Yesterday I spoke about Facebook and the fact that Mark Zuckerberg, for all of his obvious intellect and talent, is probably a sociopath and his company has some serious ethical issues they need to address. It would be foolish to think that governments around the world won’t now be catching up and clawing back some control here.
In fact, it’s already happening. In the EU, you have the GDPR coming into effect in May this year. It is a wide-ranging set of data protection regulations for companies/people that deal with private information of EU citizens.
I’ve been pretty derisive of the GDPR because I think it is a nonsensical overreach by the EU – they have stated that this will apply to any company or person ANYWHERE in the world who handles the data of EU citizens.
Failure to comply will result potentially in very stiff fines.
I laughed when I dug into it a few months ago. I talked to my IP Lawyer here in Sydney about it a few weeks ago and she laughed.
The idea that the EU is going to attempt to enforce their laws on companies or citizens domiciled and operating in foreign, non-EU countries and then endeavour to fine them when they are not compliant is fanciful.
As my lawyer pointed out, if I am compliant with the Australian Privacy Act, (I’ll get to this in a bit) and I operate out of Australia, then because Australia and the EU do not have any bilateral agreements in this area, Australian law will have supremacy.
It goes even a step further, the EU has deemed some countries privacy laws as being “compliant” in nature with the principles of the GDPR, but Australia’s are not among them.
To enforce their “ruling” and endeavour to have me pay their fine, they would have to apply to the Federal Court of Australia. They would have to argue that I was “found in breach in absentia” and that the Australian court should enforce their ruling despite there being no bilateral agreement on the matter.
My defence, of course, would be that my business operates entirely within Australia, my website “exists” in the United States and that I comply with Australia’s Privacy Act.
This would require an Australian Federal Court to deem that Australian law does not take primacy over the laws of a foreign country and that an Australian business, operating in Australia, adhering to Australian laws can be found guilty if of breaching the laws of foreign powers if their citizens come to an Australian business on the internet and transact.
Again, my lawyer laughed as she explained how ridiculous that notion is.
Having said all that, privacy laws and privacy regulation is going to start getting stricter and countries are going to start doing bilateral agreements on privacy regulations.
Why?
Because privacy information is valuable, the data that can be gleaned from that information threatens governments and they will regulate to control anything of value and threatening to their existence.
So it’s coming.
But what am I doing about this right now?
One thing that I’ve liked that’s come out of these hearings in the US in the last couple of days is that a number of Senators and Congressmen said that terms of service and privacy policies really need to become more transparent and be written in plain english.
I agree with that, 100%.
In fact, to get Casual Marketer authorized originally with our credit card merchant bank provider, I had to publish a Revenue Disclaimer on the site – they picked this up during their review. They felt it wasn’t enough to have references in the terms of service to how we made money (even if it had nothing to do with credit card transactions).
Anyway, I decided to write a “plain english” version of the revenue disclaimer in protest and then send the link to the merchant facility provider and see what they said. The young lady doing the review sent me an email and said it was the best one she’d ever read and it made her laugh out loud because it was so clear.
If you’re interested in reading that revenue disclaimer, here’s the link.
I’m also going to redo the intro to our privacy policy this weekend – so take this as your formal notification that it is changing.
This policy intro will clearly state that Casual Marketer exclusively adheres to the Australian Privacy Act and that any services we use are compliant with that AND the jurisdiction in which they are provided – so ActiveCampaign complies with US privacy law and the data I store within it is managed by me in alignment with the Australian laws.
I’m also going to call out quite explicitly that if you want your data kept/maintained/managed within the framework of your country’s privacy framework, then Casual Marketer isn’t the site for you so don’t give me your data.
On principle, I’m not going to allow a foreign power to impose their regulations on me and my business – period. My focus will be to treat people’s data with respect as I’ve always done, collect as little as I need to provide the service they’ve requested and that’s it.
I guess the takeaway item here is, privacy is becoming an issue and the law around it is complex with a ton of misinformation out there. You need to figure it out for yourself, but my advice is quite simple – focus on collecting as little data as you need from people, use reputable systems and software to store the data, and be clear and concise with your policies using plain English as best you can.
I just think, “how would I like my data handled” and then I try and live up to that.
Something to think about.