podcast

Donata Stroink-Skillrud from Termageddon on Digital Private Policy | sleon productions Podcast #42

In this episode with Donata Stroink-Skillrud from the Termageddon.
which is the longest-running Privacy Policy generator listed as a vendor by the International Association of Privacy Professionals (iapp.org).

More info on Donata and Termageddon
https://termageddon.com/

Transcript

Santiago Leon 0:10
productions Podcast, where we interview business owners, CEOs, innovators, authors, or anyone that is bringing value to the world influences. We speak to several guests from all across the industry, not just in tech, but someone you know, people that you know, tap into tech that influence. And in this episode, we’re gonna talk about privacy. And it’s become an issue this past couple years, is something that a lot of business owners or website owners had to tap into. They had gotta add a plugin or add something to say your dad has protected and things like that. And everyone’s worried about privacy as everyone you know, where are their information going? Who is seeing it and things like that. And today’s guest we have donata strike, scare rude from Armageddon, which is the, which provides a privacy policy generator, and and which is also a vendor with the International Association of privacy professionals. We got the nod on the show, welcome to this Leon productions podcast.

Donata Stroink-Skillrud 1:29
Thank you so much, very excited to be here and very excited to talk to you about privacy. I met

Santiago Leon 1:35
you at wordcamp, Miami, almost a year ago before the pandemic and you had a wonderful presentation. It really like when I saw that presentation at wordcamps. Like, I’m going to skip the CSS workshop go to this one. Tell me a little bit about yourself.

Donata Stroink-Skillrud 1:55
Sure. So again, my name is de nada. And I’m a licensed attorney. And I’ve been practicing and privacy for about five years now. And I guess on that note, anything that I say today is not considered legal advice, you should talk to your own lawyer. And I’m a certified Information Privacy professional and the vice chair of the American Bar associations II privacy committee, and the chair of the Chicago chapter of the International Association of privacy professionals. And I’m the president of term mageddon, which, as you said, is a policy generation service. So I’m actually the legal engineer behind that service. And I’m the one who wrote all the policy questions, all the different options, all of the, you know, 1000s, and millions of privacy policy text variations. And I make sure to keep our clients privacy policies up to date. So a large portion of my day is actually spent keeping track of privacy laws in the US and across the world.

Santiago Leon 2:57
And of course, in recent current events, the major, major news when it came to private policy was in Europe with GDPR. And that’s something that we’ll get into later in the show. First toes I mean, tell us about your company and the services that it provides.

Donata Stroink-Skillrud 3:18
Sure. So term mageddon is a generator of policies for websites and applications. So we create privacy policies, Terms of Service, disclaimers, and end user license agreements for our clients. And essentially the way that it works, it’s a series of questions about your business and your Privacy Practices. So like, you know, where was your business formed? Or what personal information do you collect? What do you do with that information? Who do you share it with? You know, so we figure out what privacy laws apply to you. And then based on that, we create the disclosures necessary for your privacy policy. And what’s really cool with us is you don’t just get a privacy policy, the text itself, you actually get an embed code and the embed code is what goes on to your website’s privacy policy page. And is what allows us to update your policies when the laws change. So I keep track of privacy bills and and privacy laws and rules and regulations and cases and all of that. And when something changes, you know, we can just update your privacy policy directly. without, you know, you having to copy and paste templates or PDFs or whatever, it just makes it easier.

Santiago Leon 4:30
And this is very important. Like, you know, each company or a you know, every industry needs a Pacific customized disclaimer text or any type of policy tells the importance of how custom these policies should be.

Donata Stroink-Skillrud 4:46
Sure. Um, so, you know, essentially, when it comes to having a privacy policy, you want to make sure that it fits your business and there’s a couple of reasons as to why. So first, different privacy laws apply to different businesses. So there’s some privacy laws that are already in place in the United States and Europe and Canada, and the UK. So you want to make sure that your privacy policy has all of the necessary disclosures, from the privacy laws that apply to you. And for us based businesses, having an inaccurate privacy policy or, you know, copying and pasting from your competitors policy, where it’s not accurate to your business can actually be seen as a deceptive act by the Federal Trade Commission, which can also get you into trouble. So if your privacy policy is an accurate to your business, because you’re copying and pasting templates, or you know, you’re using your competitors privacy policy. So first, you can get fined for non compliance by the laws that apply to you. So, you know, fines can range from 20 $500 to 70 $500, in the US per violation. And in this case, per violation means per website visitor whose privacy rights you infringed upon. So, you know, let’s say you have 100 website, visitors from California this month, the fine will be calculated as 2500 times 100. So those can really, really add up very quickly. You know, so you want to make sure that your privacy policies accurate and compliant with the privacy laws that apply to you,

Santiago Leon 6:22
and target and does all that I actually met some people that do copy and paste of competitors. So it’s quite interesting. The whole dynamic if you do that, anyways, um, as we mentioned before, GDPR was news about two years ago, I believe, it’d be less than that, um, how much of an impact has that been so far? And how do you provide services for that? Yeah, so

Donata Stroink-Skillrud 6:47
GDPR has been a hot topic for a while now. And it’s actually one of the most like misunderstood privacy laws of all time, I would say, especially for us based businesses. So a lot of people have this idea that, you know, okay, I have this website, and people from Europe can go on to this website. So that means I need to comply with GDPR. And that’s really not the case. So, you know, if you have a website that’s accessible from the EU, that’s not enough to make you comply with GDPR. So, you know, real quick, you need to comply with GDPR. If you meet one of three factors, so one, you’re located in the European Union. So if you’re already there, then you know, you need to comply with that law, to if you offer goods or services to EU residents. And, you know, that would mean providing your website in French, for example, or shipping to France, or providing directions to your office from France, you know, or if you’re tracking the behavior of EU residents online, and that’s where most websites get caught up. So you know, websites that have Google Analytics, or any other type of analytics service would be considered tracking the behavior of E residents online. And that’s when you need to comply with GDPR. And I think, from my perspective, at least, what I’ve seen with GDPR is one, it kind of brought privacy to the forefront of people’s minds, especially business people. It’s a law that’s very highly enforced. I mean, there’s constantly new cases, and constantly new fines being issued for GDPR non compliance. So it’s really kind of brought privacy to the forefront a lot of business owners. And then another kind of shift that I’ve seen is the cookie pop up notice, you know, so agree to the cookies, or give us your consent to us collecting cookies. Those are really the main shifts that I’ve seen with GDPR. I mean, almost every website now has the cookie pop up notice whether or not they actually need it, or whether or not it’s actually compliant.

Santiago Leon 8:58
And and I’ve noticed that a lot when I visit European new sites. I’m a huge European sports soccer fan. And I every time I go to their website, they always prompt me with a notice step cookies or accept privacy. I’m not sure if I have to do that every time in Europe, or is that just something that? I mean, I’m from the US I and and I have to click it all the time? I don’t know.

Donata Stroink-Skillrud 9:22
Yeah, so depends on the setting. So some websites will store your consent settings for a while. But you can’t store the consent settings forever, that’s not compliant with the law. So you know, periodically, they have to ask for your consent again. And one thing that I do have to say for anyone that’s listening is, you know, just having a cookie consent checkbox is not all that you need. So you can’t just go and download some random plugin and put up the consent checkbox and then you’re done. There’s some criteria that needs to be met by that consent. So If you go to a website and you see, you know, we collect cookies and the only button, the only choice that you have is accept, that’s actually not compliant. So consumers need to have the ability to deny those cookies. So on your website, non essential cookies should be disabled by default. And non essential cookies are cookies that are not necessary for, for your website to function. So a great example of that would be Google Analytics. So if you need to comply with GDPR, non essential cookies must be disabled by default. And then essential cookies are enabled by default, and you don’t need to get consent for those because otherwise your website wouldn’t work. But when it comes to non essential cookies, you need to give people an actual choice. So there should be an Accept button. And there should be a deny button. And you know, you can just say accept or by using this website, we assume that you’re okay with this, unfortunately, that’s not compliant. So whatever plugin or cookie consent solution that you’re using, make sure it’s actually compliant with the law, and make sure that it actually gives someone a clear choice of, you know, accept or deny.

Santiago Leon 11:14
And how has the I mean, has the EU added more more laws to this GDPR situation where like, every year, like the website has to up, like update their, like their wording a bit? Is that something that you’ve seen?

Donata Stroink-Skillrud 11:32
So, you know, GDPR requires your privacy policy to be accurate, right. So, you know, you do have to review that policy every once in a while, or let’s say you decide to share information with more third parties that you didn’t share information was before, you might need to get consent from the consumer, to do such things, and, you know, notify people of updates to your privacy policy, things like that. And so, you know, it is important to make sure that your privacy policies accurate. And, you know, as your business grows, as things change, you know, your Privacy Practices change as well. And GDPR requires you to notify consumers of that.

Santiago Leon 12:14
stateside, I know, I’ve been hearing certain states want to implement something similar to what they did in the EU, I believe California was one of them. Have you seen this going on? I mean, we’ll be implemented here in the States? Or do you think we’ll be, you know, certain states that will probably be asking for you to do some type of consent?

Donata Stroink-Skillrud 12:35
Yeah, so this is actually one of my favorite topics of all time, I love talking about this. And so, you know, Europe kind of did it correctly. So, you know, Europe is made up of, or sorry, the European Union is made up of a lot of different countries. And instead of having different laws for different countries, they decided to come together, come up with one law, that applies to all of the countries that are in the EU. Unfortunately, in in the United States, we’re not seeing that. So a lot of people want a federal privacy law, so that it’s very clear of you know, what the requirements are, and you don’t need to follow different requirements for each state and blah, blah, blah. And, and unfortunately, we haven’t gotten here. So what we see in the United States is each state is proposing its own privacy law that businesses would need to comply with. And what’s interesting about the laws here is that they have a very broad application. So for example, one of California’s laws applies to any website that collects the personal information of California consumers, as you know, anybody from anywhere can go onto a website and submit their personal information on a contact form. So people from California could be submitting their information to any website, you know, regardless of where the business is located, and then that law will apply to you. So privacy laws in the United States don’t really care about where you’re located, or where your business is located. Where really matters is where you do business, where your customers are located. And you know, whose personal information you’re collecting. So we’re seeing more and more of these bills being being put forward. Right now there’s over a dozen. And in the United States, we don’t really follow the consent model as much we follow more of the disclosure model. So in Europe, you know, you need to get somebody’s consent to collect their personal information. In the United States. It’s more along the lines of you have a privacy policy that gives the consumer all of this information, and then it’s kind of up to them to decide what they want to do. So as time goes on, I think we’re gonna see more and more privacy law requirements for small businesses in the United States, and more and more requirements for privacy policies and what those privacy policies needs to disclose.

Santiago Leon 14:56
No, no. How would it look like obviously if we did this Say side, similar to over there in Europe, would it be, you know, like all in one paragraph and just hit accept or or we’ll have to hit it twice. I said, Okay, the US accept and then Europe accept Is that something that you foresee happening or just be one, one statement?

Donata Stroink-Skillrud 15:19
You know, some companies decide to have different privacy policies for each state or each country. You know, so you’ll have like an EU specific privacy policy or a California specific privacy policy. And I think now at this point, this kind of works, it’s a bit clunky, it’s a bit confusing to consumers, but it can work. But as we see more and more privacy laws being passed in the United States, you can’t really have 50 privacy policies, right. So people are going to end up combining them into one, which is really what you should be doing in the first place, because it’s going to be a lot more scalable and usable in the future. Because you can’t just have an obscene amount of privacy policies, because then consumers are going to get confused about what applies to them, and what doesn’t. And then you have like, a long list of documents and all of that. So I think the best option to do is to, you know, combine everything into one policy, because that’s going to allow you to, you know, make updates in the future and allow it to be scalable in the future.

Santiago Leon 16:20
Yeah, that makes sense. And especially when it comes to like, website, aesthetics, you know, if you’re keeping the user for like a, you know, more than 10 seconds, except in policies, they’re probably going to go and exit to another website or something. Yeah, makes perfect sense. Um, are you still seeing websites that are not putting any privacy statements a lot? Or you’re seeing majority of them? Like, I mean, I’m placing this statements on their website?

Donata Stroink-Skillrud 16:53
I think it depends on the industry, right. So I think some industries are a lot more in tune with what’s happening right now. So we have a lot of clients, all of whom use our service to create privacy policies, I’d say, you know, some of the industries that are more forward thinking, you know, real estate, we see a lot of real estate agents creating privacy policies now, because a lot of people are moving in between states or in between countries. So they get a lot of form submissions from other places. So that’s, you know, kind of one industry that I see that’s leading this effort. I also see a lot more website designers and website design agencies create their privacy policies, which is awesome to see. And I think that’s because they’re familiar with the technology. And they kind of, they’re always one step ahead. And you know, what’s really interesting is one industry that I see that’s really behind, and I think this is kind of the cobblers children have the worst shoes kind of syndrome. But lawyers, I see a lot of law firms, you know, that practice and like employment law, or like personal injury that don’t have privacy policies, which I think is very interesting, to say the least. And it kind of just shows, you know, how us attorneys have different focuses in different areas. You know, so an attorney that knows about privacy probably won’t know about personal injury, than an attorney that knows about business contracts probably won’t work too much in privacy. And, you know, I think that’s very interesting to note as well.

Santiago Leon 18:31
That’s the price. We mentioned lawyers. So it’s quite interesting. Um, as we spoke earlier, within, like, early on, you speak at work camps. Tell me your involvement with WordPress, and the WordPress community?

Donata Stroink-Skillrud 18:50
Sure. Um, so I’m a huge fan of WordPress. Our main website is actually built on WordPress, and I have never been able to find a community that’s anywhere near the involvement of WordPress, right. So, you know, I’m part of the American Bar Association, the International Association of privacy professionals, which are really great organizations. And I mean, you learn a lot, right, and you meet a lot of people. But I feel like the WordPress community is the one community where I’ve actually made friends that I’ve kept in touch with, which is really amazing. And, you know, not being able to go to word camps in the last year has definitely been difficult. Since, you know, that was a huge thing that we were doing. We’re doing a lot of word camps. And I was speaking at a lot of word camps. And I’m doing a lot of virtual speaking events now. But I absolutely miss seeing all of my friends who live in like different states and stuff that I met through word camps. You know, so I think it’s an awesome community and I hope that we’re all able to kind of meet up in person soon.

Santiago Leon 19:58
I agree. I think in person is better than a video call. Tell us about your company, your services, which you provide, I see that not just websites, but also applications. But just to reiterate, tell us what platforms that you can help out business owners to have a website or an app and reiterate that. So

Donata Stroink-Skillrud 20:22
yeah, so we do work with websites and applications. And really, we work with any business that collects personal information. So if you have a contact form that collects names, emails, phone numbers, addresses, anything like that, if you have email newsletter, signup forms, if you have like account creation forms, if you’re using analytics, services, stuff like that, that’s where we can help you create your policies and keep them up to date.

Santiago Leon 20:50
Something very important for all of you guys, I, you know, I added some stuff on my WordPress site, obviously, I’m not a big company, but I know that I like my, like my private private policy that WordPress provides, which is very generic, which might be a bad thing. You might not as you might think that’s probably a bad thing. Um, tell us about WordPress and the resources, the resources that they provide for for private policy that you’ve seen so far?

Donata Stroink-Skillrud 21:23
Sure. Um, so WordPress provides template privacy policy that people can use. And honestly, you know, I’ve spoken to the WordPress volunteers team that created that template, and you can speak to them on slack anytime you like. But essentially, they said that the the point of that template privacy policy is not to comply with any privacy laws, is to kind of give you give you a sense of the fact that our privacy policy can be required by law. So it’s basically to just bring your attention to the fact that you need a privacy policy, which I think is great. And I think it’s necessary, I think a lot of people don’t even know that they need one. But it doesn’t really comply with any privacy laws. So you know, that’s something to keep in mind when using templates.

Santiago Leon 22:12
Yeah, definitely. I know that you got a little bit, which you said earlier, like the detail of the privacy policy is very important. I’m a little side tangent, what’s your thoughts over the fiasco? Between apple and like, you know, tell me users about like the, like the privacy policy connection? And Facebook having issues with that? What are your thoughts over that?

Donata Stroink-Skillrud 22:37
I think Facebook is always going to have issues over privacy, you know, they want to make money, and they sell data. And that’s how they make their money. So they sell it to, you know, advertising companies and anyone that will essentially buy it. And, you know, I think Apple is attempting to position themselves in the market as a privacy focused company. And that’s actually a huge differentiator right now between competitors, is the caring about privacy, and people will use certain products more over others because of privacy concerns. So I think Apple’s trying to bank cash in on the fact that more and more consumers care about privacy. And I think to them, it’s kind of a PR move more than anything else. And I think Facebook has had a lot of issues with privacy for a very long time. Will they ever kind of dig themselves out of this hole that they put themselves into? I’m not sure. I mean, Facebook is the reason why we have certain privacy laws because of the Cambridge analytical scandal. And because Facebook CEO refused to show up for hearings or was, you know, disrespectful to lawmakers. So we’re kind of in this patchwork of privacy laws that small businesses have gotten caught up into thanks to Facebook. So I think they just have a lot of bad feeling from from lawmakers and legislators. And I don’t think they’re kind of doing enough to take that back.

Santiago Leon 24:11
Yeah, it’s quite interesting with Facebook, and they’re calling Apple their competitors, which I guess you can say that, um, but I could definitely see Facebook, possibly reintroducing their own phone, their own hardware, but that’s a side tangent.

Donata Stroink-Skillrud 24:25
I’m not sure if anybody’s gonna buy that. I certainly wouldn’t. Knowing that all of that data would be potentially scraped and sold to marketers, you know,

Santiago Leon 24:34
I yeah,

Donata Stroink-Skillrud 24:35
I’m not sure if I would sign up for that.

Santiago Leon 24:37
Yeah, yeah. be interesting. Who will answer it like everyone’s in trapped either an apple or like Android on platform, so it’d be it’d be interesting. Anyways, uh, the nada what is the best way to reach you and to find out more about your company?

Donata Stroink-Skillrud 24:52
Sure. So to find out more about our company, you can go to Target n.com that’s t RM ag. II d d o n calm, and you can find us on social media at Armageddon. And to reach me You can either submit a contact form and agree to our privacy policy on our website. Or you could shoot me an email, it’s de nada, target and calm.

Santiago Leon 25:17
And I love it. It’s funny cuz your privacy prompt has like three options. It says use assert cookies only allow a collection or allow all cookies. So it’s, I mean, I’ve never seen that. That’s, that’s great.

Donata Stroink-Skillrud 25:35
So that cookie pop up is actually provided by a company called cookie bot. So we don’t provide our own cookie consent pop ups, but I do recommend that you check out either cookie bot or user centrix. They both provide really good products and I believe they’re both have WordPress plugins too.

Santiago Leon 25:53
There you have it. This is a privacy podcast, very unique. I love it. I think it’s very important for anyone that’s watching this for their website. Of course a lot of listeners are website owners are WordPress fanatics. And this is something that you’re going to have to follow in these couple years not going away anytime soon. And there might be some more stuff coming up in the near future. The Nona I appreciate you coming on to the to the SAM productions. Any closing words before we go?

Donata Stroink-Skillrud 26:19
Yeah, I have a privacy policy and don’t hide it from people. So make sure that it’s easily visible on your website.

Santiago Leon 26:27
Precisely. Thanks for coming on.

Donata Stroink-Skillrud 26:29
Thank you for having me.

Transcribed by https://otter.ai