Every good website needs a privacy statement? All right, then, prepare for something.
According to Andreas W. Ditze.
Article 12 of the EU data protection basic regulation (short: DSGVO) demands that I explain to you “in a precise, transparent, understandable and easily accessible form [and] in a clear and simple language” what is happening here on this website. Since I cannot assume that you studied computer science, law or rocket engineering for five years, I shall write plain text here. I’m happy to do that.
This website is hosted by Uberspace. I have concluded a written contract with Uberspace for this domain [dirtypath.com]. The contents of this contract can be found here.
§2 Google Analytics and other Tracking
This website uses Google Analytics and also the standard WordPress statistics. Oh, my God! Oh, my God! Your access to this website will certainly also be stored in the USA. And it gets even worse: I haven’t signed a contract with Google yet. What do you mean? The Google Standard Contract has 18 pages, must be sent in duplicate to Ireland, and encourages me to send my other comments on the contract by post to London. Here you can read the contract. And it gets even better: if I were to interpret the letters of the basic data protection regulation literally, e.g. Article 28(3)(h), I would have to personally visit my processors from time to time to check that they are doing all this correctly. So very practical: I drive to the Google data center, ring the bell at the gate and then say: “Hello, here is your client, Hasselbusch from Hamburg. I wanted to see if you were really doing everything right.” You all right?!
§3 Other plugins
You haven’t had enough? Okay, let’s go. This website uses a few plugins. These plugins do a lot of things: a few speed up the website, another one makes for a nice look, footnotes, social sharing buttons, email alerts, photo gallery or especially nice sitemaps that make you find this website at all. Be that as it may: almost every one of these plugins sends your IP address at the long end to the servers that are needed so that you can see a nice website here. Do I have an order processing contract with each of these plugin providers? Well, what do you think? I’ll tell you: No! And why is that? Because that’s complete nonsense, too. Or do you seriously want to suggest me now, I should on my private, paid by myself and completely free of advertising kept web page, which I fill in my spare time with much love, now really go and to each Plugin which I want to use here an extensive order processing contract conclude? I’ll tell you what: if you don’t want my website to share your IP address, just don’t come here.
§4 How to contact us
Now for contact: If you send me an e-mail, you have to live with the fact that I receive data from you. I’ll then see your email address, possibly your IP address, and if I really try and manually evaluate the X header of your email, I may even be able to see the name of the computer from which you wrote the message. This is not magic or hacker art, but an Internet standard. If you can read it, you’ll get this data. This is due to technical reasons – and has been the case for many years. If you send me your data unsolicited, you can assume that I protect your e-mail just as well or badly as all my other e-mails. If at any time you decide that I should delete the e-mail you sent me without being asked, you may politely ask me to do so – but I promise nothing. Also here applies: if you cannot live with it, please do not send me an e-mail.
Continue with the text: Topic Blogposts. You are welcome to comment on individual messages here. But once again, the same applies here: You have to assume that some data about you will be collected. The IP address, the name and the mail address. After all: with the name and the mail address you can work with pseudonyms – or just lie, that’s okay for me. The IP address is a bit more difficult – but hey, if it is too private for you, use TOR or a proxy. Once again: Love it or leave it.
§7 Warning letters
Before you warn me about any missing, incomplete or insufficiently penetrated aspects of the DSGVO, please consider the words of the EU Justice Commissioner responsible for introducing the Regulation Věra Jourová. In an interview with ZEIT, she said literally: “The DSGVO is about common sense and proportionality. If someone writes you an e-mail and grants you permission to use his or her data, it is clear that he or she is giving you permission. Incidentally, the data protection officers not only sanction, but also advise. My forecast is that the authorities will focus on the vendors that can cause the most damage, those that process the most data.”
Beyond that I refer here also gladly to a statement of the German “father” of the DSGVO, Jan Philipp Albrecht. He writes literally in his blog: “What will not happen, however, is that […] the supervisory authorities and some warning lawyers will suddenly take a completely different approach to all the small businesses, sole traders, associations and bloggers.” You may assume that I will report this to both actors in the event of a warning.
§8 Final provisions
Last but not least: I see myself as part of the hacker scene and have a positive attitude towards data protection. That’s also why I changed the website to TLS/SSL years ago. The subject is really close to my heart. However, when I then see the technical quality with which the basic data protection regulation was rolled out in Germany, I come to the conclusion as a politically interested private person that I do not want to jump over every little stick and cannot do what the legislator is holding for me here. If you would like to read proper privacy policies, please visit a commercial website – it’s usually run by the book.