This General Data Protection Regulation (GDPR) thing?

I’ve copied/pasted (with link! b/c I’m cool like that) some info about whatever this GDPR thing is below my meanderings here.  While the whole thing is a bit confusing to me (the concept I get; what I’m supposed to do about it on a free 2-bit WP account, not so much), I can tell y’all that since I don’t sell/advertise anything and since this is a free, generic WordPress account, I don’t actually have access to crap like “where you live” (Idgaf, just hope you’re warm/cool, dry, and safe) and “how many times a day you go pee” (that would be creepy as fuck, also, Idgaf just so long as your kidneys are all ok and shit), so…?

I do know it’s easy (or at least SHOULD be easy) to unfollow/unsubscribe to my blog (and if you do go all bye-bye, I’ll wave and hope y’all come back soon, just bring coffee when/if ya do), so, um, unsubscribe if you want?  I don’t keep what information you guys *have* volunteered like email address so that my oh-so-frequent post notifications flood your addy  (what would I do with it, ghost-blog your ass?), so…um… <insert something witty here>…

Anyway, here’s this from Clicky Link Thing that on Twitter linked to in their reply to questions about whether or not bloggers had to bother about this whole GDPR thing (and no, I did not read all this crap…I have a life to live, coffee to drink, and foes to piss off – read it if you want, though):

Automattic and the General Data Protection Regulation (GDPR)

Europe’s General Data Protection Regulation (aka GDPR) is a new and far-reaching privacy regulation that takes effect May 2018.

This FAQ provides information about the law and how we are implementing the GDPR’s important principles for Automattic’s products and services, including

We are adding features to enhance user choice and bring more transparency to our practices around the collection, storage, and use of your data. We expect that Automattic products and services will be in compliance with GDPR requirements when the law goes into effect on May 25, 2018.

We’re also providing additional tools and information to help users of our services take the steps needed to comply with the law, if necessary.

Below you will find a list of common questions we have gotten about GDPR and our answers to those questions.

General Questions

>> What is the GDPR?

The GDPR, among other things, requires companies and site owners to be transparent about how they collect, use and share personal data. It also gives individuals more access and more choice when it comes to how their own personal data is collected, used, and shared.

You can read the full text of the law here. We also found these resources helpful in understanding the principles and specific requirements of the law:

>> When does the GDPR take effect?

The law goes into effect on May 25, 2018.

>> Who does the GDPR apply to?

The GDPR is a European law that grants personal data rights to individuals in the European Union. However, its requirements apply to all sites and online businesses who collect, store, and process personal data about individuals in the EU.

>> How can I get in touch with you with a GDPR related request?

You can contact us through any of the following channels:

Questions About Your Rights As A User of our Services

>> What rights does the GDPR give me?

The GDPR gives EU individuals rights to their personal data. There are some exceptions/exemptions to the rights granted by the GDPR, but in general it includes rights to:

  • request access to the data we store about you
  • request updates/changes to your personal data
  • request the deletion of your personal data
  • take your personal data to a new service
  • request we limit our collection and use of your personal data (e.g., opt out of being tracked by our first party analytics tool)

Although GDPR is a law that only applies within the European Union, we are offering tools to manage your personal data to all of our users.

Additionally, you can expect that we as a company will work to protect the privacy of your personal data, will only collect the data when we have a reason to do so, and will delete your personal data once we no longer have a need for it.

>> How do I request access to my personal data? How do I request changes to it?

If you’d like to know what personal data we have stored about you, please contact us with your request. If upon reviewing that data you need to request changes to it, please let us know and we will work with you to make the necessary corrections.

>> How do I take my data to a new service?

Your site is yours and your content belongs to you. We hope you find our services and products useful, but if you are currently hosted with us and have decided to move elsewhere, we provide you with the tools you need to easily move your site without any extra charges from us. If your site is self-hosted, you can work with your hosting company to move your site.

>> How do I delete my personal data?

Although we’d be very sad to see you go, starting on May 25, 2018, you’ll be able to close your account. Please check this page then for more information.

>> How do I opt out of being tracked when I use Automattic’s services?

We’ll offer an opt-out from our first party analytics tool for users. We are still working to finalize this process for our products. We will update the information here, and in our documentation, with more details about how these processes work once they are ready.

>> How else are you protecting my privacy and my personal data?

User privacy is critically important to us at Automattic. Our privacy principles align with many of the GDPR principles, and we built our products and services with those principles in mind.

  • Control of Your Content. We aim to give you as much control as possible over who can see your content. For example, the Privacy Settings give you choices to make your site public, private, or hidden from search engines, and Page Visibility gives you options about who can see specific pages on your site.
  • Strict Guidelines on Providing User Information to Governments. We understand that safeguarding our users’ private information is a vital aspect of the trust our users place in our services to keep them safe, and in some cases, anonymous. Our Legal Guidelines describe when we will disclose user information in response to requests from law enforcement or from complainants in civil litigation. (And we have a reputation for challenging overbroad requestsーfor example, we successfully argued to lift non-disclosure orders on National Security Letters from the U.S. government that prohibited us from revealing information about those requests to our users).
  • Your Security is Our Priority. While no online service can ever be 100% secure, we work very hard to protect your information from unauthorized access. We support and promote encryption of user data and we encrypt all traffic (serve over SSL) for all sites, by default. You can read more about our security features and Jetpack Security Features. We also offer and *highly encourage* you to use our advanced security settings, like Two Step Authentication for your account, to help protect your account and your data.

Questions About Your Responsibilities as a Site Owner

>> What Tools Do You Offer to Help Me Comply with GDPR?

We provide tools to help you manage your user’s data, and to respond to requests from your users, for example, the ability to delete comments on, or to delete order records from WooCommerce. There are also other tools described in the question below. In general we try to make it possible for you to manage your site without needing our help, but if you get a request from one of your site’s users that you don’t have the ability to fulfill, you can contact us to request our help.

We also put together a Privacy Notice and other support documentation to describe the personal data that we collect on your behalf about your site’s users. That notice can be found online at We hope that information helps you in drafting your own privacy policy for your site. Speaking of a Privacy Policy….ours is available under a Creative Commons Sharealike license. You’re more than welcome to copy it, adapt it, and repurpose it for your own use. Just make sure to revise the language so that your policy reflects your actual practices.

>> What data do you collect about the people who visit/use my site?

We aim to collect the minimal amount of data necessary to provide your site visitors with our service. Please see our Data Collection section below for more information about what we collect and when.

>> My site saves people’s personal data when they follow/subscribe to it or purchase a product on my site, and when they like or comment on a post or product; how do I manage this data to comply with GDPR?

Your site saves information about a person who follows or comments on your site in order to provide this service to them and email them updates about their sites

If a visitor to your site requests access to the personal data you have saved about them, we can help you to gather the data we have saved via our service. You can contact us to request that data.

If a visitor to your site requests you delete their data from your site, you have the tools at your disposal to do this. For information on how to manage/delete comments on your site, please see Additionally, subscribers to a blog are able to unfollow it at any time and the link for that is included in the footer of the follow emails.

If your site is not hosted by, but on a different server (self-hosted), you can use the tools provided by WordPress 4.9.6 and WooCommerce 3.4 to export and manage your users’ data.

>> Some of the Jetpack modules, like Jetpack Comments, collect the personal data of visitors to my site. Do you provide any tools to help me manage the privacy of this data?

We do! In our new Jetpack Privacy Center you can find information about the data we collect and use on a module by module basis. We published this to help you disclose in your site’s Privacy Policy an accurate list of what data your site collects about them to your site’s visitors.

Additionally, because many of the Jetpack modules are the exact same features we offer on hosted sites, site owners can also use the Jetpack Privacy Center to inform their own privacy policies.

>> Can you tell me more about Google fonts on my site?

The Google fonts API collects a very limited set of information and uses it only for serving the font to your site. You can read more about the data Google collects, stores, and uses in connection with Google fonts here:

>> What is a Data Processing Agreement (or amendment) and do I need one?

DPAs are contractual tools for web sites and companies to make commitments to their customers, vendors, and partners that their data handling complies with the law. It is not relevant or needed for the typical free site owner or hobbyists.

We are able to provide data processing amendments to users of our paid plans/products on, Jetpack,, Akismet, or PollDaddy. If your site has an active upgrade on one of these services, please contact us to let us know what you need.

Having a DPA does not change any of our practices regarding your site or your visitors. Everyone using our service gets the same high standards of privacy and security.


Data Collection Questions

>> What data do your various services collect about me?

We have always tried to collect the minimal amount of data that’s necessary.

For example, when you sign up for, we ask only for limited information needed to set up your account. We require an email address and a username, nothing more. If you purchase a paid plan, we’ll need additional information to process your payment. You are welcome to add other information to your public profile and account settings, but we don’t require you to give us any other personal information to get your account up and running. The same principle applies to all our products and services.

For a more detailed description of the data we collect, please refer to our respective policy pages at,, and

>> Does Automattic sell or give away my personal data?

We do not sell your private personal information.

We will share information about you in limited circumstances, and with appropriate safeguards on your privacy. You can read more details of when we share your information, and what we share, in our privacy policy.

>> What information do you collect if I use your WooCommerce plugin without connecting it to a or account?

If you do not connect an Automattic plugin to a or account, we do not receive or store any of your personal data, nor do we have access to the data about your site’s users/customers. The exception to this is if you enable WooCommerce Usage Tracking.

>> What data do your services collect about the people who visit/use my or Jetpack enabled site?

As with the data we collect about you, we try to collect the minimal information required to make our services available to the people who use your site. We have created a new privacy notice to detail exactly what that information is and how we use it, which is available to you and to your site visitors at

>> What information does collect, store and share when someone has a connected account?

When you make a purchase on and connect your account, we will know what sites you are using the subscription on, but generally do not get additional usage/personal data about you or your customers. There’s a few exceptions:

>> How long do you keep logs?

Our system logs, which record information about visitors to Automattic’s websites, are kept for 30 days after which they are deleted.

>> Where are your servers located?

Automattic’s servers are all over the world. This allows us to provide the fastest service to our users, and to the visitors viewing our users’ sites, no matter where they live. It also allows us to keep our service, and your site, running should one or more of our servers go down.

Although we have servers all over the world, at present all personal and site data is stored exclusively on US based servers.

There, I made it all pink for an enhanced visual presentation.  Or something.

Have fun, y’all, and if you find the FLM skulking about, please send that sweet little shit back this way, m’kay?


16 thoughts on “This General Data Protection Regulation (GDPR) thing?

  1. Nice to hear from you, ignored the whole pink crap thing, ‘cos you’re stuck with my ass following every word you write/say 😈 Mwahaha!


  2. They’ll have to pry your site from my cold dead fingers.. Hey girl! Glad to see you! How are you? *waves coffee and donuts at your muse*


  3. OMG…well, at least I like the color pink….so no need to re-confirm that we will NEVER leave you? Hope you are well and have a good supply of coffee and donuts to keep your mind sharp and inspire the muse.. take care


  4. Ignore the pink crap its just another thing the suits in the EU are foisting on us poor ‘citizens’ I have, I just sigh, press the button and move it the the ‘legal bits’ folder, as for me i’m staying right here patiently waiting for your next words of wisdom or wit.
    Apart from that how you doin’ kiddo? you okay? Got enough coffee?


  5. Particularmente, yo tengo claro que tengo los mismos derechos (y deberes) que antes y que no tengo “privacidad” en Internet. Voy a hacer lo que suelo hacer siempre (¿Acepta usted nuestros términos y política de privacidad y gestión de datos personales? Sí, porque siempre hay que contestar que sí si quieres tener acceso a cualquier página.


  6. Who would ever unfollow you?!?! My mind cannot comprehend that!
    (Shooing FLM your way, hope she listens)


  7. Hi Ya~ had one of these things show up from another Author, and it was a sort of “do you want to keep following” thingy 🙂


  8. ericluver: Why thank you gorgeous! I admit it – I barely even skimmed it (…if that…) – just did a copy/paste after the link jic any of you guys wanted to peruse the dang thing. (I figure it’s like generic TOAs – just click accept and voyage blindly forth, lol) I do want to make sure that everyone knows they can (supposedly easily?) unfollow if they ever want to, but I’m glad to hear you’re here to stay! ❤


  9. fffbone: Yeah, this crap is *everywhere* right now! Every time I turn around there’s yet another notice for me to ignore… I yet live although I think the FLM (once again) vacationing without me (yet again). If you see that li’l shit, send her back this way?


  10. bashfyl: *excuse the mad dash for the coffee and donuts…any survivors will be sent to A&E* Hi!! Very glad to hear you’re not leaving (even though I suck at not updating here lately). Here’s to the FLM finally (FINALLY) eventually finding her way home! ❤

    Liked by 1 person

  11. valady1: Srsly, felt like I was painting the whole dang post in pink! You can rest assured that *I* certainly didn’t wade through all that mess! I did want followers to know that it would (supposedly?) be easy (??) for them to unfollow if they wanted to (I’ve never unfollowed me so Idk…), but I’m so glad to hear you won’t! Thank you!! At the moment the FLM is probably sitting somewhere tropical (WITHOUT ME) growling but if she ever does show back up, I’mma cram a donut in her mouth…that should solve the problem, right?


  12. theslainvalkyrie: I felt like condensing it all down to “follow if you want, unfollow if you want; your info is as safe as it can be when connected to the interwebz”. Bah. In the end it’s all just words.

    I’m doing ok, mostly. Adulting is hard and I highly encourage others to review all options before accepting it, but I persist. Coffee keeps me going (I’m theoretically O+ but since my blood has been transmuted into coffee, it’s likely Colombian- by now…)


  13. cari1973: Exactly. Nobody can actually think that they have “”privacy”” when they’re on the internet even when they don’t give out email addresses to receive notifications… It’s just so many words to read before having to click the “yes” button if you want to keep viewing the site or whatever. So annoying.


  14. mom2goalies: …because I totally suck at updating right now??? *sigh* Thank you, gorgeous! If you see that FLM, kindly kick her wee li’l ass back this way…you can tell her I have donuts waiting for her but I bet she won’t care…she’s probably graduated to, like, pineapple martinis or something by now. Li’l shit. ❤


  15. pattyf82: Basically. I think we’re supposed to use lots of legal terms and conditions and whatever…more or less, or something. Idk…I kind of suck at reading all that crap. (I’m totally one of those people who just click “accept” at the TOS page, lmao)


Ahh, you found me. No clue why they stuck me ALL THE WAY DOWN HERE, but see that "Comment" box? Have at it!

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s