Friday Updates: GDPR, Heap, TED

What I’m working on at Preceden

In my ongoing effort to professionalize Preceden, I’ve been focused on making Preceden more GDPR compliant recently. This has had me reading lots of articles about GDPR and trying to make sense of exactly what’s required. Problem is, there’s very little agreement.

Consider questions like:

Can a a cookie banner have only an Accept button or is a Decline button also required? (Pretty sure you need a Decline button, but lots of websites don’t include one.)
Can you track visitors in analytics tools before they’ve opted into tracking? (Pretty sure the answer is no, but lots of websites do it anyway.)
Are cookie banners required for people in the US? What about an EU resident who is visiting the US? (Pretty sure GDPR applies for the EU resident visiting the US, which means you have to display the banner to all website visitors.)
If you turn off advertising features in Google Analytics and configure it to anonymize IP addresses, is a cookie banner still required? 🤷‍♂️
What privacy policy updates are required? (Lots of websites, even those trying to be GDPR compliant, include different sections.)

And this is really just the tip of the iceberg.

Even though there’s a lot of ambiguity, I’ve been making lots of positive improvements to Preceden, and imagine by the time I’m done with this round of updates it will be in the top 1% of websites in terms of GDPR compliance and that should minimize my risk for the foreseeable future.

These updates include:

Removed Ezoic, a service I used to optimize ads displayed on pages with public timelines, because it loads a large number of ad tracking scripts and sets dozens of cookies. This will result in a few grand of lost revenue each year going forward, but I feel good nixing it, not just to make Preceden more GDPR compliant but because loading all those ad trackers for visitors is nasty.
Removed Mixpanel, because most of the business intelligence reporting I care about these days relies on backend data, so no need to track all these front-end events that I haven’t looked at in years.
Updated Preceden’s Privacy Policy and moving it from an internal CMS over to the codebase so I have a version history of it going forward. GDPRStart.com has a great customizable template for $99 that I used as a starting point for the content.
Created a Cookie Policy that lists all of the cookies Preceden sets and their purpose.
When people visit public timelines, Preceden records a backend analytics event that in the past has included the visitor’s IP address. Nixed that from the database since an IP address is considered PII and visitors haven’t opted into that tracking.

Probably going to spend next week on this work too.

What I’m working on at Help Scout

Speaking of analytics tracking, we’re evaluating Heap for use at Help Scout currently. Unlike tools like Mixpanel, Heap automatically tracks a user’s entire click stream which has a number of benefits like saving on engineering time (because engineers don’t need to manually implement Mixpanel events). I’m leading this evaluation, so it’s had me on demos calls, reading documentation, writing a 3-Pager (a document we use to propose an idea or project to others at the company), and discussing use cases with people.

What I’m watching

A few weeks back I got my Concept 2 rowing machine out of the attic and have been trying to make rowing a daily habit. Usually I do it right after I put the kids to bed and it takes about 25 minutes to row 5k. The rowing machine is in front of a TV and I listen via Apple TV with Airpods so the high volume (which is necessary when rowing) doesn’t wake up the kids.

After finishing up Tiger King, I’ve gotten into TED talks. Most are like 10-15 minutes, so I can usually watch two in the time it takes to do a 5k.

One I watched this week (though nor a normal short talk) is this interview with Elon Musk from a few years back: