Reader's Corner No. 71: Your Phone is Listening to You, Google Maps Renames Neighborhoods, and Steps for Web GDPR Compliance

August 21, 2018

The team has contributed some fantastic articles today! Our first share is an eye-opening account of how one VICE writer determined that companies are in fact "listening in" to our spoken conversations via the microphone on our mobile phones. Next up is some intriguing evidence that Google may be running an unintended monopoly in relation to the naming rationale behind various cities and districts around the world. Lastly, our Project Manager Michael has provided a concise summary and relevant article on prepping your website for GDPR compliance.


Your Phone Is Listening and it's Not Paranoia

Hunter Kenny

Source: VICE

Takeaway: I always understood that just about everything that is typed, or messaged, or searched for on a mobile phone is monitored by someone or something, and will yield relevant, targeted advertisements at some point in the future. That being said, a strange thing happened the other day. I was explaining the ins and outs of the North Carolina State Fair (out loud) to my foreign friend. I detailed my favorite State Fair activities and described it's general atmosphere. I had Pandora Radio playing that day on a loudspeaker (the unpaid version), so of course there were various audio advertisements sprinkled throughout the song queue. As annoying as ads are, I have mostly trained myself to ignore them on Pandora. Yet later that day, an ad came on, loudly stating that the NC State Fair was coming up soon and that the first round of pre-sale tickets were available. I had never typed anything about the State Fair on my computer or mobile phone before hearing that advertisement. I remember having a conversation thereafter about how that was strange and my friend said jokingly that large companies are tapping into our phone microphones. The next day this Vice article appeared on my Facebook timeline as a suggested article. Coincidence? I think not!

Tags: #Privacy, #Mobile


As Google Maps Renames Neighborhoods, Residents Fume

David Gouch

Source: The New York Times

Takeaway: Attempting to translate the world’s information from analog to digital can oftentimes lose important aspects in the process. If there’s a field on a form, then it needs a single answer, after all. Things like nuances or “it depends whom you ask” aren’t going to cut it. When you combine the digitization process with increasing reliance on digital databases as the truth, then you are on the way to creating a new position of power.

Tags: #Databases, #Google


Practical Steps for Website GDPR Compliance

Michael Nicholson

Source: GoDaddy Blog

Takeaway: The GDPR is complicated legislation that impacts all handling of data for EU 'data subjects.' Data collected through websites is certainly included here, and GoDaddy lists 'Five Practical Steps' for compliance:

1) Fine-tune your privacy policy. Your privacy policy needs to extend beyond what YOU do with the data collected by your website; it needs to include how third-party services (plugins, for instance) use and store data as well. As that can change over time, DesignHammer has been using a service through iubenda to create constantly updated privacy policies for our site.

2) Obtain clear consent to use cookies. You've certainly seen the banners talking about cookies; cookies are small pieces of data that the site uses to identify your browser and remember who you are, your preferences, and your history on the site. Again, DesignHammer has been using a tool through iubenda which provides the cookie policy, the banner, and script blocking until consent is given.

3) Ensure your plugins (and third-party services) comply with the GDPR. Major plugins and third-party services (such as Yoast! and Google Analytics) are GDPR compliant. If you use custom plugins or less common contributed plugins/modules/services, you need to make sure that either the services themselves are GDPR compliant, or that you are obtaining sufficient legal basis for additional data collection and processing for those services in your privacy policy.

4) Limit the data you collect and store via form submissions. Every site has a contact form, right? Well, many of those form systems store the submission in your site database. There's nothing inherently wrong with that, but if you're also emailing the submission (which is very common), what are you gaining by storing those form submissions? If they were to get compromised, that's a lot of potential clients to notify! At DesignHammer we are implementing a system that will automatically remove form submissions after a period of time. That being said, if all you need is the email submission, you may choose not to store form submissions in the database at all!

5) Clean up your mailing lists. Mailing lists can be complicated. Again, the GDPR standard is that you need a legal basis for storing the necessary data for a mailing list. The least ambiguous legal basis is consent. As such, double opt-in mailing lists are recommended (after sign up on the site, an email is sent to the email address to finalize the mailing list signup). Specifically, if you've purchased mailing lists or addresses from another service, it's very unlikely that those are GDPR compliant.

Finally, the article discusses three of the Individual Data Rights:

1) Right to access/portability: If someone requests their user data, you have to be able to give it to them in a format they can move somewhere else.

2) Right to be forgotten: If someone requests that you delete their personal data, you must comply. This includes their account, data collected by the site, and/or content created by the user (including comments or forum posts).

3) Privacy by design: Your website design and implementation should all support privacy. This means server file system configuration, access control, and https:// use (which is also important for SEO these days!).

Tags: #GDPR, #Privacy


Concerned about privacy on the web? We'd love to talk about it.


Add new comment