A Free Guide

Cover Your Assets
The Ultimate Guide for the Legal Side of Blogging in the U.S.

Blogging can be a great past time or side hustle. It’s a lot of fun and a lot of work. After putting in all that work you don’t want to put your income earned or your personal assets at risk. Which is why it’s important to make sure you blog is legally compliant.

There are State, Federal, and International laws that bloggers need to be aware of and take action to ensure their site is compliant. This guide will breakdown those laws and regulations so they are easy to understand and help you figure out what you need to do to get your blog up to snuff.

Before we dive into all the good stuff, I want to make sure you know:

ElizabethStapleton.com is not a law firm. While Elizabeth Stapleton is an attorney, she is not your attorney and nothing on this website, downloads, or content available are to be construed as creating an attorney-client relationship. Additionally, nothing in this site or resources made available are to be considered legal advice. The author is not liable for any losses or damages related to actions or failure to act related to the content, downloads, or resources made available on or through this guide. If you need specific legal advice consult with an attorney who specializes in your subject matter and jurisdiction.

Additionally, this page may contain affiliate links. Meaning I receive commissions for purchases made through those links, at no cost to you. I have experience with all of these companies, and I recommend them because they are helpful and useful. You can read my disclosure policy for more information.

Section 1

What You NEED to Know About Blogging Disclosures & Disclaimers

In this section, I’m going to show you why blogging disclosures and disclaimers are important, as well as what they should include and where they should be displayed.

What You NEED to Know About Blogging Disclosures & Disclaimers

Get Started

Section 2

California Consumer Protection Act: The Ultimate Guide for Bloggers

CCPA stands for California Consumer Privacy Act, but don’t let the “California” part fool you, even if you’re not located in the state, it may still apply to you. It was passed and signed into law in 2018 and went into effect in January 2020.

California Consumer Protection Act: The Ultimate Guide for Bloggers

Get Started

Section 3

General Data Protection Regulation: The Definitive Guide for Non-EU Based Bloggers

The General Data Protection Regulation, otherwise known as the GDPR, went into effect May 25, 2018 and it applies to most websites and failing to comply could mean potentially facing some serious financial consequences.

General Data Protection Regulation: The Definitive Guide for Non-EU Based Bloggers

Find out all about GDPR
Get Started

Section 4

Understanding Trademarks & Copyright

Many bloggers mistakenly violate other's copyright, which can lead to trouble down the road. Learn all about copyright for bloggers and get a better understanding of trademarks in this section.

Understanding Trademarks & Copyright

Get Started

Section 5

What Bloggers Need to Know About the Americans With Disabilities Act

An often overlooked law when it comes to blogging is the American with Disabilities act. But complying from the start is way easier to do than having to go back and do it once you're required. It's better to just do things right as much as possible as early as possible.

What Bloggers Need to Know About the Americans With Disabilities Act

Get Started

Section 6

What to Do When Your Blog Content is Stolen

Blogging is a lot of work, which is why when someone steals all that hard work it can be incredibly frustrating and disheartening. In this section, I’m going to break down what you should do if someone steals your blog content.

What to Do When Your Blog Content is Stolen

Get Started

Section 7

LLCs: What They Are And How to Register Your Own LLC

If you are working for yourself or running your own business, you may hear the term LLC thrown around. Generally, as people telling you your business should be an LLC. But what is an LLC and how complicated is it establish an LLC? Find out in this section.

LLCs: What They Are And How to Register Your Own LLC

Get Started
Liz Stapleton Headshot Fincon transparent background

Hey!

I Am Liz Stapleton.

A licensed attorney since 2012, and a blogger since 2014, I have spoken at both virtual and in person conferences on the importance of legally protecting your blog and business.

I am the founder and voice behind Less Debt, More Wine – a personal finance site, ElizabethStapleton.com, where I helps bloggers get more done in less time while also making sure they are protecting themselves and their businesses legally, and the Blogger Breakthrough Summit, which helps bloggers break out of a rut and hit that next level.

What You NEED to Know About Blogging Disclosures & Disclaimers

6

Chapters

1

Videos

All

Skill Level

English

Language

Overview

I think you’ll agree that being able to keep the money you make from blogging is great. But without the proper disclosures and disclaimers you could be putting your blogging income at risk. Most people know they need blogging disclosures and disclaimers, but don’t know what they should say or where it should be.

In this section, I’m going to show you why blogging disclosures and disclaimers are important, as well as what they should include and where they should be displayed.

this section will help you learn:

  • The Difference Between A Disclosure And A Disclaimer
  • Why You Need Blogging Disclosures
  • Why You Need Disclaimers
  • What Makes Blogging Disclosures Required?
  • How to Write Disclosures and Disclaimers
  • Where to Place Disclosures and Disclaimers

What is the difference between a disclosure and a disclaimer?

A Disclosure: is letting your audience know something, it’s giving them a heads up

A Disclaimer: is you saying “I’m really not responsible for your actions because x, y, z” or “I’m not responsible for your actions even though x, y, z” It’s just sharing information and it’s up to your audience what they do with that information.

Why You Need Blogging Disclosures

If you’re like most bloggers who monetize your site, you are likely using one if not more than one of the following ways to make money blogging:

  • Ads
  • Affiliate Links
  • Email marketing
  • Selling products

To make sure you get to keep the money you earn you’ll want to make sure you are in compliance with various laws.

Which means you will need to include the proper policies and disclosures on your website.

At its core, the legal requirements aim to ensure you are being honest and transparent with your audience. You have to let your readers know what information you are collecting from them and why.

As well as if you have any particular interest when it comes to links they click on, basically you need to let them know if you have skin in the game.

It’s not only required but it helps to build trust with your audience. Since you are being, upfront, honest, and transparent, your audience can trust what you have to say.

Why You Need Disclaimers

Disclaimers are important because they limit your liability on the content you create, meaning they can help keep you out of trouble. This can be especially important depending on what niche you’re in, for example, if you write about health or money. You don’t want someone suing you because they lost all of their money from doing things talked about on your site.

A disclaimer lets your readers know that the information you’re providing is for informational and educational purposes only and what sort of qualifications you do or don’t have to write in this area.

Other disclaimers are important if you share income reports or testimonials because you’ll need to make clear that you cannot guarantee that someone else will have the exact same results.

What Makes Blogging Disclosures Required?

There are a few different laws that require you to disclose your relationship and the information you collect.

The Federal Trade Commission has endorsement guidelines that most often applies to bloggers when it comes to affiliate marketing. They break down in detail what makes a proper disclosure, as well as where disclosures should be placed.

This includes disclosing any affiliate link included on a blog post or if you were paid to do a sponsored post, or received free products to review. Keep reading to learn more about the requirements.

Another law that applies to most bloggers is the General Data Protection Regulation, more commonly known as GDPR. It requires companies and websites, like yours, to get consent to collect information and to let people know all of the information you are collecting. We’ll did deep into GDPR and all its requirements later on in this page.

A Quick Disclaimer

Since we are talking about disclosures and disclaimers I need to go ahead and give you one. So here is an example of a professional disclaimer that 100% applies to the content included in this website:

While I am an attorney, I am not your attorney and nothing on this website or downloads made available are to be construed as creating an attorney-client relationship. Additionally, nothing in this site or resources made available are to be considered legal advice. The author is not liable for any losses or damages related to actions or failure to act related to the content in this website. If you need specific legal advice consult with an attorney who specializes in your subject matter and jurisdiction.

How to write disclosures and disclaimers that comply with the law

Now that you know why disclosures and disclaimers are important, let’s dig into what should actually be included in your disclosures and disclaimers on your posts as well as your site’s “legal” page.

What is required will depend on what you are doing, here are some things you need to either disclose or disclaim and we’ll dig into them next.

  • An affiliate/sponsored relationship – disclose that you earn money or free products
  • A professional license – disclaim professional advice
  • Lack of professional expertise- disclaim
  • Using cookies – disclose and ask for consent
  • Email sign up forms – disclose and ask for consent
  • Requiring a name and/or email for comments
  • Income disclaimer
  • Testimonial disclaimer

Affiliate Marketing

The FTC guidelines in the simplest terms require that if you are getting something in exchange for what you are sharing (on your site, social media, or in email etc.), you have to say so. This could be a commission when someone clicks on a link or a free product in exchange for a review. Those are some of the most common examples but not the only ones.

You must give notice to your audience, whether that link is used in a blog post, social media, or an email. The reason being that you be biased towards the product because you received compensation in some form. Even if you think you aren’t biased, you have to let your readres know so they can judge for themselves.

If you are not following the rules (at least here in the US) you could be forced to give up the money you earned through the misleading links and posts.

Since the rules also apply to your affiliate partners and they could also be fined. They may even drop you as an affiliate if you are not complying.

Additionally, some affiliate programs have specific requirements in the disclosures they want you to show.

One well-known example would be Amazon affiliates. Amazon requires that you have very specific language in your disclosure on posts or pages where you include Amazon affiliate links. As well as on the page where you outline your legal policies.

As of June 2020 this is the current language that Amazon Requires:

As an Amazon Associate I earn from qualifying purchases.

Amazon is also well known for not allowing cloaking of affiliate links. Meaning you cannot use PrettyLink for Amazon Affiliate links. Here is an example of a cloaked link:

Affiliate Link: https://makingsenseofaffiliatemarketing.com/?affcode=57702_ynoql56_

Cloaked with Pretty Link: https://elizabethstapleton.com/affiliatemarketing

Professional Disclaimers

If you are a professional, say a lawyer, doctor, or financial advisor, you want to make sure that your audience knows that your content is for informational purposes only and is not to be considered professional advice.

One example of one would be what I shared earlier in this post. Different professions will have different requirements about what you can and cannot post but a disclaimer is always wise.

Non Professional Disclaimers

On the flip side of Professional disclaimers are non-professional disclaimers. You’ll want to include one if you talk about a topic that people often look to a professional for advice on and explain that you are not a professional.

For example, I also have a personal finance blog, but I am not a financial advisor which I explain, the information on that site is based on my personal experiences and is for educational and informational purposes only. I am sharing my personal experience which may not be applicable to others.

It comes down to this, if you write on a topic of which you are not a licensed professional you need to say so.

Use of Cookies

You may not be aware that your site uses cookies, but chances are it does, almost all bloggers do. It’s usually certain plugins that create and use cookies to make your site more user-friendly.

GDPR requires that if you use cookies that collect personal data, you get consent for that collection. Which is why you now see every site with a banner having your consent to the cookies being used.

For example:

Email Marketing

Gone are the days of getting someone on your email list by offering a freebie. They must consent to receive emails from you and that consent cannot be conditional on getting the freebie. You can thank GDPR for that one. Again, we’ll dive deeper into this as part of the GDPR section of this page. 

Either way, if you are collecting emails you need to share with the user what you are doing with that information and how long you keep the information.

Comments

While commenting doesn’t get someone on your email list, if your comment system requires the commenter to enter their name and email, GDPR once again requires you to share why you collect the information and how they can invoke their right to be forgotten.

If the phrase “right to be forgotten” sounds foreign to you, you can jump ahead to Chapter 9 in the section on GDPR.

Where to Place Your Afliate Disclosures

Some disclosures, like those for affiliate marketing, require the disclosure to be on the page before the link, but others just need to be included in your site’s privacy policy. If most of your posts contain affiliate links it is wise to automatically include a disclosure.

One way to accomplish this is to use the plugin, Ad Inserter. Yes, you can use it to manage your ads on your site but you can also use it to make sure your disclosure shows at the top of every post.

What you do is you type in the disclosure including the link to your disclosure page and then you set the display rules.

This is an example of a block I use to display my use of affiliate links:

blogging disclosures example in Ad Inserter

However, since I don’t always have Amazon links on every page or post, I only show it when I enable it for the specific post.

Because another very important aspect of your disclosures is that you’re not hiding them. Your affiliate disclosure must be above any links to ensure it is seen before someone clicks away.

You must see that disclosure before you see anything that is going to make you money. If you’re hiding it, by, for example, putting at the bottom of the post after all the content and links then you’re violating FTC regulations.

You also don’t want to put it in your sidebar because typically on mobile the sidebar content is pushed below your post content and therefore doesn’t’ satisfy the requirements.

What to Language to Use for Affiliate Disclosures

So we’ve covered why and where to place disclosures, now let’s dig into what language and information you need to include.

Disclosures must be clear and conspicuous. Which means above the fold and easy to see and read. They must also use plain language basically is should be explained simply enough that your Grandma could understand.

The FTC has specifically said that the language, “affiliate link” might not be understood by your intended audience so you need to spell it out. So if you do decide to use the phrase “affiliate link”, you need to explain what that means.

Be open and honest about your marketing and affiliate relationships.Being clear and concise is the perfect way to use “legal jargon.”

Here is an example:

THIS PAGE MAY CONTAIN AFFILIATE LINKS, MEANING I RECEIVE COMMISSIONS FOR PURCHASES MADE THROUGH THOSE LINKS, AT NO COST TO YOU. PLEASE READ MY DISCLOSURE [link] FOR MORE INFO.

What Language to Use for Professional Disclaimers

The exact language you should use is going to vary depending on your profession, I recommend checking any sort of membership or licensing agency of your profession for guidance.

What Disclosures & Disclaimers to Include on Your Site’s Legal Page(s)

There are a number of items you will need to include on this page. Even if you aren’t collecting email addresses or using affiliate marketing. If all you allow is commenting on your site or you use Google Analytics, you’ll still need a page for legal compliance: These pages typically take the form of:

  • Privacy Policy
  • Terms and Conditions
  • Disclaimers/Disclosures

Privacy Policy

A Privacy Policy is in a way one big disclosure though specific disclaimers may also show up in a Privacy Policy. Primarily you’re explaining to visitors of your site what information you collect and why.

In your Privacy Policy you need to explain what personal and anonymous information you collect and how you use that information.

For example, if you use Google Analytics, you are collecting anonymous information. This information includes where the user is from as well as demographic information such as their age and gender.

If you collect email addresses through forms, you need to say you are collecting the personal information (name and email address) that they submit on the form in your site. As well as the purpose of that information.

Remember disclosures are all about being upfront and honest with your audience, so any information that is being collected and used must be disclosed.

Links to Other Sites

When you do affiliate marketing or are just sharing links to other websites you need to ensure your users know that you are not responsible for the content of those other sites.

Additionally, you need to let your readers know that those sites will likely have their own privacy policies that the reader should take note of.

Finally, You’ll also want to include any specific disclosures required by affiliate partners. Such as Amazon’s requirement that you include:

As an Amazon Associate I earn from qualifying purchases.

Income Disclaimers

If you’re publishing income reports then you’ll need a disclaimer explaining that you can’t guarantee similar results.

Which makes sense, obviously results depend on a lot of different factors not least of which is how hard someone works, the niche you’re in, and all sorts of other things you can’t control for someone else.

Testimonial Disclaimers

Testimonials can be powerful in helping to sell your products. Nothing sells better than someone else selling for you.

However, results for everyone can vary and you need to say so. You can’t promise they’ll get the same results as someone else.

You’ll also likely want to mention that testimonials are from real students and that a number of factors go into a student’s success, not all of which you can control.

Errors and Inaccuracies

It’s important to limit your liability by explaining you are human and therefore your site may contain errors or inaccuracies and to once again remind your audience that you are not responsible for the actions they take.

Bottom Line for Blogging Disclosures & Disclaimers

To ensure your blog or website is on the right side of the law, being upfront and honest through disclosures is more than a good idea, it’s an absolute necessity.

You don’t want to lose the money you earned, simply because you forgot to include a disclosure in your post. Fortunately, technology makes it easy to ensure you are sharing the proper disclosures and disclaimers when necessary.

Some other things you may want to consider including within your site’s “legal” page(s):

  • Refund Policy
  • Intellectual Property rights and the licensing you are granting for use of your products.
  • Allowed behavior on your site
  • Ability/right to terminate a user’s access to your site
  • Jurisdiction for any disputes

Don't Forget Anything

Grab access to this free Cover Your Assets Checklist!

CCPA: The Ultimate Guide for Bloggers

9

Chapters

1

Videos

All

Skill Level

English

Language

Cliff’s Notes Version of What CCPA Means for Bloggers

CCPA is a new privacy act out of California that is similar to GDPR in many ways. If you are already GDPR compliant you only need to do a few more things to be CCPA compliant:

  • Have a contact page on your site
  • Potentially have a toll-free phone number for users to submit requests (there is an amendment in the works that would exclude most bloggers from this requirement)
  • Update your privacy policy
  • Add a “Do Not Sell My Personal Information” page to your site and link to it on your homepage

There are also a few things you shouldn’t do:

  • Block traffic from California based users
  • Don’t charge different rates for those that do or do not exercise their rights

What happens if you don’t comply:

  • Once notified by a consumer of a violation, you have 30 days to fix it
  • If you don’t fix it you could be sued by the consumer and have to pay anywhere from $100-$750 as well as any other penalty the court sees fit
  • You could also be sued by the California Attorney General and be liable for up to $7,500 for each violation (which could really add up).

this section will help you learn:

  • Whether CCPA Applies to You and Your Blog
  • What You Should and Shouldn't Do to Comply
  • What Penalties You Might Face If You Don't Comply

What is CCPA?

CCPA stands for California Consumer Privacy Act, but don’t let the “California” part fool you, even if you’re not located in the state, it may still apply to you.

It was passed and signed into law in 2018 and went into effect in January 2020.

How Does CCPA Impact Bloggers?

It’s another privacy law that you will likely need to comply with, however, if you are already GDPR compliant there are only a few more things you’ll need to do (covered in detail below) to make sure you are set up for CCPA success.

GDPR, if you don’t know, is also known as the Global Data Protection Regulation out of the European Union and it had a big impact internationally when it went into effect in 2018.

One of the big things GDPR impacted was how bloggers grow their email lists as the old content upgrade model, where they give an email and you give a freebie was no longer GDPR compliant.

The CCPA has many of the same or similar rules.

CCPA impacts bloggers, because unlike GDPR where one solution (although a bad one) was to just block traffic from the EU,
CCPA specifically says you can’t deny Californians for exercising their rights, which means no blocking CA traffic.

How is CCPA Different from GDPR?

GDPR protects the privacy of those located in the European Union, while the CCPA protects the privacy of California residents.

If you’re neither, why do you have to comply with either? While you may not be located in the EU or a resident of California, there is a very real possibility that some of your audience is.

Can’t I just block that traffic?

While this is one solution that was floated around when GDPR came out, it’s not a great one thanks to things like Virtual Private Networks, which can mask where someone is located.

Additionally, the CCPA states that you can’t provide a different experience just because users exercise their rights, which I would take to mean that you can’t just block users from California.

Why is There Another Privacy Act?

Because of the 2016 election in the United States. The Cambridge Analytica scandal is mentioned as one of the reasons for needing a more up to date and comprehensive privacy law.

The fact is that technology has been evolving quickly and these new privacy laws are an effort to keep up. They allow consumers more control over their personal information and avenues to pursue (think lawsuits) if a company is violating their rights or grossly negligent with how they protect your personal information.

Does CCPA Apply to Me and My Blog?

There are two qualifiers when it comes to who CCPA applies to and chances are you fall into the first as a Sole Proprietor (by the way you do not have or LLC, or really any type of business entity.

The second threshold is a bit more complicated. It states:

“that satises one or more of the following thresholds:
(A) Has annual gross revenues in excess of twenty-ve million dollars ($25,000,000), as adjusted pursuant to paragraph (5) of subdivision (a) of Section 1798.185.
(B) Alone or in combination, annually buys, receives for the business’ commercial purposes, sells, or shares for commercial purposes, alone or in combination, the personal information of 50,000 or more consumers, households, or devices.
(C) Derives 50 percent or more of its annual revenues from selling consumers’ personal information.”

CCPA, 1798.140

Unless you are an extremely successful blogger, chances are (A) doesn’t apply and so long as you aren’t in the business of selling personal information (though there is some debate if having ads on your site is considered selling personal information) then (C) likely doesn’t apply either.

So it’s (B) we need to focus on, “receives for the business’ commercial purposes …the personal information of 50,000 or more consumers, households, or devices”

The law goes into detail about what actions qualify. It includes things like “counting ad impressions” so if you are using things like Google Analytics, or pixels for ads (think Facebook or Pinterest) then it seems those actions would qualify under this law.

Now for the 50,000 or more per year, unless you are getting under 4,166 users (50,000/12) per month, then yes, CCPA will apply to you.

How to look at your number of Users/month in Google Analytics

If you don’t already have Google Analytics installed on your site, this free course walks you through how to get it set up. Now, here are the steps to take to check how many users per month your site gets:

1. Go to Google Analytics
2. Go to Audience
3. Click on Overview
4. In the top right-hand corner, select the desired date range 5. View the number of users in the bottom left-hand corner

While “Consumer” is defined in the act as residents of California, the law doesn’t specify as such when qualifying, “households, or devices” so it doesn’t look like it matters if only a fraction of those users are from California.

When did CCPA go into effect?

January 1, 2020.

What Do I Need to Do to Comply with CCPA?

There are likely five things you need to do to comply with the CCPA:

1. Don’t be mean to those exercising their rights under the CCPA

This means no:

  • Denying them good or services,
  • Charging different prices,
  • Providing a different quality or goods or services

2. Make available at least two different ways to be contacted to request information

The bare minimum is a toll-free phone number and a website address.

Note: If your business operates exclusively online with a direct relationship with the consumer you need just one method for consumers to contact you (email).

3. After receiving a request for information, provide it within 45 days

And do so free of charge.

4. Update your Privacy Policy

  • To include a description of consumer’s rights under the CCPA (if you have already purchased a Privacy Policy Template or the Website Legal Templates Bundle from me, the necessary language has been included in the Privacy Policy Template).
  • Disclose information you have sold in the last 12 months OR if you haven’t sold any of the personal information, disclose that fact.

5. If You Sell Information, Add a “Do Not Sell My Personal Information” Page to your site

Be sure to link to it on your homepage, it should include:

  • Your privacy policy
  • The California specific “description of privacy rights”
  • An easy was for consumers to “opt out of the sale of the consumer’s personal information”

What Happens if I don’t Comply with CCPA?

If you don’t comply with CCPA, you have 30 days to cure/fix (if possible) the noncompliance once you’ve received a written notice from a consumer that alleges you’ve violated CCPA.

If it’s not something you can fix, meaning the consumer has already suffered damages, then the consumer can bring a lawsuit to seek damages ranging from $100-$750, injunctive or declaratory relief, and/or anything else the court deems proper.

The State Could Come After You Too

If you continually and/or flaunt your violation of the CCPA the court can take that into consideration. The court can also consider things like:

  • Your assets,
  • Liabilities, and
  • Net worth.

Remember, the court is looking to make sure resident’s rights under CCPA are upheld. Meaning they would likely approve a fine that lines up the seriousness of the misconduct and what you can actually afford on top of the $100-$750 you may already be responsible to the consumer for.

If you are found in violation of the CCPA and don’t fix it in 30 days, in addition to the consumer suing you, the Attorney general might bring a lawsuit too.

In that scenario, you could be liable for a penalty up to $7,500 for each violation. Though you’d likely only see that high a penalty if you’re found to have intentionally violated the CCPA.

Bottom Line for CCPA and Bloggers

Take action to do your best to comply with CCPA. Making an effort goes to show you’re not intentionally trying to violate the law. And if you do end up getting a notice that you did (be sure to check your business address/P.O. Box regularly) then fix it within the 30 days and let the consumer know.

Don't Forget Anything

Grab access to this free Cover Your Assets Checklist!

General Data Protection Regulation: The Definitive Guide Non-EU Based Bloggers

9

Chapters

12

Videos

All

Skill Level

English

Language

Overview

The General Data Protection Regulation, otherwise known as the GDPR, went into effect May 25, 2018 and it applies to most websites and failing to comply could mean potentially facing some serious financial consequences.

But what all do you need to do to comply?

To comply with the GDPR you need to do more that update your email forms, you need to be able to prove consent for the information you collect and provide your audience with the ability to access their personally identifiable information (don’t worry I’ll explain what I mean by information you collect and personally identifiable information in second).

In this guide I’m going walk you through what you need to know about the GDPR and how it affects your website as well as the action steps you should likely take to ensure you are complying.

To get a better idea of what we’re talking about here check out the video below:

this section will help you learn:

GDPR 101 - What it Means for Bloggers

If you have a website that can be accessed by people located in the European Union, then yes GDPR applies to you.

You see, it doesn’t matter if your target audience isn’t EU residents. It applies to any company that processes information (I’ll explain more about this in a second) from someone located in the EU.

For example, a American studying abroad in France (so located in the EU) enjoys the rights and freedoms provided by the GDPR.

This means that pretty much every website needs to comply with the GDPR.

So it’s important to know what it is and which parts apply to bloggers, which is what I’ll be covering in this section.

The Basics

The GDPR aims to protect a person’s fundamental right to protection of their personal data and hold companies accountable for violating this right.

Because unfortunately big companies have not only had data breaches but then have not been telling those impacted right away, sometimes they don’t tell people their data was compromised, until years later.

Some examples:

  • Uber
  • Target
  • Equifax

The list could go on…and I’m sure as a consumer yourself, companies failing to inform you of breaches is frustrating to say the least.

Now, I know as a blogger you care a lot about your audience and helping them as much as possible and you’ve also probably never had a data breach but don’t you want your audience to know that you would never be shady like that?

Of course you do. So you want to be transparent with them in terms of the data you collect, how you collect it, what you do with it, and the reasonable measures you take to protect that data which is really all the GDPR is asking you to do.

The territorial scope includes the processing (aka collecting) of personal data of those located in the EU by those not established in the EU where it relates to the offering of goods or services, even if those goods and services are free (for example, offering a lead magnet or content upgrade).

It also applies to any monitoring of behavior that takes place within the EU, so for example, tracking their behavior on your site, Google Analytics or heat maps are good examples of this.

Now let’s dig in to some of the terminology I’ve been using so you can understand exactly what I mean.

What is “data”

Straight from the GDPR:

Personal data “means any information relating to an identified or identifiable natural person…..such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical physiological, genetic, mental, economic, cultural, or social identity of that natural person”

AKA information/data such as names, email addresses, IP addresses. If you’ve ever dived into the Audience section in Google Analytics then you know you can see information like, where users are based, their gender, interests, age, etc.

That is a lot of information and while you may not be able to tie it to a specific person, the way you could with someone on your email list, under GDPR you need to let your audience know that you collect it.

What does “processing data” mean

From the GDPR:

Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure or destruction;”

Basically, if you are collecting information by way of, comment forms, email forms, or analytical tools (which are the most likely cases for bloggers) then you are processing data.

How does it apply to bloggers?

Hopefully at this point you understand that as a blogger you do collect and process data, now you need to make sure you are doing it legally under GDPR.

There are six legal grounds for processing data:

  • Where the data subject/person/user has given consent
  • Where it’s necessary for performance of a contract with the data subject/person
  • It’s necessary for compliance with a legal obligation
  • Processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  • Processing is necessary for the performance of a task carried out in the public interest
  • Processing is necessary for the purposes of the legitimate business interests so long as they aren’t outweighed by fundamental rights and freedoms of the data subject

As a blogger you’re going to primarily be dealing with the first two, and possibly the sixth if consent or necessity might not be appropriate.

Consent

Consent to the processing of personal data must be a “freely given, specific, informed, and an unambiguous indication” of the person’s wishes made by “a statement or by a clear affirmative action.”

Let’s Break that down:

Freely Given: you can’t require consent as a precondition.

For example, if you offer a lead magnet you can’t require them to consent to be on your email list in order to get that free lead magnet.

Specific, Informed: They have to know what they are consenting to, which means you need to explain what data/information you are collecting, the reason you are collecting that information, and how you plan to use that information.

This is going to require a bit of forethought, because data can often be used multiple ways. For example, you can use email addresses to form retargeting campaigns via Facebook Ads, but if you didn’t ask for consent to use the data this way, it doesn’t matter that you have the email addresses, you can’t use them to retarget on facebook.

This also means you may need multiple instances of consent based on what data is being collected. For example, consent to use cookies and consent to have their email address added to your mailing list.

A Statement or Clear Affirmative Action: They easiest way to show an unambiguous indication of their consent is to have them take action.

For example, you can’t have a checkbox with a statement of consent pre-checked.

The GDPR specifically states that “Silence, pre-ticked boxes, or inactivity” does not constitute consent.

Additionally, a person has the right to withdraw consent at any time and it must be as easy to withdraw consent as it was to give consent.

Necessary Data to Perform a Contract

You might be thinking that as a blogger you don’t enter into a contract with your audience, but in reality every time you make a sale of one of your products, you are agreeing to deliver the product, it’s a contract of sorts.

The same could be said for delivering a lead magnet. But you have to remember that the consent then is only for delivery of the lead magnet and not a consent to be added to your marketing/newsletter list.

It’s important to keep in mind that where the data is necessary to perform a contract, does not mean you can use that data for other purposes, in that instance you’d need additional consent.

For example, if someone buys a product, you cannot automatically add them to your newsletter email list. You would need them to consent to being added to the newsletter (don’t worry, we’ll cover this in a bit).

Blogger Actions Impacted

At a glance the main things that are impacted are growing your email list, running ads, selling products, and analyzing traffic and conversions.

Keeping in mind that in most instances where consent is required, if you didn’t ask for the consent at the time you got the data, you’ll need to go back and ask for it again.

Growing an email list

Consent requires you to either reframe how you’re promoting your email list (with a focus on the newsletter rather than the content upgrade) or add a check box or double opt in option.

Direct Marketing (ads)

If you like to run retargeting campaigns in Facebook (or other platforms) you’ll need consent to use the data in this way.

Analyzing Traffic and Conversion

A lot of information being gathered by Google Analytics may not intrude on an individuals privacy, however, you’re still going to need to make sure they are aware you use such a tool. You’ll need a disclosure on your site (which you should have had already) and notify them usually via a cookie information banner (more on this later).

Selling Products

If you are collecting more than the necessary information to deliver your product, for example if you’re collecting a phone number as well, then you’ll need consent.

Summing Up The Basics

  • GDPR applies to you if persons in the EU are able to access/enter information on your site
  • To legally collect data (from persons in the EU) you will need consent or demonstrate it’s necessary to perform a contract (like deliver a content upgrade or Product)
  • Consent must be clear and demonstrated by an action, silence or pre-checked boxes do not constitute consent

Your Options and the Consequences for Not Complying

Now, that we established in the previous section that the GDPR basically applies to everyone, you might be wondering what your options are in terms of complying.

You might also be wondering what’s the worst that could happen if you decided to ignore the GDPR, ignorance is bliss right?

Wrong. The more you know the better decisions you can make.

There have been lots of different options thrown around on how you can comply and some rest on more solid ground than others, I’ll be covering them in this section.

Regarding consequences, while there are some potentially hefty fines you might still choose not to comply simply because of the likelihood of you actually being caught might be low. I’ll be covering what fines might apply and how enforcement is set up in this section as well.

Blocking Traffic from the EU & Why That’s Not a Great Idea

Pros:

  • Proactively avoiding GDPR

Cons:

  • Voluntarily minimizing your reach
  • VPNs can mask locations making location based blocking inaccurate
  • Likely going to see other laws come into play that have the similar requirements (like CCPA in 2020)

Taking Action to Make Your Site Compliant

While it requires more work than just blocking EU traffic from your site (aka geoblocking) it’s likely your safest bet.

It’s also probably wise to take action now as we’re likely to see more laws like the GDPR enacted in the future, if you’re eventually going to have to do it anyway, may as well do it now.

Pros:

  • Minimizes your risk
  • Provides transparency to your audience

Cons:

  • Requires a little bit of work (like reading this guide)

Weighing the Consequences of Ignoring GDPR

Ultimately what action you take will depend on how willing you are to face the risks of noncompliance.

Fines

While infringing on certain parts of the GDPR carry a 10,000,000 EUR or 2% of total worldwide gross income, most of the sections that bloggers would be dealing with have a much higher fine.

Infringing on the sections bloggers are most likely to be dealing with such as consent can be subject to a fine of 20,000,000 EUR or 4% total worldwide gross income (whichever is greater). However this is in accordance with another part of the GDPR, the proportionality part.

Proportionality

Pursuant to Article 83, paragraph 2, when deciding on the amount of an administrative fine, due regard must be given to:

  • The nature, gravity, and duration of the infringement
  • Whether the infringement was intentional or negligent
  • If there was any action taken to mitigate the damage suffered by data subjects (people)
  • The degree of responsibility taking into account any technical or organization measures that were implemented

Protect Your Assets

Because of the potential fines it may be a good idea to form an LLC or some other corporate entity to protect your personal assets. Talk to an attorney and an accountant to help you figure out which type of business entity would best suit your needs.

Better is an awesome law firm that works with creative entrepreneurs and can help you with business formation. They’re just like you, but lawyers.

Katherine from The Bookkeeping Artist is an accountant (but not like a regular accountant, she’s a cool accountant) that can help you figure out which business entity would be best. You can reach out to her through her website.

How GDPR Can Get You a More Engaged Audience

One of the biggest concerns with bloggers is that the GDPR is going to severely limit their ability to build their email lists since the old way of offering a content upgrade or lead magnet in exchange for adding them to your list in now out the window.

However, the GDPR is actually doing you a huge favor, because the people on your list are going to be far more engaged, which means an increase in conversions and a decrease in the cost of your email marketing service.

I’ll cover all of the benefits of GDPR for you in this chapter.

GDPR Requires You to Do/Be Better

Let’s get real if someone has to actually say yes I want to be on your list after getting your freebie, you’re going to want to make sure that freebie is so awesome they’d be crazy not to sign up for your list.

And since we know there are going to be some people that don’t comply and are still doing it the lazy bait and switch way, it’s going to make your content and freebies stand out even more.

Only the Best People for Your List

The people that end up on your email list are the ones that want to be there, they took action to make sure they end up on your email list, which is awesome.

Because they want to be there they are going to be happy to hear from you.

It will likely lead to higher open rates, higher click rates, and more conversions. And more conversions = more money. Winning!

liz lemon high five gif

More Sales

As I already mentioned more engagement = more sales, but that may not be the only way you’ll be making more sales due to changes you make because of GDPR.

While it’s not clearly spelled out in the GDPR one of the articles listed on the GDPR website seemed to imply that consent can be made a condition of receipt (ex. receiving a content upgrade) if there is “sufficient incentive to justify such conditionality (e.g. that a cheaper service is being provided in exchange for consent.)”

So in theory, if you instead made your content upgrades cost money, for example $5 or offered them for free if they chose to subscribe to your list, you could potentially earn more from those choosing to just buy the content upgrade and skip being added to your list.

Stores EU Citizen Data gdpr guide

As a reminder: this is an interpretation of GDPR and may not be 100% correct, remember this guide is for informational purposes only and does not constitute legal advice.

Bottom Line On How GDPR is Good for Your Business

GDPR is going to result in a more engaged list helping to make every penny you pay your email marketing service count more.

How to Review the Data You Collect

Before you can make the necessary changes to comply with GDPR you’re going to have to know what information you are collecting.

And even if you don’t think you are collecting anything but a name and email address chances are you are collecting other information as well.

If you use Google Analytics, or allow commenting, or have Facebook pixel installed, then yes, you are collecting other information.

I’ll be going over the most common tools bloggers use and the information that is being collected in this chapter so you can figure out what applies to you.

Keep in mind that not only do you want to take action to be GDPR compliant but you want to make sure the tools you use are GDPR compliant as well.

Start by Looking at Your Plugins

Chances are you’re using plugins for a reason and a lot of times that reason can be collecting various data. You’ll want to review the tools you use to make sure those tools are compliant in protecting data. You’ll also need to determine what data you’re processing and what you’re doing with the data.

For example, these are some plugins I am or have used on one of my websites:

  • AdInserter
  • Akismet Anti-Spam
  • Better Search and Replace
  • Contact Form 7
  • Convertkit
  • Google Analytics
  • Dashboard for WP
  • King Sumo Giveaways
  • Thirsty Affiliates
  • Really Simple SSL
  • Revive Old Posts
  • Short Pixel Image Optimizer
  • Grow by MediaVine
  • Convertbox
  • Tracking Code
  • Manager Yoast SEO
  • Jetpack by WordPress

Out of all those, these are the only ones potentially collecting and processing data:

  • Contact Form 7
  • Convertkit
  • Google Analytics
  • Dashboard for WP
  • Jetpack by WordPress
  • KingSumo Giveaways
  • Convertbox
  • Tracking Code Manager (used for the Facebook Pixel)

But I also know that I use ThriveCart to process sales and WordPress for people to comment on my site, they’ll get added to the list as well.

Since these are tools I’m using I need to not only look at them for the data that is being processed but also making sure they are GDPR compliant in terms of keeping that data secure.

Now it’s time to dig in and see what data is being collected by these tools. Fortunately because all of these tools need to be GDPR compliant as well, they likely have information to help you.

Analytics

Pretty much every blogger uses some sort of analytics tool to help them with a number of tasks. Because these are analytics tools it’s not surprising that they collect data, here is a bit more information about what data, common tools, like Jetpack and Google Analytics Collect.

Jetpack – Privacy Notice for Visitors to User’s Sites

Jetpack put together a great resource for their users (like you and I) to help us comply with GDPR, below is the list of various information Jetpack may collect on your behalf, keep in mind it may not all apply to you, it depends what parts of Jetpack you are actually using. I highly recommend you review this resource, linked above.

Information provided by a visitor/data subject/ person to your site

  • Follower and Subscriber Information
  • Site Comments
  • PollDaddy Survey Responses
  • Order & Shipment Information

Other Information Entered on the Site Information Automatically collected

  • Technical Data from a Visitor’s Computer and Etcetera (like the IP Address, browser information, etc.)
  • Visitor Interactions
  • Location information
  • Akismet commenter information
  • Polldaddy response information
  • Intense debate commenter information
  • Information from cookies and other technology
Google Analytics

Chances are the information Google Analytics collects will be similar to Jetpack, so if you use both you’re probably just collecting the data twice.

  • Device data
  • Location Information
  • Cookies
  • Demographics (age, gender)
  • Interests
  • User interactions (such as how long they are on the site, bounce rate, if they are a new or returning visitor etc.)

Direct Marketing

If you do any sort of direct marketing like running ads on Facebook, depending on how you do it you may need to gain consent to collect information used for direct marketing purposes.

For example, if you use the Facebook Pixel to create custom audiences you are collecting personal information through the pixel to formulate that custom audience and you need consent to do so.

Before we get into getting consent for various blogging practices, which I’ll cover in sections 5-7, let’s dig into figuring out exactly what kind of data is being collected with these pixels.

Facebook Pixel

Straight from Facebook’s FAQ’s, the Facebook pixel collects 5 types of data:

Facebook also uses cookies and provides detailed information about what cookies do and how they use the information in their cookie policy.

Pinterest Pixel

While most people injected a bit of code from Pinterest to set up their business account, it might not realize that, that bit of code helps Pinterest and your website communicate.

It helps you to see how many visitors are clicking to your site from Pinterest as well as conversion rates on any ads you may run.

If you are using the data to track conversions then yes you are collecting data and you’ll need consent to do so, which is clearly outlined in Pinterest’s new Advertising Services Agreement, in particular you should pay attention to EXHIBIT A: Pinterest Data Sharing Addendum.

Email Marketing

If you have an email list then you are definitely collecting personal data, namely, email addresses. However, you might be collecting other information as well, such as names and conversion rates.

Below is a list of personal data you are likely collecting through various list building strategies.

Keep in mind that while names and email addresses are likely the most common forms of personal data you collect, if you ask for additional information like a phone number or birthday that is additional personal data you are collecting.

Contact

Most blogs have a “contact” page, that often includes a form for users to fill out in order to contact you. Plugins like Contact Form 7 or Ninja forms are usually used for these purposes.

Whatever information you collect in such a form is likely personal data and will require complying with GDPR where those located in the EU could be filling it out.

Below is a list of additional forms that you may be using to collect personal data on your site.

Sales Tools

If you sell products on your site, the tools you use may be processing data for various reasons, like processing payments, or delivering the product. So take a look at the tools you use to sell your products and take note if you use them for anything else.

For example, if you have it set up that when someone buys something they get added to your email list. This is something that under GDPR you are going to need consent to do so you’ll want to make sure the service you use has this functionality.

Below is a list of some payment/product processors to help you get started.

How Long Do You Keep the Data?

In addition to knowing what data you collect, you also need to know how long you are keeping the data.

For example, in the case of your email list, you usually stop keeping the information once they unsubscribe or have their information deleted.

Google Analytics on the other hand has you set up how long the data is to be retained, I believe the default is 26 months, which is what I set up.

This is something you might also check when reviewing what data you are collecting with various tools.

How to Comply With Your Privacy Policy

The GDPR ensures that data subjects (people on your site) have the right to know what data is being processed and the right to protection of that data.

Which means you have to disclose what what data you’re collecting, how you’re collecting it, and why/how you’re using the data.

Your Privacy Policy on your website is where you do this.

If you didn’t already have a “Legal” page with a privacy policy, you definitely should have one now.

To get your Privacy policy up to GDPR standards you’re going to have to include the information you should have gathered up in the previous chapter, How to Review The Data You Collect.

What Should Be Included in Your Privacy Policy:

GDPR requires that you include on your site:

  • What data you are collecting
  • Why you collect it (your reason must be “specified, explicit, and legitimate and not further processed in a manner that is incompatible with those purposes”)
  • The legal basis for collecting it
  • How long you retain the data
  • User’s rights to the data (right to be forgotten) How you use cookies

Keep in mind that in providing this information you must provide it in a way that is “concise, transparent, intelligible and easily accessible form, using clear and plain language”

So no using legalese, which means writing this out yourself is just fine, possibly even better.

Where You need to Link to Your Privacy Policy:

To make this information easily accessible you should include a link to your privacy policy in several places on your site such as:

  • Menu/Footer
  • Opt In Forms

Really anywhere, where they are submitting information is a good place to include a link to your privacy policy.

For a little more information with some sample text, you need look no further than wordpress:

How to Get Consent with Your Email Forms

The GDPR requires you to get consent to add people to your list and as we covered in Section 1, that consent must be “freely given, specific, informed.”

Which means the old way of trading a content upgrade or lead magnet in exchange for adding them to your email list is out the window. Because if you are offering a freebie you cannot precondition receiving the freebie on them agreeing to be on your email list.

Most people think this means you have to add a check box for consent to your forms, and while that is one solution, it’s not the only one.

What You Can NO Longer Do Under GDPR:

Before we cover what you can do, let’s make sure you understand what you can no longer do under GDPR.

Content Upgrade or Lead Magnet Bait and Switch

As explained you can’t offer a freebie and then pull a bait and switch to add them to your list. But don’t worry this doesn’t mean the lead magnet is dead or that all that time you spent creating content upgrades for each post was wasted.

It just means you have to do things a little differently from now on, I’ll talk about what you CAN do in just a bit.

Pre-check Boxes

I know what you’re thinking, if you have to add a check box, fine, pre-checking it will work right?

Wrong.

Consent must be an affirmative action and the GDPR has explained that pre-ticking boxes or silence do not constitute consent. So while you can use checkboxes in obtaining consent, you can’t pre-check them.

Use the Data for More Than What was Agreed

This is really getting into some of the nitty gritty.

Maybe, you’ve been really good all along about getting consent for people to join your email list. So you have this great list, but now you want to use that list to run retargeting campaigns on Facebook.

If you didn’t get consent to use the email addresses for the purpose of targeting them on Facebook, then you can’t use the email addresses aka data in that way.

Because remember, consent must be specific and informed. People can’t agree to what they don’t know about.

Consent must also be “presented in a manner which is clearly distinguishable from other matters” So blanket consent for everything won’t work either.

Getting Consent from Your Current List

Ok, so this is the one place I plan to use geolocation, to figure out who I need clear consent from.

While the safest bet is to have your entire list consent and that route could be a great way to clean your list, if you are worried about cleaning your list too well, you can segment by EU based subscribers and just ask them.

I know that only a very small percentage of my list is based in Europe, so before the May 25th deadline I reached out to them specifically to ask for consent. But moving forward with any new subscribers I will be sure to get proper GDPR consent.

Convertkit has made it easy to segment your list based on location, and many other email marketing servicers have as well.

Convertkit: Getting Consent from Existing Subscribers

ActiveCampaign: Getting Consent from existing Subscribers

Mailchimp: GDPR Compliance Information

Drip: Get Consent of Existing EU Subscribers

MailerLite: GDPR Forms for Consent

You Don’t Necessarily Have to Add Checkboxes

Thrive Themes came out with a great article explaining that if you reframe your offer, by offering Newsletter as a Service, rather than focusing on your freebie, you don’t need to add a checkbox for consent.

Read the Thrive Themes Article.

Checkboxes are just one way in which you can gain consent, where signing up for your email list isn’t the main offer. This approach of reframing your offer still allows you to offer free downloads but changes your approach to it to avoid the dreaded checkbox.

What to do If You Choose to Implement Checkboxes

If you ultimately decide that you want to utilize check boxes to prove consent, the next step is ensuring you know how. Below I’ve gathered the information on how to add checkboxes to some of the most popular Email Marketing Service Providers.

Keep in mind when choosing the language for your checkboxes that it must be specific, clear, and unambiguous and not lumped into one giant general consent, where you can contact them in anyway. A statement such as “I would like to receive newsletters from [site]” could work, but if you also wanted to use the email address for something else you would need an additional checkbox.

Adding checkboxes with Convertkit

Adding checkboxes with Mailchimp

Adding checkboxes with Active Campaign

Adding checkboxes with Drip

Adding checkboxes with Mailerlite

As a reminder, the checkbox CANNOT be pre-checked.

Why Your Double Opt In Might Not Work

It depends on how you framed you’re offer and what they are “confirming”

Bottom Line for Getting Consent for Your Email List

  1. If you have people based in the EU on your email list, you need to make sure you have express consent for them to be on your list

  2. Moving forward it’s best to get consent from everyone being added to you list

  3. There are different ways to get that consent and a double opt-in may or may not work depending on how you set up your offer.

How to Get Consent with A Cookie Banner

Cookies are a little different from other methods of processing data, most significantly because they can’t always be used to identify a specific person.

However, when cookies can identify an individual then, they are processing personal data and are within the scope of GDPR.

Generally speaking, bloggers use cookies that work behind the scenes to help them get insights on how people use their site.

Because of the rules of consent, a simple “by using this site, you agree to accept cookies” will not work.

To get consent for the use of cookies most sites use a cookie banner.

If you didn’t already have a “Legal” page with a privacy policy, you definitely should have one now.

To get your Privacy policy up to GDPR standards you’re going to have to include the information you should have gathered up in the previous chapter, How to Review The Data You Collect.

What is a Cookie Banner

A cookie banner is most often displayed at the top or bottom of the screen and explains what cookies are being used on the site and why. You then must accept the use of the cookies, or customize which cookies are allowed and which are not.

Here are a few examples of sites using cookie banners:

source: ahrefs.com

source: www.zalando.fr/

Why You Need a Cookie Banner

If you use tools like Google Analytics or a Facebook pixel, that use cookies to track and pull in information then you need to let visitors to your site know.

Now, cookies that are necessary for the site to function do not require consent but other cookies do.

For example, I used to use Thrive Themes for my sites, and the cookies it uses are necessary for my site to function. Now fortunately, Thrive has updated it’s tools so that the cookies no longer collect any Personally Identifiable Information (PII), but it’s good to know you’re covered either way.

Consent with a Cookie Banner

Just like consent with your email list, it must be freely given, clear, informed, and unambiguous. Consent cannot meet those standard unless you provide the information on the cookies being used, the data being processed, and the purpose of processing/collecting the data.

So on you websites “legal” page, you may also want to add a “cookie policy” that details that information, which you link to in your cookie banner.

Additionally, you need to ensure that it is as easy to withdraw consent as it was to give consent.

Setting up a Cookie Banner

Cookie banners are usually set up by using a plugin designed for this purpose. However, if you use a platform other than WordPress you will need to see what that specific platform offers in the way of a cookie banner.

For example, Squarespace has an easy tutorial on how to set up a cookie banner for your site. 

If you use wordpress, it’s a matter of deciding which plugin is best, when evaluating plugins make

sure you stick to ones that are GDPR compliant.

Magnet4Blogging reviewed 4 different cookie plugins noting that UK Cookie Consent did not play well with Thrive Architect. So if you use Thrive Themes, like I do, it’s probably best to steer clear of that plugin. 

If you want something that makes updating your cookie banner more automatic you can use paid plugins such as CookieBot or Cookie Control v8.

How to Prove Consent with The Tools You Use

If you get audited or accused of not complying with GDPR, you will need to be able to show that you did in fact comply and had consent to process and retain the data.

With your privacy policy and cookie banner, they sort of self prove that you took the steps necessary to inform and legally process whatever data you collected.

However, when it comes to proving consent for your email address there is a bit more to it, I’ll explain how you can show consent to be on your list in this section.

Most tools out there in becoming GDPR compliant have built in functionalities so you can show that the people on your list consented to be there. In the videos below I walk you through how to show consent with Thrive Leads and Convertkit.

Bottom Line With Proving Consent

Check with the tools you use to see what sort of new functionality they’ve built in to comply with GDPR.

How to Provide Right to Be Forgotten/Right to Erasure

Under GDPR individuals falling within the scope of the new law have the right to have their data be forgotten/erased.

Because the right to revoke consent and be forgotten needs to be as easy to invoke as it was to give consent. So just how do you do that? That’s what I’ll cover in this section.

Within your privacy policy you should have included where users can send a request to be forgotten. Once you receive the request you must process it in a timely manner.

To remove personal data submitted through wordpress, for example, if they left a comment on a post. You will need to go to Tools > Erase Personal Data. Enter the email address of the person requesting erasure and it will send them a notification to verify the request.

If you receive a request from an email subscriber you will have to take action through your email marketing service.

For example, Convertkit has a form you simply fill out. 

Though different companies may provide different solutions. For example, MailChimp has said that

when you delete a subscriber they will delete all traces of personal information:

And truth be told, once GDPR is enacted we’ll better understand how it will be enforced and likely see additional features added to the tools we, as bloggers, use on a regular basis.

Bottom line For Providing "Right to Be Forgotten"

Chances are the tools you use have provided you with the ability to implement Right to Be Forgotten under GDPR.

Don't Forget Anything

Grab access to this free Cover Your Assets Checklist!

Understanding Trademarks & Copyright

2

Chapters

1

Videos

All

Skill Level

English

Language

Overview

Copyright and Trademark law are a very specialized area of law, but this section should help you form a basic understanding so you don’t get yourself in hot water. 

This section is based on the video  interview I did with Jamie Lieberman of Hashtag Legal as part of the Blogger Breakthrough Summit. The details of what we discussed in the video are covered below.

As a reminder, this is not legal advice. This is just information and opinion. If you do need legal advice then you should speak to an attorney about your specific needs.

this section will help you learn:

  • What is a Copyright
  • What to Do If Someone Steals Your Copyrighted Work
  • What Qualifies as Fair Use
  • What a Trademark Is
  • How to Tell If You Can Use A Certain Name
  • How Much It Costs to Hire a Trademark Attorney

Copyright

Copyright is about what you’re creating. It is an original work of some kind. As an example, if you look out the window and take a picture of a stop sign, the image is copyright protected as soon as it’s taken.

So a book, blog post, or image could be copyright protected.

It’s important to note that it’s not the idea that is copyright protected, but the way you show that idea/put it on “paper”.

For example, recipes or DIY tutorials are not copyrighted because it’s just a list of ingredients. However, how you present that recipe, your images, how you talk about it, the story about your grandma making it, that can all be copyright protected. And even a cookbook, the way you’ve arranged recipes can be copyright protected.

Do I have to register my copyright?

The answer is, to have copyright protection you do not need to register it. However, registration gives you some really great benefits.

But let’s back up a bit. Without registering you have what is called common law copyright protection, which means someone can’t use your copyrighted material. They can’t take it, they can’t steal it, they can’t do other things with it.

There are a “bundle of rights” you get with owning a copyright:

  • the right to display/perform it
  • the right to distribute it
  • the right to create derivative works

When you create a work, it’s up to you to know what to do with it. You can give it away, you can sell it, you can keep it for yourself, you can choose to give away one of those rights, for example, you can give somebody permission to display your work, but not give them permission to distribute it or use it commercially or to create a derivative work.

Which is why it’s super important when getting stock photos to pay attention to the licensing you get. Because you may be allowed to use an image to create a Pinterest image, but not use it in a product that you create (aka using it commercially).

How do I register my copyright?

The government has not caught up to the digital age and it’s impossible to have ongoing registration for your blog because it’s constantly changing.

However, a really great tip, is looking at unpublished works. So for course creators, before publishing your course, you can do a batch copyright registration of that whole course. If you’ve already published it and you want to go back and copyright register it, it can be messy and complicated because every single video, every single download is it’s own work and it can be really expensive and overwhelming.

It is actually very easy to do copyright registration and it’s usually okay to go the DIY route. The filing fee is around $55 and then you’re just essentially filling out a form.

The copyright office does not look at the validity of your copyright the same way the Trademark office does. They’re totally different, but copyrights are fairly simple.

So if you already have a lot of content out there and published, instead of trying to register all of it, maybe just look at your top 20 posts, images, and any product that you’re creating or selling, those are the ones that you most likely want to register. Then once a year check it and see if there is more you want to register. It just makes it so much easier to stop someone from copying it.

What do I do if someone steals my copyrighted work?

The first thing you need to do is determine if you have a valid copyright registration. If you do have a valid copyright registration than you have certain rights, and one of those is the right to sue somebody for copyright infringement in federal court if you need to.

You have the right to potentially get statutory damages, which means you don’t have to prove that you were damaged, just by the nature of the registration you get certain damages. You also have the ability to get attorney’s fees in certain instances if you are forced to file a law suit.

It is also presumed that your registered copyright is valid and the burden is on the other side to prove that it’s not, if you don’t have it registered then you have to jump through hoops.

The first thing you’ll do if someone does blatantly copy you is send a cease and desist letter, the first thing that other person’s attorney is going to do is see if you have your copyright registered. If so, chances are they are going to settle the case.

If you don’t have registration, don’t despair, you can still send a cease and desist letter. It’s just you’ll have more hoops to jump through and lawyers won’t act as quickly.

Now, recognize that there is a difference between someone stealing a couple of images (which they may not have realized what they were doing) and someone stealing an entire site.

If it’s just a couple images before you go down the path of lawyers and cease and desist letters, reach out and tell them, hey – not cool. They might take it down with no further action needed.

One example that I had to deal with this was on Instagram, someone had reposted my images and because in Instagrams terms and conditions you retain the copyright, you must have permission before reposting anyone’s images. I asked her to take them down and let her know she wasn’t allowed to do that, and she took them down.

Another option, mentioned in the previous section of this guide is to file a DMCA takedown notice, but it is not an action to take lightly or do in anger.

What is Fair Use?

The purpose of fair use is to promote freedom of expression and is outlined and protected by law. Under fair use you can legally incorporate copyrighted material into your work.

Whether something is considered “fair use” depends on a number of factors. Some of the factors courts look at are:

  • Whether it is for a commercial or noncommercial, for example educational purpose
  • If the use of it in a piece of work is transformative meaning it adds something new and does not act as a substitute of the original work, it’s more likely to be considered fair use
  • The quantity and quality of the amount of copyrighted work that was used. If you use a lot of the copyrighted work, it’s less likely to be considered fair use.
  • To what extent the use may have an effect on the marketability of the original work.

Now unfortunately, there is not exact formula or resource to determine just how much of something you can use for it to fall under “fair use” and it’s because it’s decided on a case by case basis by the courts.

But let’s go over a few examples…

Criticism of something is generally considered fair use, for example, on my personal finance site I have a blog post about “How Dave Ramsey’s Baby Steps May Be Hurting Your Finances” (yes, I know it’s a controversial opinion to have) and in it I criticize those steps.

A review of a movie can also be an example of fair use.
Parody’s (hello, SNL) and news reporting are also generally considered fair use.

Trademarks

A trademark is a source indicator. It lets consumers look at something and know exactly who or what created it, whether it’s a good or service.

For example, Nike has that beautiful swoosh, which is trademark protected. So when you see a Nike swoosh, you know what you’re getting.

If someone else was allowed to put that swoosh on a pair of sneakers that was subpar or wasn’t great and fell apart in a week. The consumer would be really baffled and wonder what was going on.

Trademark protection is done to protect consumers so they know what they’re getting.

A trademark is a source, it’s a name, a logo, it can be a color, or a smell. For bloggers and content creators you’re likely looking at trademark protection for a name and/or logo.

A name is what we call a “word mark”
Sometimes it’s just your name and a certain font or script colors. It could also be an image.

Chances are you want to start with a “word mark” because that is usually what the source indicator is.

Can I file a Trademark by Myself (DIY)?

Probably not, Trademark is a very specialized area of law, you not only shouldn’t do it yourself but you shouldn’t hire an attorney that isn’t specialized in Trademark law.

Trademarks require you to categorize what your wanting to trademark, into what is called a trademark class. There are so many different classes and they are also broken down into subclasses. It can be overwhelming which is why you need a Trademark attorney specifically.

Can I Use that Name?

The one thing everyone is always thinking when it comes to trademark is. – can I use that name? Is the name trademark protected or not?

Whether or not you can use a name depends on the likelihood of confusion between the Trademarks. For example Dove soap and Dove chocolate have the same name but are in completely different markets, so they can have the same name without confusion. They have what is called a spectrum of distictiveness.

So you have to look at it in a few different ways, you need to look at it based on the name, the actual word or logo, depending on what you’re comparing. And the other factor is the class that the trademark is registered in and so is it the same or similar?

When you have two identical things in the exact same class, it’s very easy to tell, but when they are only a little bit dissimilar it gets tricky.

It’s also important to note that every Trademark examiner making a decision on whether to approve a trademark or not, does it differently. So it’s really hard to game the system. Generally speaking, the Trademark office wants to work and make sure companies are working to create sources that people will immediately think of and recogonize.

You should also know that you’re creating the class to describe only what you’re currently doing, not what you hope to do.

So you can’t trademark your name for a podcast, if you haven’t started a podcast yet. You’ll have to be able to show proof that you use it in every class you are registering for.

So it’s really important that you’re only registering for how you’re using it or planning to use it. Because you can file what is called an intent to use application, meaning not using it yet. So say within the next 6-18 months, but if you’re plans are 5 years away you’re going to have to keep filing extensions and you only get so many extensions.

What is Commonlaw Trademark?

Just by using the name you have common law trademark protection. What that does is it gives you the geographic protection, in the geographic area you’re using it. What ends up happening is you sort of get limited to the area where you live. Which is why in the age of the online space and the utilization of mark’s nationwide, it is important to think about getting trademark registration.

The first person to use a mark, whether registered or not, has what’s called priority.

So you have priority of use. If someone comes in after you and tries to register a trademark that’s the same or has a similar likelihood of confusion, you can actually stop them even if you don’t have a trademark registration. And you can prevent them from moving forward. If they succeed, you can cancel their trademark.

Really there are a lot of things you have the potential to with just a common law trademark, but it’s way easier to do when you have a trademark registration as well.

Even if it’s not registered you can use the “TM” symbol.

What is the process of registering a Trademark?

There are two different applications, the intent to use application mentioned earlier and then there’s a use in commerce application which means you are actually using the Mark in connection with goods and services that you’re currently selling.

Which means you have to have made a sale. And it has to have been a sale across state lines. This is for federal trademark applications. There are also state level ones. Now, for the “sale” it doesn’t have to bee a lot fo money, it could have just been an affiliate sale. One sale is all you need. Once you have that you can file a use in commerce application.

You also need what are called specimens which is just proof of the trademark office that you are using the Mark in connection with those goods and services. The use has to be ongoing. So you have to tell the trademark office every 5 years that you’re continuing to use it or you will lose it.

When Should I Get a Trademark?

If you’ve been blogging a really long time and you haven’t done trademark registration, you’re not allowed to panic. A lot of people do that. But if you are making money from your business and you’re brand or if you’re building a brand, if you’re selling products and if you want to prevent other people from a same or similar name than it is definitely something worth exploring.

If you are new and entering the market, at a minimum have somebody check the name.

Remember, domains mean nothing. Just because a domain is available doesn’t mean it isn’t trademarked. The social channels being available doesn’t mean it’s not trademarked.

On the flip side you have a registered trademark and somebody else owns the domain, it does not automatically mean you’re going to get it. You likely will not. The only thing you can do is prevent

them from putting up content or creating anything or selling anything under that domain that would somehow infringe upon your registered Mark.

How much does it cost to have an attorney file a trademark application?

Obviously it is going to vary but you should likely budget a minimum of $1,000 for the lawyers time and it will likely be much more than that.

Ideally a budget of a few thousand dollars is a good budget, though it depends on how many “classes” you’re filing for. The trademark office fee is $225 per class. So if you have multiple classes of goods and services, you will have multiple filing fees to the trademark office. It’s not cheap, but it’s worth it, it also makes it easier to monitor.

Remember, your intellectual property (trademarks and copyright) are only as good as you are willing to prosecute it, you’ve got to be strong about it. You’ve got to send those cease and desist letters and you’ve got to make sure that you stop people from infringing on your intellectual property.

If you don’t care, that’s okay, but you don’t get to have it both ways. If you’re going to file make sure you’re willing to take the steps to continue to protect it or you’ll lose it.

Don't Forget Anything

Grab access to this free Cover Your Assets Checklist!

What Bloggers Need to Know About the Americans With Disabilities Act

3

Chapters

1

Videos

All

Skill Level

English

Language

Overview

An often overlooked law when it comes to blogging is the American with Disabilities act. The American with Disabilities Act (“ADA”) maybe isn’t something you think about when it comes to blogging, but helping to make your site accessible to as many people as possible is not only smart but may eventually be required as laws change and are updated.

Because complying from the start is way easier to do than having to go back and do it once you’re required. It’s better to just do things right as much as possible as early as possible.

this section will help you learn:

  • Who is Required to Comply with the ADA
  • Why You Should Comply Even if You're Not Required
  • The Basics of Having an ADA Compliant Website
  • What Could Happen If Your Blog Isn't ADA Complaint

Who is required to comply with ADA?

In the U.S. state and local governments for sure, though the requirements for other public websites (for example, a blog) is less clear. As things stand currently it’s up to you, but you’re less likely to be sued if you make your site ADA compliant.

What does it mean to have an ADA compliant website?

For the most part, it means that your content is made accessible in multiple ways.

For example if you have a video, do you have a transcription or captions for those that are deaf?

If you have an image have to used the Alt Text section of the image correctly so screen readers can accurately explain the image to someone who is blind? Or did you maybe use the Alt Text for a Pinterest description? (which by the way, you should absolutely not be using the Alt Text for your Pinterest description)

So having an accessible website or blog for you is going to depend on the kind of content you provide on your blog.

A good place to start is to make sure you are providing what are called “text equivalents” for content that isn’t text, like graphics, videos, or podcasts.

You also want to make sure you are taking advantage of the tools at your disposal.
Yes, using the alt text to explain the image is one example, but to move away from that one for a minute…..

Make sure you are using headings according to the content, and not just for emphasis or to get the font to be a particular size. The same could be said for quote boxes or other text formatting blocks.

What happens if I don't make my site accessible?

As the government hasn’t been super clear on the requirements of private business owners making public websites ADA accessible, you’re as things currently stand, likely not going to see repercussions from the government.

However, the ADA does provide an avenue for private citizens to sue business owners for not complying with ADA. Which can be costly to defend and ultimately result in still having to pay damages to the person that sues you.

Don't Forget Anything

Grab access to this free Cover Your Assets Checklist!

What to Do When Your Blog Content is Stolen

6

Chapters

1

Videos

All

Skill Level

English

Language

Overview

Blogging is a lot of work, which is why when someone steals all that hard work it can be incredibly frustrating and disheartening.

At first, you might be shocked it happened to you, but likely your next response is going to be how do I take those jerks down and get their copycat content off the web?

In this section, I’m going to break down what you should do if someone steals your blog content.

this section will help you learn:

  • What Steps to Take If Someone Has Stolen Your Content
  • What Not To Do When Your Content is Stolen

1. Document the Evidence: Take Screenshots of the Site

Before alerting anyone, in particular the site owner, make sure you take screenshots of the site as evidence.

Google Chrome Extensions like Full Page Screen Capture will help you take a screenshot of the entire page so you don’t have to scroll and take tons of photos.

2. Don’t Reach Out Directly Unless It Is Through An Attorney

If someone has blatantly copied your site or content, do not engage. I know it might be tempting, especially since you are likely to be angry, but don’t contact them unless it is through an attorney.

3. Find Out Who Is Hosting The Site

The next step is to determine who is hosting the site. There are various websites you can use to do this.

Hosting companies don’t want legal issues and will often take the site down quickly. Here are a few sites to help you determine who is hosting your site:

4. File a DCMA Takedown Notice

DMCA stands for Digital Millennium Copyright Act and helps to protect the copyright of digital works, like blogs. Filing a DMCA takedown notice is simply the act of notifying a hosting provider, search engine, or other site owner that content they are hosting is infringing on your copyright.

If you’re looking for a template letter, Sara F. Hawkins, an attorney has an example on her site.

5. Follow Up

If you don’t hear anything right away and the offending content remains, follow up. Keep following up consistently until the content is removed. I’ve seen people mention that it can sometimes take months. So keep following up and don’t drop it.

6. Pursue All Avenues

Ashley from Budgets Made Easy had her entire site copied and had trouble getting the offending site taken down, but she was able to ensure it wasn’t showing up in Google. Here is what she had to say:

I had my entire site copied and it was a huge hassle to get it taken down. I don’t think that it even was taken down but it is no longer found in Google. I kept contacting their host but then the contact info was through another layer of info. I finally contacted Google and led a DCMA takedown with them and now that site isn’t found in Google.

Ashley Patrick – Budgets Made Easy

Additional Resources:

Reporting DMCA to Google: https://support.google.com/legal/troubleshooter/

Similarly if someone has stolen your Pin on Pinterest, Lena Gott of What Mommy Does has a great article on how to get the stolen pin taken down.

Bottom Line

It absolutely sucks to have the content you worked hard on stolen, but you aren’t helpless. While it may be a pain, there are steps you can take to have the content taken down and removed from Google.

Before lashing out at the site owner, be sure to collect evidence in the form of screenshots. Then find out who is hosting the site and file a DMCA take down notice and be sure to follow up.

Don't Forget Anything

Grab access to this free Cover Your Assets Checklist!

LLCs: What They Are And How to Register Your Own LLC

3

Chapters

1

Videos

All

Skill Level

English

Language

Overview

If you are working for yourself or running your own business, you may hear the term LLC thrown around. Generally, as people telling you your business should be an LLC. But what is an LLC and how complicated is it establish an LLC?

First, LLC stands for Limited Liability Company; I’ll explain more in a second. Second, it’s easy to set up an LLC yourself, you don’t have to hire a lawyer, but you certainly could if it would make you feel better.

this section will help you learn:

  • What an LLC Is
  • How to Establish an LLC in your State

What is an LLC?

As I already mentioned, LLC stands for limited liability company. What that means is that if somebody goes after your business, like in a lawsuit, your personal assets are protected. You won’t be held personally accountable for the company’s debts or liabilities.

So why the limited part? Well, it can vary by state, but generally unlike a corporation, if a member of the LLC dies for files for bankruptcy the LLC has to be dissolved.

Additionally, an LLC acts differently in that it allows for flow-through taxation. Meaning the money is only taxed once. The money/income flows through to the LLC owner or member, and they pay the usual income tax and other taxes that apply.

Unlike a corporation which is taxed on its revenues then pays you and you are also taxed, resulting in double taxation.

How to Establish an LLC

If you want to establish an LLC, then your state’s Secretary of State website is going to be your best friend. Though to be honest, not all secretary of state websites are created equal. It can sometimes be tough to locate, so I’ve linked to the various states websites below.

But before we get to that, let me walk you through the general steps to creating an LLC.

Make Sure Your Desired Business Name is Available

Once in the Corporations section, run a search on the name you want to use for your business. If it is already being used, you are almost guaranteed to have your LLC application turned down. Though there can be some exceptions.

Find Out If You Can Apply Online or If You Have to Do So by Mail

Most states allow you to submit the documents necessary to establish an LLC online. However, you will want to find out the correct process.

While reading up on the process, you will also likely learn what documents you will need to submit to establish your LLC.

It is typically an Articles of Organization or Certificate of Organization.

Complete Your Articles of Organization

Again depending on the state, these may be called Certificate of Organization or some other name.

The Certificate of Organization usually asks for:

  • the name of the company,
  • location,
  • name of the owner, and
  • name and contact information for an agent.

It may also require you to describe your business briefly. If you are struggling with what to write as a description, you can use the corporation’s search to find similar businesses and see what they wrote.

Submit Your Articles of Organization with the Required Fee

A fee is almost always required to register an LLC.

However, the cost of the fee varies greatly by state.

Some states it may be as low as $45, others can be as high as $500. This fee is typically recurring annually so make sure you set aside this amount during the year so you can renew your registration.

Wait

Depending on the state, how long you have to wait to find out if your registration has been accepted can vary, especially if you had to submit it via snail mail. Though I’ve seen same day responses for LLC registrations submitted online.

Why Do I Always Hear About Delaware?

One of the reasons big companies register in Delaware is because Delaware offers Series LLCs which I won’t get into today. I will say that if you are a new business owner, then unless you actually live in Delaware, there is likely no need to establish an LLC in Delaware.

If you do register in Delaware, you will likely still be required to register as a foreign LLC in your home state. Meaning you just have to pay more in registration fees each year.

State by State

Alabama | Secretary of State Corporations Website | Filing fee = $100

Alaska | Secretary of State Corporations Website | Filing fee = $250

Arizona | Secretary of State Corporations Website | Filing fee = $50

Arkansas | Secretary of State Corporations Website | Filing fee = $45

California | Secretary of State Corporations Website | Filing fee = $70

Colorado | Secretary of State Corporations Website | Filing fee = $50

Connecticut | Secretary of State Corporations Website | Filing fee = $120

Delaware | Secretary of State Corporations Website | Filing fee = $90

Florida | Secretary of State Corporations Website | Filing fee = $120

Georgia | Secretary of State Corporations Website | Filing fee = $100

Hawaii | Secretary of State Corporations Website | Filing fee = $50

Idaho | Secretary of State Corporations Website | Filing fee = $100

Illinois | Secretary of State Corporations Website | Filing fee = $400

Indiana | Secretary of State Corporations Website | Filing fee = $100

Iowa | Secretary of State Corporations Website | Filing fee = $50

Kansas | Secretary of State Corporations Website | Filing fee =$50

Kentucky | Secretary of State Corporations Website | Filing fee = $40

Louisiana | Secretary of State Corporations Website | Filing fee = $100

Maine | Secretary of State Corporations Website | Filing fee = $175

Maryland | Secretary of State Corporations Website | Filing fee = $100

Massachusetts | Secretary of State Corporations Website | Filing fee = $500

Michigan | Secretary of State Corporations Website | Filing fee = $50

Minnesota | Secretary of State Corporations Website | Filing fee = $155

Mississippi | Secretary of State Corporations Website | Filing fee = $50

Missouri | Secretary of State Corporations Website | Filing fee = $50

Montana | Secretary of State Corporations Website | Filing fee = $70

Nebraska | Secretary of State Corporations Website | Filing fee = $100

Nevada | Secretary of State Corporations Website | Filing fee = $75

New Hampshire | Secretary of State Corporations Website | Filing Fee = $100

New Jersey | Secretary of State Corporations Website | Filing fee = $125

New Mexico | Secretary of State Corporations Website | Filing fee = $50

New York | Secretary of State Corporations Website | Filing fee = $200  

North Carolina | Secretary of State Corporations Website | Filing fee = $125

North Dakota | Secretary of State Corporations Website | Filing fee = $135

Ohio | Secretary of State Corporations Website | Filing fee = $99

Oklahoma | Secretary of State Corporations Website | Filing fee = $100

Oregon | Secretary of State Corporations Website | Filing fee = $100

Pennsylvania | Secretary of State Corporations Website | Filing fee = $125

Rhode Island | Secretary of State Corporations Website | Filing fee = $150

South Carolina | Secretary of State Corporations Website | Filing fee = $110

South Dakota | Secretary of State Corporations Website | Filing fee = $150

Tennessee | Secretary of State Corporations Website | Filing fee = $300

Texas | Secretary of State Corporations Website | Filing fee = $300

Utah | Secretary of State Corporations Website | Filing fee = $70

Vermont | Secretary of State Corporations Website | Filing fee = $125

Virginia | Secretary of State Corporations Website | Filing fee = $100

Washington | Secretary of State Corporations Website | Filing fee = $200

West Virginia | Secretary of State Corporations Website | Filing fee = $100

Wisconsin | Secretary of State Corporations Website | Filing fee = $130

Wyoming | Secretary of State Corporations Website | Filing fee = $100

Don't Forget Anything

Grab access to this free Cover Your Assets Checklist!

This website uses cookies to ensure you get the best experience on our website.