GDPR and Personal Weblogs

Frank Meeuwsen writes about the upcoming European GDPR and how its provisions might apply to personal websites (in Dutch). While he concludes that the GDPR does not apply to sites like his, he suggests that the spirit of the GDPR is something to aspire to, regardless (auto-translated):

Nevertheless, I do not think it’s a bad idea to give more clarity and transparency [to] what I store on my site and for what reason. Starting with the statistics.

This is something I’ve been thinking a lot about as well. Over recent years I’ve taken steps to evermore completely remove any tracking or data gathering from this site, removing third-party JavaScript, removing Google Analytics, turning off all advertising, changing my webserver logs to remove IP address logging. So much of what I was previously gathering, much of it simply “on by default,” technically or by convention, was of no use to me, so I’ve suffered no ill from these changes.

In the same spirit of codifying transparency that Frank demonstrates in his post, I’ve been working away at a Privacy Policy for this site. It’s a work in progress, and I’m trying to balance completeness with readability (and, for the moment, completeness is winning).

(I’d completely forgotten that Frank posted videos of the Reboot conference Pecha Kucha sessions back in 2006, including my own. Apparently I’ve been interested in public data for a very long time.)