FTDNA Sales Banner
Ads and affiliate links like this help support the Q-M242 project's efforts to test indigenous peoples. Please read the affiliateship and business disclaimers for details. You may also donate directly here.

GDPR & The Genealogy Blogger in 2019 – The Why?

The General Data Protection Regulation (GDPR) regulations were written in 2016. They went into effect in 2018. Here we are in 2019, and most genealogy bloggers are not following it. Really. None of us. Not Debbie Kennett, not Judy Russell, not Blaine Bettinger, not Leah Larkin, not Roberta Estes, and not I.

I thought I was. Then I took a look at the actual law, the reasons for the law, and what I had implemented.

Nope. What I had was not good enough.

I am working on the fix, but I am still not sure I have it right. What needed is not difficult, but the task list is long. I still have work to do. Hopefully, from this point if others follow along on my progress they will catch things I have missed.

But why?

What is GDPR though, and why does it exist?

The internet is full of data. There are shopping areas, blogs, organization websites, social media pages, and search engines to find it all. All of these places on the internet collect information about those who visit their pages. Company sites collect information on transactions, and blogs collect user preference information. As the internet has grown, this information has begun to be stored with small bits of code, called cookies. Alongside the growth, sites have built mailing lists of users. The users then receive sale promotions and site updates. Some sites kept confidential information such as name, mailing address, credit card number, and birth date.

It has reached the point where the average person would have a hard time knowing just who had what information about them.

There was sordid data sharing too. Lists of names and email addresses were bought and sold on the grey market. Insecure sites were hacked and private information was leaked. Even worse, companies did not disclose to their users these privacy violations for months if ever.

The use of cookies grew. While once they were used to store user preferences, they came to also be used for additional site functionality, analytics tracking, and marketing.

That last has some bite. Have you ever been emailing a friend about needing a new coffee maker and just hours latter had ads for coffee makers start to appear on your Facebook feed? You are not crazy to see a connection.

Website owners with connected Facebook pages have the option to set a type of tracker on their web pages. This helps them learn who clicks through from Facebook posts and what they read. Of course, if Facebook gives the site owner access to the information, then Facebook also has it. It does not stop there though. The site owner can also set their tracking preferences on Facebook to allow Facebook to share the information with other Facebook businesses and all of Facebook’s marketing partners. That can be just about everyone everywhere.

That is the nature of marketing trackers. If I use such a tracker, then my reader’s data is being bought and sold. Never mind that I, the blogger, am not being paid. It is my site, and I am the one who places marketing trackers and cookies. If I put it on my site, I am the accountable person.

Users of the internet have a right to know who has their data.

My mother had a thing about accountability. The European Union does too.

How does GDPR help?

GDPR outlines common sense rules of human decency that web site owners should be following. That is the core of GDPR.

  • Companies should make every reasonable effort to make their site secure.
  • If a company has a data leak, they have to disclose it in a timely way.
  • If a company sets trackers, they have to disclose it. It must be opt-in not opt-out. The user must be able to change their settings on the site.
  • Companies must disclose to users what information they have collected on them and be willing to remove it when asked.

What does that mean for me, the blogger? Here are the checks I have figured out so far.

  • Is the site secure (HTTPS)?
    • Check by reading headers on GTMetrix.
  • Are site headers secure?
    • Check on the Mozilla Observatory site.
  • Are European Union users shown a cookie banner?
    • Check by viewing the video of the site loaded in London, UK on GTMetrix.
  • Do only essential cookies load before EU users agree to them?
    • Inspect site using a web proxy in France.
  • Can EU users opt-in or out of cookies by type?
    • Inspect the cookie banner using a web proxy in France.
  • Is there a privacy policy?
    • Check by viewing the website.
  • Is there a cookie policy that discloses all cookies?
    • Check by viewing the website.

Does GDPR matter outside the EU?

If your website is used by people in the EU, yes, it does. Besides, it is likely a privacy policy much like GDPR but perhaps more restrictive will be passed in other countries like the USA in the next year or so.


Here is where we, in genetic genealogy, are so far.

SiteAuthorLinkHTTPSHeadersCookie BannerCookies BlockedOpt-in & Out by typePrivacy PolicyCookie Policy
All My ForeparentsIsrael Pickholtzhttp://allmyforeparents.blogspot.com/NoFNoNoNoNoNo
Annette Kapple’s genealogy research blogAnnette Kapplehttp://annettekapple.blogspot.com/NoFNoNoNoNoNo
Counting ChromosomesEdison Williamshttps://casestone.com/threlkeld/blogYesFNoNoNoNoNo
Cruwys NewsDebbie Kennetthttps://cruwys.blogspot.com/YesFNoNoNoNoNo
Data mining DNAhttp://dataminingdna.com/NoFNoNoNoNoNo
Deb’s Delvings in GenealogyDebbie Parker Waynehttp://debsdelvings.blogspot.com/NoFNoNoNoNoNo
Dienekes’ Anthropology BlogDienekeshttp://dienekes.blogspot.com/NoFNoNoNoNoNo
DNA and Family Tree ResearchMaurice Gleesonhttp://dnaandfamilytreeresearch.blogspot.com/NoFNoNoNoNoNo
DNA ExplainedRoberta Esteshttps://dna-explained.com/YesDNoNoNoNoNo
DNA GenealogyJason Leehttps://dnagenealogy.tumblr.com/YesFYesYesNoYesNo
DNA SleuthAnn Raymonthttps://dnasleuth.wordpress.com/YesFNoNoNoNoNo
DNA Testing AdvisorDick Hillhttps://www.dna-testing-adviser.com/dna-testing-blog.htmlYesFYesNoNoYesNo
Dr D Digs Up His AncestorsDave Dowellhttp://blog.ddowell.com/NoFNoNoNoNoNo
EntregenDidier Vernadehttp://entregen.org/NoFNoNoNoNoNo
Evo and ProudPeter Frosthttp://evoandproud.blogspot.com/NoFNoNoNoNoNo
Find lost Russian and Ukrainian FamilyVera Millerhttps://lostrussianfamily.wordpress.com/YesFYesNoNoNoYes
Gene Gest An English-language blogEryk Jan Grzeszkowiakhttp://www.genegest.com/NoFNoNoNoNoNo
Genealem’s Genetic GenealogyEmily Aulicinohttp://genealem-geneticgenealogy.blogspot.com/NoFNoNoNoNoNo
Genealogia genetyczna (in Polish)Eryk Jan Grzeszkowiakhttp://www.genealogiagenetyczna.com/NoFNoNoNoNoNo
GenGenAusCate Pearcehttps://gengenaus.com/YesFNoNoNoNoNo
Genomics Law Reporthttps://theprivacyreport.com/YesCYesNoNoYesNo
HaplogroupRebekah Canadahttps://haplogroup.orgYesBYesYesYesYesYes
Hartley DNA and GenealogyJoel Hartleyhttp://www.jmhartley.com/HBlog/NoFNoNoNoNoNo
Kitty Cooper’s blogKitty Cooperhttp://blog.kittycooper.com/NoFNoNoNoNoNo
Le Gall of Lower BritannyJoss Ar Gallhttps://legall-bzh.blogspot.com/YesFNoNoNoNoNo
Michael Cooley’s Genetic Genealogy blogMichael Cooleyhttp://blog.ancestraldata.com/NoFNoNoNoNoNo
On-line Journal of Genetics and GenealogySteven Perkinshttp://jgg-online.blogspot.com/NoFNoNoNoNoNo
Radiant Roots, Boricua BranchesTeresa Vegahttp://radiantrootsboricuabranches.com/NoFNoNoNoNoNo
Roots and Recombinant DNAT L Dixonhttp://www.rootsandrecombinantdna.com/NoFNoNoNoNoNo
Segmentology blogJim Bartletthttps://segmentology.org/YesFNoNoNoNoNo
The DNA GeekLeah Larkinhttps://thednageek.com/PartlyD+NoNoNoYesNo
The Enthusiastic GenealogistDana Leedshttp://theenthusiasticgenealogist.blogspot.com/NoFNoNoNoNoNo
The Genetic GenealogistBlaine Bettingerhttps://thegeneticgenealogist.comPartlyFNoNoNoYesNo
The Legal GenealogistJudy Russellhttps://www.legalgenealogist.comYesFYesYesNoYesYes
The Lineal ArboretumJim Owstonhttp://linealarboretum.blogspot.com/NoFNoNoNoNoNo
The Ultimate Family HistoriansLinda Jonashttp://ultimatefamilyhistorians.blogspot.com/NoFNoNoNoNoNo
Through the TreesShannon Christmashttp://throughthetreesblog.tumblr.com/NoFYesYesYesYesNo
Tracing African Rootshttps://tracingafricanroots.com/YesFNoNoNoNoNo
Your Genetic Genealogist A genetic genealogy blogCeCe Moorehttp://www.yourgeneticgenealogist.com/NoFNoNoNoNoNo

In my next post, I will cover the practical task of changing from an HTTP to HTTPS website. Thanks to LetsEncrypt, it is completely free for most people.

Posts in Series

Sources & Resources

3 thoughts on “GDPR & The Genealogy Blogger in 2019 – The Why?”

  1. Please be sure to either indicate with a disclaimer that the report is only accurate as of a certain date, or be sure to consistently update this site. Otherwise this becomes misleading information as people change their blogs and update their policies.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

you're currently offline