News nerds, how is the GDPR affecting your newsroom?

Hi.

If you're an EU-based newsroom, or a newsroom with a lot of EU readers, you're probably making some changes to your website as a result of the GDPR.ICYMI, The General Data Protection Regulation is a regulation in European Union law on data protection and privacy for all individuals within the EU and the European Economic Area. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. (source: Wikipedia)

I'm working on article for Source about those changes.

I want to collect the changes that you are making, and then share them with our whole community, so that everyone can consider and learn from them. If you have time, please read the questions below, and send me an email with what you'd like to share. Thanks!

My general question is: How are you changing what you build in response to the GDPR?

Here's a bunch of specific questions that may or may not apply to you and your product:

• What is the most-drastic change you've made to your website or news product as a result of GDPR?If your news website has removed all third-party trackers and ads because of GDPR and if you keep them removed for at least one year, I will send your organization a congratulatory card. (Website must have existed before May 25, 2017 and must have been cited by a mainstream news site before April 15, 2018. Terms, conditions, restrictions, and reservations may apply. Limit 5 prizes total. Talk to your doctor to see if LibreJS is right for you.)
• Are you changing how you load ads on your sites? Are these changes something that can be replicated by other newsrooms?
• Are you changing how you load analytics on your sites? Are these changes something that can be replicated by other newsrooms?
• Are you changing how you embed third-party editorial content, such as Tableau visualizations, DocumentCloud documents, YouTube videos, Twitter tweets, social buttons, and so on?
• Are you changing how you build in-house editorial content such as charts, scrollytelling, special templates, visualizations, outside-the-CMS pages, or things of that sort?
• Are you changing how you acquire newsletter subscribers or manage newsletter subscriber information? Are you changing how you produce your newsletter or what information (opens, read rate) you collect from your newsletter readers? How many emails did you send to your newsletter subscribers asking them to opt in to receive further emails?Do I need to zalgo-text this? I should zalgo-text this.
  
  O̢̪̳͔̭̲͓P͚̗̯̼͔͚ͅṮ̨̨̞͖̥̣ ̡͔̪̱̜͕ͅI̧̹̙̼̣͖͜Ņ̢̧̜̱̻͕ ̭̲̥̮͓͓ͅT̻̣̰̖͔͖̗Ǫ̪̣̮͖͕͙ ̪͙̯̹̮̦̥R̡̹̠̜̟͎̫̥͜͜ͅĘ̘̳̮͓̣̯̼͎͚͉̰C̗̪̬̳̞͙͕͖̤͉̫ͅE̻͕̭̫̹̞͙̳͕̬͚͜I̢̨̩̠̞̤͙̲̦̗͓V̡͙͈̘̠̼͖͔̟̣͚ͅȨ̳̱̳̱̯̱̹̗͙͎̦ ̢̧̘̘̯̝̳͖͕͈̺ͅF̢̡̨̨̞̥̪̱͚̬̹͖͍͎̙͔̼̥̝̭͓̠͚̫̙̱Ų̢̡̯̟͕̘̰̲̘̳̯̠̠͔̭̠̼͈̦͍̙̳͇̫͉̦̰R̨̳̼̮̗͎͔̗̱̟̱͍͈͚̺̟̦̹̞͓̥̗̞͜ͅT̯̪̼̙̤͕̲͔̣͇̹͖͍̖̼̱̥͍̬̙̤̞ͅH̢̡̨̟̫̫̳̤̹̩̞͚̖̪͍̠̼̲̳̖͚̦̝̬̭͈ͅE̢̨͕̻̞̘̗̦̼̥̮̼̘͚̹͖̳̙̳̻̥̩̠͕̯ͅR̨̭̰̭̮̟̞͔̱͍̰̤̭̰̙̺̪̯̣̻̺̮̘͙ ̨̢̢̩̹̙͚͖̫̹̳͇̝̬̬͎͙̬̦͍̝ͅĘ̡̢̧̺̺̪͈͔͉̻̥̗̳̗̙̭̯̜̟̺̩̖̝͉̹͍̣̼̬̻̦͔̫͙̩̬̯̪̪̣̙͕͚̟̲̬̳̯̻͍̝͖̺̠͍̱͙̫̖̺̠͚̺̞͍̞̩͜ͅͅM̡̢̨̨̞̣̝̩̘̥̘̼̙̭̣̟͎͕̯͉͔̹̘͙̥̭̖̹̬̥͉͖͍͎̱͓̫̬̯̫͓̝̦̤͚͓̮̱̗͎̗͎̮̰͍͍͇̯͔͔̥̺͇̮̘͜͜͜ͅA̢̢̢̨̗̪̗̩̘̳̟̫̤̮̞̠̩̜̞̟̦̱͍̝̪̪͔͚̰̻̣̯̳̖̺̻̯͜͜ͅI̡̡̡͍̙̼̳̟͉̻͙͓̙̰͎̬̮̺̭̣̳̲̦̠̭͓̣̟̗͇̬̺̥̝̱̝̻̲̱͓͉̻̬̗̯͔̺̯̙̥̳̙͎͓͜ͅL̡̡̧̨̧̡̡̢̨̖͈̦̣̩͈͖̙͎͕̫̖̤̩̜̘͇̙̝̯̟̤̺̰͚̘̝͈̲ͅŞ̡̻̘̬͎̗͈͈͖͚̼̹͉͚̤̖͕̯͍̯̬͍͚̖͈͜͜ͅ
• If your product is embedded by people outside your organization, are you changing the embeds you provide?
• If your products collect in user-generated content, are you changing how you use that information? Examples of user-generated content collection could include a bot that converses with a reader, a test-message bot for sending follow-ups, and an interactive that localizes a story based on the reader's location? Would you build something like that under GDPR?
• Do you have any open-source code that can be shared with the public that is relevant to the above questions?
• Have you used the changes mandated by GDPR as an excuse to do something not required by GDPR that you would otherwise not have had the time, resources, or backing to do? (If you'd like to spill the beans but don't want to be publicly named, let me know.)
• What GDPR resources have you found to be useful? Some people have suggested:
  • "GDPR Hysteria" by Jacques Mattheij
  • The UK Information Commissioner's Office's Guide to the GDPR
  • GDPR Hall of Shame
• Did you need a lawyer to help you understand how the regulation applies to your web product? If your lawyer is amenable to being contacted by potential new clients, can I share the lawyer's contact information with newsrooms that are looking for legal advice? (This article isn't meant to be legal advice, but many people and organizations will be looking for legal advice.)

If you have additional information that you think may help other newsroom developers in their adaptation to GDPR, I'm interested in that as well.

Send me an email or tweet at me; I'd love to share your experience.

Thank you for your time.

• Discuss on Bluesky →
• Discuss on Mastodon →