Poems don’t have to have a Privacy Policy. But websites do. Or any organisation that collects personal data that might be used for nefarious purposes.
And we do worry about personal data. We worry about our phone numbers, and our dates of birth, our bank accounts and our passport numbers. We worry while giving them to all sorts of people for all sorts of purposes.
And now some of us suddenly worry about a new set of capital letters: GDPR. The General Data Protection Regulation.
Health Warning: the rest of this blog is quite dry. You could just skip to the poem at the end if you’re not feeling strong. Or go for a nice walk.
The GDPR is a piece of European legislation (please don’t mention Brexit) designed to protect consumers Europe-wide. It gives more rights to the individual and more obligations to organisations holding personal data.
The GDPR is, to be precise, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing or personal data and on the free movement of such data, and repealing Directive 95/46/EC.
In the UK, matters of data protection, including this one safe-guarding ‘natural persons’, are looked after by the ICO, the Information Commissioner’s Office. This is the government-appointed body that recently carried out a much publicised investigation into Cambridge Analytica.
Innumerable worthy, smaller, not-for-profit organisations (like HappenStance Press) have also had to think hard about GDPR, because they too are subject to the new regulation, and need to ensure they’re doing things properly.
Which is why everyone who uses email will have had multiple emails recently asking them to re-subscribe to X, Y or Z.
The idea is that we shouldn’t be receiving marketing or sales emails unless we have expressly asked for them. (The word ‘consent’is now the lynch pin.)
After May 25 (next week), every organisation that holds your contact details, and uses them, should have asked your permission explicitly first. They should observe the key principles of article 5 of the GDPR.
Some organisations who hold your contact details have little idea whether they originally asked your consent or not (contact addresses were sometimes shared or purchased in the past) and in any case they want to make double sure.
So they are all asking us to confirm that we want to stay on list A, B or C. (And they are nervous, because the ICO can fine people for not doing things properly.)
The advised consent procedure for mail-shots is called ‘positive opt-in’ and it works as follows. You go to a website (like this one) and enter your details into a box to be added to a contact list. But you’re not actually on that list until you reply to an email which invites you to confirm. When you confirm, this is proof of ‘consent’, i.e. proof you really really mean it. At least, you really meant it at that moment. Ease of unsubscribing is also important.
So on this very blog page, you will see, in red, instructions on how to subscribe to receive future blog notifications. If you enter your name and email address in the relevant box and click, you will be advised to look out for an email to confirm.
You look out for the email. You open it. You click again (life is all clicking these days). Now you have consented. Hurray!
Oh but I haven’t mentioned the bit about confirming that you’re not a robot, which is straightforward so long as you can see. Issues such as these are raised by Giles Turnbull, on his blog. Accessibility is a key issue here, and one that is not always top of the agenda when it comes to legislation.
I understand why people may be uneasy about registering their names, addresses and emails on this website when they purchase books. Why should they trust a little press with a happy-go-lucky name like ‘HappenStance‘? The information seems to be disappearing into a medium that nobody quite understands, at the same time as we read alarming stories about hackers and alien intelligence. Well, hackers anyway.
It may not help that we promise to keep the information safe, although from now on, HappenStancecustomers can read the Privacy Policy, which I put together this week when I could have been writing a poem. But will it reassure?
There is a good alternative to buying things online. It’s called a shop. People can still order books from bookshops without revealing their full personal details. Bookshops are good places, especially indies like The Lighthousein Edinburgh. A bookshop doesn’t need personal data. Oh, wait – they probably will require at least a name and phone number, unless the book is held in store. But customers can theoretically use a false name, enter the shop disguised as a gorilla, and pay in cash – while cash still exists.
Sigh. Yes, basically, it’s all risky.
But the GDPR is designed to protect us. Or at least make organisations state precisely what personal information they collect from us, why they collect it, and what they use it for, before we sign up. It could be worse.
Privacy Policy & Consent
This poem will not collect your data
to contact you a few weeks later
and call you back.
The lyric stands alone, defiant,
entirely GPDR compliant,
in white and black.
Impervious, then, to consternation
or European legislation
or Union Jack,
it here extends its own address,
which may be shared in times of stress—
no fear of flak.
Thank god for the poem, Nell, at the end of all that! I’ve just been grappling with GDPR, because I run a small, non profit making poetry night…so many emails. Would you mind if I read out your heartening poem to the faithful who come to the next event? xx
Dear Jean, please do share anything. And don’t worry too much about all this GDPR furore. The legislation is not intended to bully non-profit-making arts organisations. Your only issue really is whether the people whose contact details you already hold can be said to have consented to be on your list, and they have all, almost certainly, AGREED to be on your list already, since the information is in their interests. How can you go to a poetry event if nobody tells you when it’s happening?
So that’s really all that is required, as well as the ability for each person on your contacts list to take themselves quickly and easily off your list if they decide they’ve had enough. You keep the contact details securely, you use them only for purpose of sharing information about events in which they’ve expressed an interest. You have already done all the right things. There is a lot of panic in the air at the moment, but don’t let it get to you! 🙂
Thank you Nell, for such sensible thoughts! We will keep on keeping on. x
Yes please x