Tools > Export tool which creates an archive file of posts, pages, or media
      • Following manual approval, it allows you to generate a (.zipformat) file containing the personal data which exists about a user within your WordPress site
    • As this tool ONLY gathers data from WordPress and participating plugins, you may need to go beyond to comply with export requests.
      • While this tool’s scope covers much of the scope of WordPress user data, it likely does not include information that may be collected by your site using a third-party service, such as an analytics provider, newsletter subscription service, ad affiliate partner or embedded media.
  • Erase Personal Data tool
    • this feature under Tools > Erase Personal Data in
      • Deleted data is permanently removed from the database.
      • As this tool ONLY gathers data from WordPress and participating plugins, you may need to go beyond to comply with erasure requests. 
      • When erasing user data, this tool does not automatically delete registered users and their profile data. 
    • A site administrator is not obliged to delete data that they may be required to keep for other legal or statutory reasons.
  • Consent of data collected
    • While WordPress.org does not yet have consent tools built, there are various plugins available (tag:gdpr) to help in collecting consent to be compliant with the May 2018 GDPR compliance deadline.
      • In addition, WordPress Core intends to add additional tools for WordPress theme and plugin developers for consent management in WordPress Sites.
      • Some plugins, especially in the case of forms and email subscription services, suggest that you add a “required” consent field that says something like “I consent to my submitted data being collected and stored” if this is a requirement for your website.
  • Various notes:
    • “how-to-use” example: https://woocommerce.wordpress.com/2018/05/04/woocommerce-3-4-gdpr-features/
    • links
      • https://wordpress.org/plugins/tags/gdpr
      • https://wordpress.org/plugins/gdpr/

My Steps

  1. Read the guide (Einstellungen › Datenschutz > Einstellungen) at /wp-admin/options-privacy.php
  2. Read the guide (Einstellungen › Datenschutz > Richtlinien-Leitfaden; Anleitung zur Datenschutzerklärung) at /wp-admin/options-privacy.php?tab=policyguide
  3. Edit the Privacy Policy page at /wp-admin/post.php?post=3&action=edit
  4. Find, install and configure a proper cookie management plugin (This step could be very time consuming – in order to find a proper and satisfying plugin – but necessary to do.)


Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht.