Submitted by John Locke on

Owning a website in 2025 is not as freeform a thing as it was a couple decades ago. Much like the owner of a store or an amusement park ride has to pay some attention to safety hazards, now site owners can't simply neglect caring for the privacy of their visitors. If they do choose to neglect privacy concerns, they can be quickly driven out of business by fines under various privacy legislation, which can amount to thousands of dollars per site visitor!

This all started with the European Union General Data Protection Regulation (GDPR) going into effect in 2018 -- but that was just the start. Now 20 of the 50 US states have privacy legislation, with widely varying rules for site owners. Run afoul of these rules and you might get fined $2500 per state resident that visits your site from California, $7500 from Virginia, $20,000 from Colorado!

A good privacy policy is generally all most businesses need to avoid this kind of penalty.

I had a great discussion with Hans Skillrud of Termagaddon about what site owners need to know about privacy policies. Some key excerpts are here:

 

... you can watch the full video on YouTube at https://youtu.be/DCsZWqILLN0 .

Respecting your visitors, customers, users

Respect is what it's all about. Treating people how you want to be treated. Privacy is an issue where we're all on both sides -- we want to keep our private details private, but often we need to know private details about others to do business with them.

As a business, how can you respect the privacy of your visitors, and customers, while still getting data you need?

At Freelock, we think the answer is, use small, responsible services that share these values instead of large dominating companies that trample privacy.

Google Analytics is a prime example here. The more sites use the same analytics service, the more ability that service has to track users across the web.

This is one of the main reasons we self-host so much of what we use -- we're not sharing our data with everyone. (Take a look at our Cookie Consent in the privacy widget for details, and our own Privacy Policy -- we're far from perfect but we're constantly getting better).

Here are some ways to reduce using services that might track your users:

  • Download webfonts and serve them from your site, instead of using a hosted CDN for fonts
  • Use self-hosted analytics like Matomo (which we include with our Protection Plan) instead of Google Analytics
  • Use Webforms on your own site instead of Google sheets, or 3rd party survey services
  • Make sure your site, and your IT systems, are properly secured and not leaking private details to the world.

What you do with user data

There's a huge range of what businesses think is acceptable behavior when it comes to user data. There are entire industries of data brokers, buying and selling databases of contact information from the scummy right up to the credit bureaus most of us rely upon for access to credit.

The privacy legislation out there is mostly focused on disclosure -- making sure you are clearly told how a business is using your data before they use it. As a business, it's fairly straightforward to put together this disclosure into a privacy policy -- but it's a bit appalling how this has lead to the proliferation of legalese that's meant to obscure what they're doing instead of making it clear. The EULAs of Despair site proposes using "Tolstoys" to measure the length of terms of service agreements from various companies, a Tolstoy being the length of Leo Tolstoy's War and Peace, at 587,287 words. Amazon and Apple are just over 1 Tolstoy. Discord is over 5. Snapchat is over 17. If I asked my teenager to read all the Snapchat EULAs before using it, she might be applying for retirement before finishing!

Even small businesses have a range of ethics here. This is something you have control over -- you can choose to do business with other companies that take responsibility for communicating clearly why they collect data and what they do with it. Just to do that does could take a couple dozen pages, easily, if they don't want to run afoul of local legislation -- but if it's approaching a Tolstoy, perhaps they are trying to hide what they are doing, because it's not what anyone actually wants or would accept if they were clear about it.

There's a deeper ethic here. So much of the tech world seems built on Venture Capital, funding that demands companies corner the market in whatever they're doing, and often to get there they are taking from the commons. I think there's a lot of us in the middle that just plain don't like that model, who prefer getting compensated for delivering value instead of getting big fast and cornering some market by regurgitating stuff they scraped for free.

 

For more on privacy, read about the Privacy Big Picture, or the Privacy Dilemma. And if you need a Privacy Tune-up with a privacy policy from Termageddon and a cookie consent solution, we're running a special until the end of January.

 

Drupal Planet
GDPR
Google Analytics
privacy
Video
Website Maintenance Services
Website management
Privacy

Add new comment

The content of this field is kept private and will not be shown publicly.
About text formats

Filtered HTML

  • Web page addresses and email addresses turn into links automatically.
  • Allowed HTML tags: <a href hreflang> <em> <strong> <blockquote cite> <cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h1> <h2 id> <h3 id> <h4 id> <h5 id> <p> <br> <img src alt height width>
  • Lines and paragraphs break automatically.