Blogs have become a popular and powerful way to create an online following from anywhere in the world. Wikipedia reports there are more than 152 million active blogs, with a new blog launching every half second. That's 172,800 new blogs every day.
While a blog might not seem like a place where personal information is being collected, the fact is that almost every online site does collect personal information either directly or indirectly. Not only does the browser your blog readers use collect information from your audience, but so does your blog.
- 1. When and Why Blogs Collect Personal Information
- 1.1. List Sign-up
- 1.2. Communications and Contact
- 1.3. Content Upgrades
- 1.4. Chat Tools
- 1.5. Social Sharing
- 1.6. Commenting
- 1.7. Ecommerce
- 1.8. Cookies
- 1.9. Third Party Services
- 4. Privacy Laws Affecting Your Blog
- 4.2. General Data Protection Regulation of the EU
- 4.3. Canada's Personal Information Protection and Electronic Documents Act (PIPEDA)
- 5.1. Google Analytics
- 5.2. Your Blog Platform
At minimum, your blog likely collects the following types of personal information:
- First and last name
- Email address
- Social media profiles and information
- Reader comments
- Reader actions (browse time, links followed, ads viewed, etc.)
All personal information collected online is subject to global privacy regulations.
When and Why Blogs Collect Personal Information
Blogs, like other websites, deploy multiple technologies to attract, engage, convert and serve their audiences. Some blogs are monetized with ecommerce features, and many blogs present readers with display ads.
The list of potential ways a blog directly and indirectly collects personal information is long. Let's take a look at some of the most common ways your blog might be collecting personal information from your readers.
Small business SEO consultant Main Street ROI uses multiple tools to grow its email list, encourage referrals and convert blog readers to paying customers. This simple email list sign-up tool pictured above appears at the end of every blog post. It includes one personally identifiable data point -- the reader's email address.
Communications and Contact
The right sidebar on every page of the Main Street ROI site, including blog pages, encourages readers to schedule a call. The call is free, but several data points are required to get it:
- First Name
- Last Name
Not only is all of this information legally protected personal information, but by providing the website address, the reader is essentially inviting Main Street ROI to collect even more information than contact data.
Another engagement tool in the blog's right sidebar is an increasingly common tool called a content upgrade.
Content upgrades offer information considered more valuable than the blog itself or other enticements offered on the site. If a site visitor isn't enticed to join the email list or schedule a call, an exciting content upgrade might be the best next option to convert the reader to a blog follower.
In order to get the content upgrade - in this case, The Internet Marketing Survival Guide - the reader needs to enter a valid email address.
Another tool Main Street ROI and other blog sites use to provide value to readers in exchange for personal information is a chat tool.
In order to use the tool, the reader must enter personal information. In this case, the required information is an email address. However, the reader also may enter information into a text box, which likely could include personal information, such as other contact information, their website URL or even payment information.
Another popular blog engagement tool is a social sharing tool. When a reader clicks to share a blog post, the blog receives additional personal information about the reader through integration with the chosen social platform.
Here is the sharing tool Main Street ROI uses:
Many blogs also invite reader comments, which serves two purposes: increasing blog SEO and increasing engagement. In the process, the blog enjoys another opportunity to directly collect personal information.
Island Jane requires anyone who wishes to leave a comment to provide a name and email address, both of which are personally trackable. Additionally, the reader has the option to provide her website and leave a comment, which also may include personally identifiable information.
In addition, the Island Jane blog includes an integrated ecommerce store in which direct and indirect personal information is collected. In order to process an order, the reader must provide a name, shipping address, email address and phone number.
The store also utilizes third party vendors to process payments. In this way, Island Jane is collecting information to share with those third parties.
Third Party Services
In addition to indirectly collecting information through cookies, the site discloses they also may share information with third parties who they choose to help operate the site, conduct business and manage services:
It also should acknowledge your respect for, and adherence to, all applicable laws.
- Answer the questions related to your entity type and location.
- Answer the questions relating to what type of information you collect from your users.
Privacy Laws Affecting Your Blog
Privacy laws are written to protect the residents in the jurisdiction where the law applies. If there is any chance that your blog might attract a reader from jurisdictions where privacy laws exist, then you are required to comply with those laws.
Let's take a look at some privacy laws that are likely to affect your blog.
General Data Protection Regulation of the EU
Beginning in May of 2018, an even broader set of online privacy regulations will go into effect in the EU. The General Data Protection Regulation (GDPR) creates strict regulations mandating how websites and blogs must protect personal data collected from EU residents.
As is the case with CalOPPA and virtually every other legal privacy requirement, GDPR applies to blogs attracting visitors who live in the jurisdiction, whether or not the blog itself is located in the EU.
An interesting component of the GDPR is a requirement for blogs to obtain informed consent from readers before collecting personal information from them. In other words, previous privacy protection standards which put the burden of knowing privacy rights onto the reader are now clearly placed on the blog owner.
Article 5(3) of GDPR requires website owners, which includes blogs, to properly inform readers of the actual and potential information that may be collected through the site, both directly and indirectly, and give the reader options for preventing or limiting the information they provide:
Canada's Personal Information Protection and Electronic Documents Act (PIPEDA)
In 2000, Canada introduced the Personal Information Protection Electronic Documents Act, also called PIPEDA, or PIPED. The law was created to address privacy concerns relating to the commercial collection and management of personally identifiable information of Canadian citizens.
The act defines commercial activity as:
"Any transaction, act, or conduct, or any regular course of conduct that is of a commercial character, including the selling, bartering or leasing of donor, membership or other fundraising lists."
It is very likely your blog is interacting with one or more Google platforms such as Google Analytics.
This is because, as spelled out clearly at the top of its Policy Requirement, Google uses technology tools such as cookies to collect information about your blog's readers and their browsing patterns:
Your Blog Platform
Blog platforms such as WordPress, Reddit and others include built-in features to help you grow your blog traffic. To do this, they automatically collect information about your readers such as browsing patterns and IP addresses, which locate your readers' device.
User comments, which are an effective and popular way to increase blog SEO, also collect protected data such as reader name, email address, social platforms and in many cases, a photograph.
In the example below, the comment submitted by a WordPress blog reader includes his IP address:
The public view of most blogs displays the reader's photograph with comments. See this example from a reader comment at Island Jane, where we see publicly the reader's first and last name, as well as his photograph:
It does this in two separate clauses.
An increasingly popular method for gaining blog followers is the use of social sign-up buttons. These allow your readers to quickly sign up for your blog through a platform in which they are already logged in.
By providing quick social sign-up, you get the benefit of not only a new reader, but also access to data from the reader's social site used for sign-up.
In doing this, however, you also accept the privacy laws governing that exchange of data, as well as each platform's requirements to ensure you comply with not only applicable laws, but also their unique Privacy Policies.
Online public forums such as Disqus offer opportunities for your blog to gain a global following. You'll also increase your privacy protection obligations. If you choose to integrate with the Disqus platform, you must comply with their terms, which includes a requirement to comply with all privacy laws: