Don't panic because you have a blog - GDPR is simple enough

cloudflare
dsgvo
paper-shield
gpdr
oauth
privacy
Tags: #<Tag:0x00007fbc4ecf2120> #<Tag:0x00007fbc4ecf1ea0> #<Tag:0x00007fbc4ecf1ba8> #<Tag:0x00007fbc4ecf18d8> #<Tag:0x00007fbc4ecf12e8> #<Tag:0x00007fbc4ecf0e60>

#1

I updated the privacy policy of this personal blog, to comply with GDPR.

Personally I would have preferred exclusions for individual Web contributors, like me. This is a small knowledge base and not a commercial front for a product.

Here is the quick summary. If you like the policy, you can copy it. If you find something I need to correct, please let me know.

No adhortatory letters to be expected

Many Germans believe they are going to get formal adhortatory letters from shady legal offices.

Chances are, that I won’t get such a fine letter, given that the right to fine entities under GDPR / DS-GVO is limited to Data Privacy Agencies and consumer protection organizations. I don’t have significant data.

You can send a complaint to your respective Data Privacy Agency (DPA), and they might investigate it. But you cannot send cease-and-desist style warnings. GDPR is not the DMCA.

Cookie Opt-In popups

You do not need to send Cookie Opt-In warnings, unless you use third-party trackers. I have added technical information about this in the appendix.

In case of this website, there is no need to Opt-In, because there is nothing to opt in for.

Third parties - OAuth, Cloudflare

This website service is designed, so that data-subjects do not send PII to it directly.

  • Cloudflare serves the content
  • all PII (only for the purpose of logins) remain with third-parties such as Google, Facebook etc.

This is the long section. Long story short: if you don’t want to use any of these Third Parties, don’t. Besides Cloudflare any of these services is merely for data-subjects, who chose to use it actively. That is only possible if their EULA / ToS are accepted.

All of these third-party service providers have GDPR compliant policies.

Summary

No legal letters to be expected, no Cookie Opt-In, all third-parties are GDPR compliant.