If you’re like most of us, over the last couple of weeks your inbox has likely been flooded with emails from companies you’re connected with, explaining their privacy policies in light of the new General Data Protection Regulation (GDPR), which regulates the ways controllers and processors of personally-identifying information (like email addresses and names) can collect and use that information.
GDPR can be confusing, and podcasters aren’t always sure how this EU regulation might impact them. Here are answers to some common questions you may have about GDPR and how it affects you as a podcaster:
Which groups or organizations is GDPR really aimed at?
“There are two terms defined by GDPR that are important; a controller of data and a processor of data,” says attorney Barry Kantz, General Counsel and CFO of RawVoice and Blubrry. “At Blubrry, we take the position that we are the controller of the data, because we make the decisions about how the data is used, whereas a processor of data is someone who the controller hires to process their data.”
Is the typical podcaster either processing or controlling data?
“Technically speaking, a podcaster generates the process, whereby we collect the data,” explains Kantz. “An analogy is the customer who walks into a store and makes a purchase. The customer generates or starts the data collection process, and the store engages in. Many podcasters believe that Blubrry is a processor and the podcaster is the controller, but this interpretation would require every podcaster to have a complex legal contract with Blubrry.”
The reason for the million emails you’re suddenly getting? Transparency. “The GDPR requirement is that we implement their regulations and notify users.”
What safeguards can a podcaster put in place to be in compliance?
As the controller of the data, Blubrry puts all the necessary safeguards into place when it comes to your podcast files. “With audience tools and measurement, Blubrry does not store any personally identifiable information,” explains Angelo Mandato, CIO of Blubrry. “For podcast measurement specifically, we use what is called pseudo-anonymization – a technique where the IP address is randomly changed in a way that it cannot identify the original address.”
But that doesn’t mean that podcasters are totally off the hook. “Being that most podcasters are also website owners, podcasters need to be cautious what information they gather from their web visitors,” explains Mandato. “For example, if you provide a survey for your audience, do not ask for information that may identify the listener, like their email address or name. Being smart about what you do on your website and you should be okay as far as GDPR is concerned.”
Does a podcaster need to make a public statement of some sort to their audience?
It depends. If you are collecting data for a newsletter, or capturing and retaining audience email and data, at that point you become the controller of that data and must comply with GDPR, says Mandato. Since Blubrry isn’t involved with the data collection that happens on your website or via your email list, we aren’t the controller of that information and aren’t responsible for how it is collected or how you communicate with your audience.
So what’s the bottom line?
“Podcasters need to realize that if they have listeners in the EU, they do have to make sure their podcast host is GDPR compliant,” says Todd Cochrane, CEO of Blubrry. And even if your show doesn’t currently have EU listeners, there’s nothing to stop it from growing into that market, so that means your podcast host should be GDPR compliant – no matter what.
Also, consider what information you are personally collecting from your audience, maybe without even knowing it. “If a podcaster is allowing comments on their website or has a mailing list, then the podcaster is responsible for making sure they are GDPR compliant,” says Cochrane.
Finally, make sure you are transparent about your data collection practices. There are tools out there to help you – for example, Akismet’s Anti-Spam plugin now adds GDPR disclaimers to the bottom of your comment collection system.
Bottom line: It’s not that hard to comply, so just do it already. “While I doubt the EU will ever go after a podcaster’s website,” says Cochrane, “It’s better to be safe than sorry.”