Subscribe
Share
Share
Embed
The WP Minute brings you news about WordPress in under 5 minutes -- every week! Follow The WP Minute for the WordPress headlines before you get lost in the headlines. Hosted by Matt Medeiros, host of The Matt Report podcast.
Eric Karkovack (00:00)
Hi everyone, and welcome to the WP Minute. I'm Eric Karkovack. Today's episode features a segment from my interview with Donata Stroink-Skillrud, president of Termageddon. Donata stopped by to help web professionals better understand privacy requirements and how to communicate them to clients. She also notes that it's the client's responsibility to enact such policies, not ours.
Now you can check out the entire interview over on our WP Minute Plus channel. Visit thewpminute.com for all the details.
Eric Karkovack (00:37)
So what would your advice be for ⁓ people who are working in agencies or freelancers, working with clients about this? How should we approach them about this subject? Because as I said, so often nobody brings it up and it just kind of sits there until something happens.
Donata Stroink-Skillrud (00:54)
Yeah.
For sure. So I guess first of all, as a web designer, you should not take responsibility for this. ⁓ You know, no matter how much you're getting paid to build a website, you're not getting paid enough to assume compliance responsibilities. And there are a lot of agencies who have templated contracts, for example, that will state that we warrant and guarantee that this website will be compliant with all applicable laws, rules, and regulations.
remove that from your contract right now. ⁓ That is the worst thing that you can do for your agency is make yourself responsible for this. It should be the client that's responsible for compliance and not the agency. Now, in terms of how to bring this up to your clients, ⁓ I don't think this has to be really complicated. And I don't think you have to be an expert in privacy law to bring it up or an expert in compliance matters to bring it up. I think it can be as simple as
Look, I'm not a compliance professional, I'm not a lawyer, I'm not providing you with legal advice, but just so you know, your website is collecting personal information, it has these trackers on it, you should really think about privacy compliance. Now, whether that's getting a privacy policy in place, getting the proper consent in place, you should really figure out what the requirements are and implement those requirements on your website. ⁓ We also recommend, you know, ⁓
A lot of agencies as standard practice have been installing these tools on websites forever. So, you know, maybe you have a checklist where you install Google Analytics and you install the Metapixel and you install Recaption, you install all these different trackers, but you never tell the client that you've done that. ⁓ So my recommendation would be, you know, before launch ⁓ or if you haven't done this for websites that you've built in the past saying, look,
Eric Karkovack (02:28)
Yes.
Donata Stroink-Skillrud (02:49)
These tools have been installed on your site or will be installed on your site. Do you want all these? Are you okay with these? You know, let me know. So that the client's informed as to what's on their website.
Eric Karkovack (03:00)
Yeah, that's a big one. I mean, for so many years, know, clients leave the technical details to us, right? We're the ones who are building out the site and they're really responsible for, you know, okay, getting us the assets, you know, the logos, the content and things like that. And so, you know, we assume a lot of times that clients, well, they're going to want Google analytics and they're going to want this and that. But these days with the privacy laws that we have, it makes sense that, you know, we really should be informing.
every about every tool like that that we are adding and recaptcha is actually a good one because I hadn't thought of that.
Donata Stroink-Skillrud (03:37)
Yeah, so to unpack that, say Google Analytics is an example. A lot of agencies install it on client sites because they think a client might need it. ⁓ Google Analytics collects personal information like IP ⁓ address, device identifier, information as to how people interact with a website. And it can also subject ⁓
websites to certain privacy laws like GDPR because they're tracking the behavior of residents of the EU, for example, on the site. So it has a lot of privacy implications. It shares this data with Google. It collects a lot of data, some of which may not even be totally necessary. ⁓ And it subjects ⁓ websites to the consent requirement of having people agree to Google Analytics before that cookie fires. Now, let's say the client did not know that
that it was on their site. So they could never set up the right compliance because they didn't know that it was on their site. They didn't know it was collecting data. They didn't know sharing data. They didn't know it was subjecting them to certain privacy laws. So they might not have taken those proper compliance steps to make sure that they're ⁓ having Google Analytics set up correctly with the right compliance measures in place. And it's interesting, you know,
We do a lot of calls with clients helping set up their privacy policy and things like that. And before the call, we go to the website, we run a scan and we see what technologies are on the site because it affects how their privacy policy is created. And we'll say, you know, since your website has Google Analytics, you could be tracking residents of the EU or the UK. And we have so many calls where the client's like, I did not know that. I did not know I had this on the website.
And we're like, well, have you ever accessed the data? Have you ever done anything with it? No, I have no idea how to even do that because my agency set it up for me. So you're not just, you know, subjecting the client to all these compliance regulations. You're also having the website collect information for no reason, right? Because if the client never goes onto their Google Analytics dashboard, never sees the data, never does anything with the data.
They never needed Google Analytics in the first place, right? So I think it's a great practice to, you know, before the launch of the site to provide the client with a proposed list of technologies, explaining what these are and asking them, do you need this? Like, are you ever going to look at this? Are we ever going to do anything with this data? And if the answer is no, then don't install it because they don't need it.