Heather Burns is a digital law specialist in Glasgow, Scotland. She researches, writes, publishes, consults, and speaks extensively on internet laws and policies which affect the crafts of web design and development.
She has been designing and developing web sites since 1997 and was a professional web site designer from 2007-2015.
She is a co-organiser of WordPress Glasgow, a member of the WordCamp Edinburgh organising team, and a survivor of numerous WordCamp afterparties.
Heather has a talk on WordPress GDPR compliance project. A basic overview of what the project is, what we’ve been working on, and what tools we’ve made. And what is in the planning to help make WordPress Compliant with the new GDPR (General Data Protection Regulations).
Heather will also be speaker with Marissa Goldsmith about “Getting the Balance Right: GDPR and Google Analytics”.
The web sites and apps we create, both for ourselves and for our clients, need to collect user analytics for a range of reasons ranging from workflow to user experience to security.
However, user tracking can cross the line from insightful anonymised data collection to intrusive personally identifiable monitoring. GDPR, Europe’s revamp of its data protection and privacy regime, becomes enforceable on 25 May – the day before WordCamp Belfast.
The incoming ePrivacy Directive revamp also renews rules on analytics. This double overhaul creates refreshed obligations for you to inform your site users about any counting, tracking, and monitoring you carry out on your web sites and apps, to provide users with options over your counting and tracking, and to ensure that your data collection respects your visitors privacy.
In the talk, they will help you to achieve a healthy balance between data collection and privacy which respects your business, your users, and your refreshed legal obligations.
The talk will cover:
- How to understand your audience so that you can understand their data
- Why minimal data collection and retention makes sense from an ethical perspective
- What user tracking is and is not permitted under GDPR as well as the ePrivacy Directive revamp
- How to explain your use of analytics and tracking in your privacy notices
- How to provide your visitors with an opt-out of analytics and tracking
- How to collect analytics with the greatest respect for user privacy
- How to ensure information is not personally identifiable to an individual (Deaggregation/anonymisation/pseudonymisation)
- How to determine a data retention and deletion period
- Dealing with third party tools: Google Analytics as our example
- What other forms of tracking cross ethical and legal boundaries