 This is about the level of interest for this topic that I should expect Yeah, this is one of the most boring as topics. I've ever given a talk on so I try to make it as fun as possible Let's see. This is my little slide thing door Does that say open or I? Wasn't paying attention. I'll be honest Why are those two clocks different? They're a minute apart. They should be synced. All right. It's been more than a minute. Why is that? Mountain time it's the extra two minutes you gotta have with elevation Well, it's like when I got here Friday. I'm like I'm hungry. So like let me look at a restaurant. Oh, wait a minute walk I forgot y'all have elevation here It's not a thing that I'm accustomed to Yeah, yeah, every one of the highest points in our states of landfill Mount Trashmore It's above Miami, but uh Yeah, we'll get started. So Let's see. There we go Hi, everybody. Can everybody hear me? Okay, I probably don't even I don't even think I turned that on good. All right So we're gonna talk about GDPR today, and let's just jump right in. There's the button. There we go. So that's me That's kind of what I look like that's where I live so I work As far as Twitter goes it still technically exists, but the whole they can't seem to get their white supremacy under control so I'm not really there and What we're gonna do is actually I want to jump back real quick and point out two things one the title and two the lack of letters after my last name and I want to say that because in no way shape or form is This is legal advice. This is not anything that you should go You all know the disclaimers However, I need to say them if you have any questions or concerns about any of the stuff talk to your council You know, whatever you may have and figure out how it applies that said What the hell is GDPR? Who here knows anything about it other than its name Okay, who here understands anything about it other than its name That's actually the most that I've seen in the year that I've done this. I Feared I'd retire this talk, but everyone keeps needing to hear because it's still relevant. So let's just jump in It's one of the most vague titles I've ever heard that could mean anything. So that is technically what it means but Let's see. That's the word we care about That is really all we care about nothing else about GDPR matters data is the only thing that's concerned And in particular the way the EU defines it We're gonna get into that more that a little bit later is information relating to an identified or Identifiable natural person again vague on purpose and there's a reason for that and money That's why this is what it's actually all about and this is why data matters So I'm gonna a little side note a little story here. Let's let's have a seat. So in I didn't go to college. I had Facebook so I didn't get on there early by the time I could actually get on there I wasn't really invested the first privacy bug that Facebook had that's a feature but I Was like I don't care about this. I deleted it like I got rid of faith And this is when you theoretically could delete a Facebook account like it said two weeks or whatever So I did it and I think twice about it a couple years later I had to make a fake account for doing web work and it was a fake name and all other stuff And then at some point I reached where like you needed a Facebook to log in to certain stuff It was just you couldn't not have one anymore. So I made one Totally private again like I didn't want to be on that It would not let me use the email address that I've used on the first account that I deleted 10 years prior Even though it was deleted. I don't know how much Facebook has on me because For some of you you were here when the internet started a Bunch of white guys in Silicon Valley basically wanted to connect the world and all this other lofty bullshit and And they may have even believed it like it. I'm not messing you know I think at the time they actually thought this was going to happen. The problem is that they forgot everything about human nature and Basically, they said trust us and we did and And that was a terrible idea like I cannot emphasize How badly of an idea it was to just give everybody everything they know about us and not ask why and not say another word about it So let's get into some actual numbers This first one and I have the links for where all these came from but that means nothing because I cannot imagine the 8% that don't Unless they're maybe off the grid So like all right that that means nothing Okay, this we're getting better Frankly that number seems high to me, but all right. We say three, you know, they understand great. Okay That one 74% of people have limited their online activity because they're scared of privacy That's three-fourths We build websites because we want people to come to them whether you're selling stuff writing stuff talking about stuff show Whatever it is you're doing you want people there. Otherwise, you wouldn't be building the site to begin with So we have 74% of people that are not doing the internet in some capacity because they're afraid of what might happen That's kind of a big deal So let's start in the beginning. What have we already done because rarely do you reach a point where nothing has been done? All right quick. What do all these companies have in common? big data bridges Big ones so we had eBay 45 million users target 110 million JP Morgan Chase 83 million uber 57 million along with 600,000 drivers, which has way more information Anthem, which is a medical insurance management or something like that 80 million Equifax we all remember that 143 million and that was all our stuff and Yahoo with 3 billion Nothing happened to any of these companies At all so the EU comes in and I this is a problem and the EU and Above them beyond everything else and we'll get to this again a little bit The EU views privacy wholesale different than the United States says and in no way is this meant to be political But the US does not believe in privacy Period like they can say it but everything they do is against it The EU has a different fundamental idea of what privacy means like they put users we don't So again, I'm not a lawyer There was another law that was in place, but it was not good enough and the EU felt something had to be done This is a big thing users now have rights To their data that they never had before It's a big one. There's three things and again This is the biggest thing that people have a problem with is the idea of some someone having rights for in for something Intangible like data that they never had before but so there's three main rights First off is the right to be informed that means a that everyone has a right to know what information They have about you You have to be able to see it You have to know when it happens if they have a breach or data thing you have to be told by them very quickly The second one is you have a right to all the information that a site has on you at will if you want it you have to ask for it and I Believe there might be like a short like a couple of our men via time because there's a 30-day limit to delete stuff But it may be 30 days you have to provide it And it has to be in what they call a human readable format Which again is vague because depending on the data is how it would be readable But you can't just like give them a sequel dump and be like here you go Yeah, you have to give them something that a non developer or someone who doesn't understand that could read and be like Okay, this is what you have And the third one's a big one because this is the one that we still don't really understand how to deal with And it was the right to be forgotten and like I said the Facebook stuff. I thought I had been forgotten Apparently I was not Because I could not use my email address, which is my own name to open up and count 10 years later So that's the big deal. The data isn't yours It's just not yours anymore The easiest idea is it does not belong to you at the best case scenario. You're leasing it And most likely you're just getting to look at it and That's fine because it never really belonged to you to begin with like Big data more or less we agree as a joke kind of like cloud is just a server and somebody else is building Like big data is just more data and we never bothered to validate any of this data We never looked to see if it was accurate or correct or even usable We just kept collecting more and more and more Speaking for myself when I would build sites I would collect as much as I could because I didn't know what data They were gonna need and when they were gonna need it But that when they would need it would have to be historical. So I'm like, yeah, let's let me start collecting everything That is no longer the case So who here thinks this doesn't yet apply to them Good because it does Some of you may not but almost everybody here it does Because remember that remember how we all cared about that and then nobody cares about that Yeah, a lot of people thought this was the same thing and it's not the case So does anybody know who this guy is? Nobody should His name is James Lang. I don't know if I pronounced his last name, right? He's an engineer for Volkswagen Everyone remember how Volkswagen got busted cheating the emissions testing stuff. Yeah, he was one of the developers He's currently serving time in federal prison He was not the lead developer He was not the CTO He was not according to the the judge. He was not the mastermind He worked for Volkswagen and he's serving time because he wrote code So this applies to us like we can't just yeah, the whole I was just doing my job is not a viable excuse So maybe I've got somebody's attention and the question becomes what do you do now? It's like now like great and now I'm worried. What do I do? Well first off, don't be worried But let's start with the easiest question. What is personal data because I don't think we actually know anymore So this is how the EU defines Personal data and notice how they get pretty pretty big and the EU again does it differently The EU says as information relating to the natural, you know, whereas the US is Personally identifiable information. They sound like the same words Difference being in the US your email address is your name. That's identifiable An IP address is not your name. That's not identifiable The EU understands aggregation They understand that each of these individual pieces may or may not be relevant But when they put all together it makes a very big picture of who you are as a person and what you do online Like if you want to get really creeped out Google Facebook shadow profiles So now little all right racial or ethnic. I don't store any of that information Political opinions comments maybe blog posts, but okay, it's still nothing really crazy same with religious trade unions USH unions to Health data sure orientations that you know criminal stuff again Most of this stuff is things like I don't want to know about anybody like I'd be happy not knowing this about most of my friends But they get even deeper so we're like our genetic data again I'm not even sure how I would store that information same with biometrics Okay, maybe keep you know key fobs or whatever but location. Well, all right start to do that pseudomized data You can't just change someone's first name and the last one here at this online Identifiers again a very vague term because they want it to be Because so many things can be considered an online identifier So they wrote this law to cover the technology that hasn't been invented yet For example, and I did a little side note voice search Alexa all that did not exist when they write when they started writing GDPR The law accounts for it already. They didn't make it so rigid that it basically created loopholes They tried to cover everything and they're still writing it but it did pretty good job So this is what some Identifiers would be how many of these are in the WordPress user table right now? At least two depending on how you store meta could be more Exactly so like we're already doing this So if you have comments you sell stuff and in addition to this you got emails you have avatars You've got a whole slew of stuff that again everything pieced together Can figure out like the whole thing. Oh, I was talking to a friend of mine now I saw a Facebook ad they're not listening to you We're just that predictable and we give them that much information that they can actually make an accurate picture of who We are and what we like. It's creepy at times But so yeah, so this applies to everybody who does any sort of business with the EU and Yes, this literally applies to everybody in the EU all Businesses all sectors organizations regardless of size scenario profit or not does not matter If there's if you have data This applies to you Now I've gotten this question a couple times Where they're like, oh, well, I just won't sell the EU Can anybody here name every country in the EU? Neither can I Second of all, we're sort of familiar with proxies VPNs. Good luck identifying who is actually in the EU You can't Period and you can't also what you cannot do is have a button like remember the whole like yes, I'm 18 You can't do that you cannot ask somebody to opt out of a law Legally, you cannot say no this law. I don't care about your gum. You can't do it. So Yeah, good luck trying to get around it like it's easier to just deal with it and get around it So basically everything involving GDPR falls under two baskets You have your data controllers and Those are the people that they decide what to collect Where and how it is used and whom it is shared with The other part is the processor and that's whatever they do with it and if you're questioning which one of my probably both Google analytics is a processor You're collecting data. You're also passing it on so Google is responsible for the data. They hold That's not your problem, but you have to tell people you have Google analytics that kind of stuff So the whole idea is privacy by design, which we've never really done We have always kind of bolted that stuff on the end and we've heard enough security talks in the last two years We're like you have to think about security first not last Privacy is the exact same way. You cannot just bolt it on at the end. You will miss something And this thing actually here is not just like a cool phrase like it's a literal design method I'll seven point developing methodology that's been written down and established and you can follow and Then this is the thing you need to know everything about the site that you are managing You cannot pretend that you just don't know it's not a viable thing anymore You need to know what you're collecting you know where you're putting it. You know who can see it because that's a big thing Is Everything like it's you can't just pretend that stuff isn't you know, you don't know about it anymore So this is a now legal requirement in the EU. This is a real document that you have to create Privacy impact statement again more cool vague words But basically anything they call data intensive, which if you have a database your data intensive It's not a line from there like if there's data. It's probably intensive and frankly I wouldn't want to choose that one wrong if I'm in court. So Basically you have to have everything documented what data might be Questionable what data could be a problem who can access it when can they access it? How can they access it all this has to be literally written down? Available to everybody who is involved with the project including regulators who can ask at any moment and you have to provide it to them So again, this isn't a do this before launch. This is a write this before you start and again It's not that difficult you just figure out okay What am I collecting and that's where you have the conversations with people because all right who here is in marketing? All right, I'm gonna unintentionally make fun of you Yeah, like I listen to a lot of bill at Mikey listen to Bill Hicks, you know the jokes So the big thing is this is still evolving. This is not a static or done thing Like I said the voice search like they had integrated that without actually having to say voice search But I'm sure that we're gonna invent something that they didn't think about yet. That's kind of how progress works So they're still writing this stuff down. They're still working through some of it There's the a privacy directive in 2002 they called it the cookie law, which was a terrible name But it was they're building on top of that England has said they already have the same GDPR law in place if they actually go through with Brexit So that will still apply even if Britain is no longer in the EU. So like again, we're not gonna away with it So this is the good part like all right, what's enforced because again, I've never heard of anybody getting a vat penalty ever And yes, absolutely. Yes, it is the law has been in place for about a year now I think it was May was the one-year anniversary. So in January France fine and the countries get to find not the EU. So it's like France Find Google fifty seven million dollars in January, which again for Google is not that much money And I think it's Euro. So I guess that's why I don't I remember what real money is but So you think okay Google got a penalty like great cool, but like I'm not Google They're not gonna notice me Yeah, no, they're actually gonna notice you too the first one they ever gave out was for an obscure German social network that Like the fine was like 30,000 euro, which seems I don't know if that was a lot or not for that company But it was a company. I've never heard of like some weird social network that was only in Germany They did everything right They did not have anything in plain text. They had everything written down. They had a breach They notified their users immediately they cut everything off. They did everything right and they got a fine Because they still had the breach they still didn't do everything they were supposed to do That's the thing is like yeah, you can't stop everything but the less that you collect So that's the first part ignorance is in no way an excuse They don't care last time I checked courts do not care if you knew what the law was in any way shape or form regardless of the law So yeah, you can't pretend. I didn't know about this. I didn't know about that. They're like, well, who's in charge? You are okay. Well, then you should not and Yeah, it's more work and the second part is This is privacy Again, like I said earlier the US does not actually believe in privacy like the idea of it. We don't actually like the implementation You have to care about privacy now you have to care about privacy of people you've never met You likely will never meet and you very well may not even care about or like depending on the kind of site You're running they could be a troll and you still have to care about their privacy Which is a weird feeling But it's actually the right one because again, they go back to the idea of having rights and it's very very easy So there's something else I'm gonna get to before that so hold on. Let me let me there's buttons Shit anyway, I will get that in a second So in terms a couple of easy quick things like number one you cannot auto-check any boxes ever anymore Period you cannot automatically say yes, I want to hear more about your products. They have to opt in You cannot opt in people to new things because they've opted in to old things If you have a new thing they need to opt in to the new thing They get to opt out at any point for any reason and it cannot have anything to you You can't be like oh, you don't want to my newsletter. You can't be on my site anymore That's a weird issue. They haven't decided whether or not that's actually allowed Like if you can pull stuff away if they're not, but yeah, it's like if you don't want me they'd go away So yeah, the biggest thing is stop collecting data That sounds weird to us and it sounded incredibly weird to me but Think of how much data you've collected on users and never looked at again I'd say at least from my own experience for my stuff that I have built about at least 80% I have never looked at a first time. I wrote the code to collect it I tested that worked and I never looked at it again. I had a analytics thing on my own site years ago is Called pickwick. I didn't change the name of it recently. It was like an open-source thing run it yourself, whatever I forgot about it. I haven't touched my site in like five years But I forgot it was there. I only knew about it because I got an email when they changed their name And I was like I deleted the script and I deleted the database of information So now I'm not liable anymore because the information no longer exists That's you know, don't keep what you don't need Marketing will tell you that they need all of it usually they're not right in this case. They are not right Because that information is again, we never said it was clean. We never said it was valid We never said it was useful like the reason marketing makes up metrics is because there's no way to do it Otherwise like I used to make fun of them for doing it, but then I realized there's no other metric to give so They'll just make a new metric But have a conversation with everybody involved because yeah marketing's gonna care. That's how they do their job So you'd be like what do you need? Not what do you want what would be nice to have but what information do you need to do your job marketing? Start there then find out what they might want and see if it's something that a you even want to collect and be you feel Comfortable holding on to because that's the big thing is that once you hold it you have you're holding it like it's now on you If you don't need it don't keep it. I wrote a plug-in actually I gave this talk in Atlanta and afterwards I wrote a plug-in because I was having a conversation with Dwayne at Pantheon that will automatically Scrub the IP address from the comment table every time someone leaves comment or replace it with one two seven point Oh point Oh one because I'm like I don't care about anybody's IP address anymore That used to be valid when people would like leave a bunch of comments under different names, but you'd find the same IP Now trolls know how VPNs work. So it's like that's not even valid anymore So I don't want the data anymore if you don't need it get rid of it You don't have to hold on to this stuff simply because it exists The thing about how many times you hear about someone left a AWS server unencrypted and they pulled all this data because it was just sitting there and Someone found it Yeah, like that's the kind of stuff that I'll do like I'm not gonna make something You know it's like I'll put something on an S3 or a server somewhere and just forget about it I've forgotten my own birthday more than once as an adult I'll forget about that and that's the stuff the words like oh now I'm in trouble and now it's like old Yeah, did I secure it? I don't know. I didn't know it was there I get five dollar bills from a bunch of hosts and I just hit okay, so I don't even know It's like just sit down and figure out what you have because it's very easy Especially if you're freelancing or working in an agency where it's like, what's the next project? What do I need to do next? This is done. Cool. I don't think about it anymore. What's next if you do the privacy work in the beginning It's part of the process. So when you're done, you're still done You don't have to go back and figure out how to now back into proper user privacy. It's very easy to build privacy It's very hard to implement after the fact Just like everything else we build you really wish you knew about it sooner like that one climb like oh by the way We would like this and it's like well that sounds great. Oh, unfortunately. That's totally counter everything else We built for you Have a conversation in the beginning now as anybody else ever had to deal with this with their clients customers, whatever and What is the biggest pushback and this is for me as much as for you. What is the biggest pushback you've had from people? Love Americans Correct So here's the thing that I think most people are confused about You are still allowed to collect every bit of information that you have always been collecting You just can't do it without telling them. That's the difference. It's not that the data is illegal It's not that you cannot legally collect it You just can't collect it not say anything about it and you can't collect it and sell it to other people without anybody's Consent you can't sell it and you know you can't do anything. You just can't do it without in a vacuum You can't do it in the shadows. That's the difference. You just have to tell people what you're doing. That's it They do that you're fine like you're more or less going to be okay again talk to your lawyers Don't you know don't know I was married to a lawyer once and that's about it. So So we're gonna yeah, so we're actually gonna jump into questions Either it's a terrible algorithm or they're just wrong Then they're wrong Then then they assume that everybody else is intelligent enough to know that these three pieces of data equal this which that answer is no Like you know it because it's your client and they know it because they wrote it. Nobody else does And in that case where it's like then they need to figure that out because it's it doesn't matter if it doesn't if it's not Ideal for what you're doing like that kind of goes back the whole ignorance doesn't count anymore. It doesn't matter if it's not Good for you or not what you want. So again, they don't care about any of that So in the event where someone and his question was like and this is more question But also pushback because these are the these are the things that people actually deal with Is they were afraid that by disclosing what they're collecting. They're telling people what they're going to do with it Which is the law they have to tell you what they're doing with it Now they don't have to say we're gonna use the weight of this and a weight of that to figure out that you want to read this That's not the detail they need but you have to say we're keeping this we're keeping this we're keeping this and We're going to and and say we're going to use that to show you things to read They don't have to say we're going to show you during this math to show you what to read Like that they don't tell that but you have to say this information is going to be used to do this and As a user, I'm cool with that. It's like tell me what you're going to do It's like Google I weirdly trust because I know they just want to show me the best the ad that I'm most likely to click on Amazon wants me to buy more stuff. I do that all the time So they show me things they think I might want to buy based on what I bought Facebook just wants to connect the world No, trust that robot dude anyway, so it's like Facebook doesn't really tell you what they want to do with it And that's why I don't trust them And we're gonna go to her next If someone There is a Stipulation law that says you do not have to modify backups So if by chance someone asked to delete their stuff and then you have to restore from a backup and the data is there again You're not automatically in trouble You should go back and delete it again So keep track because you have to keep track of the request that you get and you just go back and delete it Whatever but yeah, if the data is still in a backup that is not you're not liable for that and if she was next I Mean the people that are making laws about the Internet some of them still think that what goes through tubes So I don't think that the any law of the US rights will be in any way shape or form good For this because they're coming from the idea that the corporations need data users shouldn't care So like it's it's a it'll take a fundamental shift before any legislation in the US is in my own opinion will have it in the you totally different so I Doubt they're going to legislate design in that capacity Other than because again certain stuff they left vague on purpose because they know the implementation is going to be dependent on the technology Like you can't have a link on a voice search There's no there's nothing to click so yeah by doing so it's like yeah You have your privacy policy like there is stuff in core to Man you can basically make a link and people can request So some of that stuff exists and they're still building out again because it's like depending on what you collect and how you collect it Is how you have to manage it so there isn't a one tool for everybody because most likely two people are not doing the same thing So they will probably say something along the lines of that has to be you know either in the site map or a link some You know like on an account page like I don't think you have to put it like right dead center But yeah, you probably as long as it's accessible like I don't think you as long as you don't bury and specifically hide it and That's the other thing we don't know yet if people will actually care We have no idea. It's only been about a year. Most people in the US don't understand it anyway So I don't know how many people are gonna start caring But I my guess would be as these things keep happening Breaches and and more stuff like that people are going to want to know like once they start is like once they realize they can get it From one person they're gonna want it from everybody because like oh, this is data about me I want to know and they go get everything so yeah, you just have to be accessible Both in literal sense and the you know the accessibility sense So they they have not been specific about what you need to have on your site in terms of like prompts or things like that because again Not knowing anything about it could be a single-page app. It could be you know a full a full WordPress CMS build It could be a single who knows what so yeah privacy policy absolute bare minimum Like you don't have privacy policy. Just turn off your website Until you do there's a link down core hit a button. It'll be there That's fine and then they get explain what's going on and be like, you know, you're you know Because again, you very well may not be collecting you may not be holding much information Like I have clients that never turned on comments to begin with because they didn't want comments, which I totally agree with So they were not actually collecting anybody's data it was going analytics it was doing that stuff So they were they in that case They were a processor because they were sorry they were a controller because they were taking the data and passing it on They were not doing anything with it. They were not holding it. They were not storing it They passed it on so all you had to say is basically like we use Google analytics That's more or less the equivalent way you have to say Yeah, again, like they've not said you have to have this link or this page because most people writing those laws don't understand That stuff anyway, but unlike the US the EU they knew that they didn't understand it So they wrote it to where it would cover things and they actually brought in Experts like they brought in a whole bunch of people to make sure that this thing was actually written for technology and not for 30 years ago So it's uh Yeah, there's still again. They're still working through a lot of it because they're figuring you know We're still figuring out what we have like I don't think we still know the landscape in terms of like how much data people have and What they have because like when I went over those breaches Target may have information on me, but it probably is my name and email Equifax has everything I've ever done That's a bigger breach even if it was less people. It's a much bigger breach so Exactly, so it's like depending on the data you're holding is What the problem theoretically could be because it's like if I get you know if someone steals email addresses I don't think anybody's gonna really care But yeah credit card like you should never restore credit card information, but you know as soon as it gets I'd you know stuff like that like I don't want anybody's social security number I don't I want the absolute minimum of anybody else that is on my site as I possibly can have Period because that's the least amount of liability. It's that easy and then One person I did talk to they got them because they're based in the EU so they they got ready for this like two years ago He was actually in their marketing data is better because it's so succinct and clean Because they're like we know where it's coming from we can validate that it's real It's not just a dummy sign up to get something like they can actually it's real data They can act they've been able to do actionable things with Because they can look at it and they know the source they know that it's clean They know that it's valid information that they collected the proper way. It wasn't just a dump of stuff Yeah, so as I said like the US will Eventually adopt something similar and California will be the one to lead the way Because they're the only ones that really understand technology Like they have actual programmers who have become senators in California. So like they actually sort of understand it Given everything else going on in California, I don't know when they'll get around to it It's been in the news it very well could and again, it's like one of those where How do you apply a state law across the country where servers are located like they're redundancy in seven states? Which law do you apply so? They'll do it on much I think it'll probably only apply to companies that are like in Silicon Valley or in San Francisco and that sort of stuff Because that's the only ones they can really enforce But we'll see They may write it so it will get adopted Federer, you know at the national level, which again would be great. I Will I like this law? I'll say that now I actually like this law because I don't like the idea that everybody knows way more about me than I do Like they have so much information on me. They probably know what I'm gonna do before I'm gonna do it and Well, yeah, so does my mom actually know she got that wrong once too Yeah, imagine waking up to your text message from your mother seven days for your birthday or sorry note nine because it wasn't in the right calendar day But anyway Yeah, so it's like just yeah, don't don't just don't store it and if you need it say, you know It's like it's very very bait is like the things we tell toddlers If you're gonna take something ask If you're gonna do something tell me if you're leaving tell me when you're coming back Yeah, it's like all the things you say to kids and toddlers is basically how you approach GDPR Like don't do anything just because you want to and you don't say anything about it like that's how you get in trouble and In terms of accessibility, I guess it would really come into which You know how you're displaying it. Yeah, like don't don't hide it Again usually like it, you know like the thing where like we use cookies and hit okay Like that's that's more or less enough for a lot of things like again If you're not really doing anything with anybody's data, that's probably enough again not aware So what I would say is from my conversations with folks on the accessibility team and one or two people that are actually blind Screen readers are incredibly varied from one to the other. They don't work the same So I don't know how a notice would show because I don't even know what screen or it would be I would probably say don't get too fancy with your JavaScript and animations and just make it a button I make it something dead simple because people are just gonna click it to make it go away and So wherever it needs to be in terms, you know because accessibility again, that's a whole you know team of people much less a topic So it would be like, yeah, if anything test it like most anything else test it because all that stuff is usually pretty available Question Yes, you know about it if you want to jump in that later that's cool Yeah, it's just like one of the follow-up Yeah, they usually they'll outline and the screen readers will say don't do this or don't do that And there's one or two that are very popular and then a couple obscure ones. It's like, yeah I don't account for the opera browser anymore. Sorry. I don't have time So it's like yeah, there may be a screen reader somewhere that may not read it Right, but some obscure one that somebody built or whatever, but the main ones Tell you what to do like if you follow good markup. You shouldn't have much of a problem And I say that as someone who can see Yeah, so one of the first examples of this I actually saw was I think H&M or one of the Retailers that's based predominantly in Europe that also has some source in the US That's where you'll start to see this stuff first people that are based in the EU But do business in the US they implement it because I have to so They had one where it's like I want to hear things about Category one. I'm gonna hear things about category two So they would individually opt in so you can break that down as detailed as you want is like how like Obviously more options to get people less likely will do something balance that out, but yeah, you can say this but not this and As long as you've built whatever you're doing that you can work with this and not have this then you're fine Yeah, certain cookie stuff that doesn't work if other pieces aren't there. So just make sure you don't let people Opt into half because then it won't just won't work How do we get this conversation to where we're having this with the entire community? And it's not just a select group of developers you're sitting in the room talking about First person to get fined Seriously, I mean how many things do we not do anything about until there's a very large penalty in front of us? That will probably be what it takes for certain people to implement it here It doesn't they can listen to they can listen to talks from everybody they can listen, you know They can do everything. You know, they have lawyers something do it and they're like Find me They recently there's only been in place for a year They only started finding people like around beginning of 2019 There's a handful that were announced like two weeks ago, and I didn't get a chance to dig up the details So I didn't put them in here, but I don't they they find companies that probably do business I don't think they find a US company other than Google yet. They're gonna find Facebook They're probably gonna find Twitter and Amazon as well if I were betting I would say at least one of those and we got time for I can like one more Warranty more Ecosystem No, only because the the people you know since this I work for liquid web So like I've not done detail client stuff since it's been enacted However, the clients that care like go talk to your lawyer like get a lawyer Because if something goes wrong, they're gonna be one defending you And then but yeah go through with it because again, there's been so much now written on this that it's probably a lot clearer For attorneys because and also they now that there have been fines. They know where to go Well, this is a line. We don't want to go to this line and work backwards. That's what they that's what I do That's what probably they do so There is in the news like you'll keep seeing them and It'll probably it's hard. Okay. Most people don't care so it's like You hear about it and then you don't hear about it because again, most people don't even understand what happened much less Why they should be caring about it, so? You'll see it and then every now you know slowly, but surely people just do it as usually it's like incremental changes They don't notice and then all of a sudden they have privacy again Yeah, and that's the thing is like when I say 57 million or 57 million euro to Google is a rounding error That's not even in a good line item. It's a rounding error But that 30 grand for that weird social network that could have been half their cash flow We don't know it's like This was a question that came up previously is like how do I know if a site's deleted my data and the answer is you don't There's no way to verify it. There's No one has figured out a way to like you I can't look in your database That that would be a security problem. So it's like yeah with Facebook like yeah, they didn't delete it clearly and So yeah, they've not gone anything after font Follow-up to fines in part because like with Google it's like well what they find them on being Google. What do you do? You're Google. You can't just not be Google anymore So a lot of companies have been implementing stuff behind the scenes because again a lot of this is back-end work that nobody cares about You may have gotten a bunch of emails in the last year asking you to re-sign up for mailing lists that you're already on a lot of people did that they're like I was gonna say like I was glad they did it because there's some that I kept Like the Lego VIP when I get that and I probably buy something 80% of the time the email me But I got rid of a whole slew of others that I forgot that even had again because it's like I was reminded of what I had signed up for 15 years ago when I got an email saying do you still want this? I was like I've gone 10 years without a problem probably good So yeah, there's gonna be a lot of backfill and there's still I mean once they find somebody Where it impacts not just the company and I don't know what that would be like I don't know how that impact where it's like they have to shut something down They have to turn off a feature that people care about like that may influence things But at this point I'm straight up speculating how how they'll do it because they don't know yet But the different again the differences the EU knows that they don't know that yet So they're not trying to go around it. They're like yeah, we'll figure that out But like right now we're making sure we can cover everything that can go wrong before we figure out how to deal with someone after we find them So and I imagine that they'll probably just keep finding them because that's really the only thing they can do Maybe if it's really bad, they can shut down their server But then you just move it to a country that wasn't there and solve problems. So like Yeah, I don't know like some of the enforcement stuff is gonna be really weird It's gonna be scattered because the country itself does it not the EU as a whole So like France decided to do this Germany can turn around do the same thing Every single country in the EU could find Google a percentage of money All right, and the number I think the limit is 10% of revenue is what you're allowed to find a company Oh, yeah, they could find way more than they do Giant numbers like they made the number big enough to matter But I think they're just not starting at that number But I would not be surprised that they went to one of those companies and implemented like that level of fine Just to get the point across Because after a while when you have that many zeros in your account You don't notice until there's that many zeros on a fine so Like they're gonna do it like they're waiting like they're chomping at the bit like the EU doesn't like Google and Facebook anyway So they're going they're encouraged to do this So especially with you all the election stuff that's happened were all the misinformation and then again nothing political at this point That kind of stuff falls into it because like now who they didn't know who was putting these ads up Like you go on Facebook and say I want to look at men in their 40s Who are live in areas that are predominantly white and seem to like white supremacy? That was a button you could click at one point Like what groups they were involved in you could target that kind of stuff Like that's creepy because I don't know the data they have on me I don't know how Facebook can target me and Google can target me. I just know that they do But now at least in the EU you can legally say what are you using to target me? And it's like if I know I feel better about it like that's the weird thing It's like I don't even have a problem with them tracking me To a degree It's I just don't know what's being tracked. It's like I'm in the dark about it And that's what I don't like and most people like they don't they don't know what they don't know So they don't think about it. They're like, oh cool Facebook. I look at pictures of dogs and kids But regular people start caring when like yeah the bank kind of gets it So it's going to be money in some way shape or form of what make people change So I think that's good. So we're going to go ahead and just get out of here and I believe lunch is happening so He was the smarter of the two that's the worst thing he was my he was the governor of my state for a while