aka Data Protection BS.
Article 12 of the EU Data Protection Regulation (DSGVO) requires that I explain to you “in a precise, transparent, understandable and easily accessible form[and] in clear and simple language” what is happening here on this website. Since I cannot assume that you have studied computer science, law or rocket engineering for five years, I should therefore write plain text here. I’d be happy to.
This website is officially hosted by “my” company. This company has outsourced hosting to a European hosting provider. I privately have not (yet) concluded a written order processing contract with my own company for this domain[ditze.net], but I have assured myself orally internally that I will always treat my (private) hosting data very conscientiously.
§2 Google Analytics and other Tracking
This website uses Google Analytics and also the standard wordpress statistics. Oh my god! Your access to this website will certainly also be stored in the USA. And it gets even worse: I haven’t signed an order processing contract with Google either. Why? The Google Standard Contract has 18 pages, must be sent to Ireland in duplicate and suggests that I send my other comments on the contract by post to London. Here you can read the contract. And it gets even better: if I interpreted the letters of the basic data protection regulation literally, e.g. Article 28 para. 3 (h), I would have to personally visit my contractors from time to time and check whether they were doing all this correctly. So quite practical: I drive to the Google data center, ring the bell at the gate and then say: “Hello, here is your client, the Ditze from Mellnau. I wanted to see if you were doing everything right.” All right?!
§3 More Plugins
You haven’t had enough? Okay, then. Let’s go. This website uses some plugins. These plugins do a lot: a few speed up the website, another one provides nice looks, footnotes, social sharing buttons, email alerts, photo gallery or especially nice sitemaps, which lead to the fact that you could find this website at all. Anyway, almost every one of these plugins sends your IP address at the long end to the servers that are needed so that you can see a nice website here. Do I have an order processing contract with each of these plugin providers? Well, what do you think? I’ll tell you about it: No! And why is that? Because this is also complete nonsense. Or do you seriously want to suggest to me that I should really get started on my private, self-paying and completely ad-free website, which I equip with a lot of love in my free time, and conclude an extensive order processing contract for every plugin I want to use here? Let me tell you something: if you don’t want my website to pass on your IP address, then just don’t come here.
§4 Contacting me
Now to contact me: If you send me an e-mail, you have to live with the fact that I receive data from you. I will then see your e-mail address, possibly also your IP address, and if I try really hard and evaluate the X header of your e-mail manually, I may even be able to see the name of the computer from which you wrote the message. This is not magic or hacking, but an Internet standard. If you can read it, you can access this data. This is due to technical reasons – and has been so for many years. If you send me your data without being asked, you can assume that I protect your e-mail just as well or badly as all my other e-mails. If at any time you think that I should delete the unsolicited e-mail you sent me, you may politely ask me to do so – but I promise nothing. Again, if you can’t live with it, please don’t send me an e-mail.
Let’s get on with this: Topic Blogposts. You are welcome to comment on individual messages here. But once again, the same applies here: You must assume that some data about you will be collected. The IP address, the name and the e-mail address. After all: with the name and the mail address you can work with pseudonyms – or simply lie, that is okay for me. It gets a bit harder with the IP address – but hey, if it’s too private for you, use TOR or a proxy. Once again: Love it or leave it.
§7 Formal Warnings
Before warning me about any missing, incomplete or insufficiently pervaded aspects of the DSGVO, please take into account the words of the EU Commissioner for Justice responsible for introducing the regulation Věra Jourová. In an interview with DIE ZEIT, she said literally: “It’s all about common sense and proportionality. If someone writes you an e-mail and allows you to use his data, it is clear that he gives his consent. In addition, the data protection officers not only sanction, but also advise. My prognosis is that the authorities will focus on those providers that can cause the most damage, that process the most data.”
Beyond that I refer here also gladly to a statement of the German “father” of the DSGVO, Jan Philipp Albrecht. He writes literally in his blog: “What won’t happen, however, is that […] the supervisory authorities and some warning lawyers will suddenly take a completely different course to all the small businesses, individual entrepreneurs, clubs and bloggers. You may assume that I will report to both actors in case of a warning.