Monday, 4 June 2018

GDPR, Diptyque and me: do I finally get to leave Hotel California?

Source: Los Cabos guide
Firstly, apologies for the posting hiatus, which is mainly due to a pesky ongoing issue with blocked and infected ears. You really don't want to know the details, but my Britney Spears(!) are somewhat better at the moment than last week, and my brain less foggy and generally discombobulated, so I figured I was up to doing a blog post today.

So...the deadline for compliance with GDPR legislation has been and gone on what would have been my mother's 98th birthday. She isn't around anymore, but my aunt very much is, and turned 98 a few days ago! She is the granddaughter of the Salome Musson pictured at the top of my review of Papillon Perfumes Salome here. Gosh, that was a bit of a digression, sorry. Back to our legislative muttons. For anyone outside the EU, here is the lowdown:

"The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA)...The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU."

And of course we are not due to stay in the EU for much longer, but right now we still come under its jurisdiction, so businesses need to get with the programme. I mention it, because the tentacles of this legislation are quite far reaching, and I know of at least one perfume blogger who has added a 'plug in' - no not a Glade room freshener as was my first thought, but some kind of gadget that acts as a shortcut to her privacy policy...or I suppose that's what it does? I asked her why she thought to do that, and she explained that she has a list of subscribers to her blog and thought the legislation might cover the act of sending automatic notifications of posts to readers who had given their emails for that purpose before the law came into effect.

Then I found this helpful titbit on the website of a digital event marketing company(!):

"In simple terms, you need to get explicit permission from your EU email database to email them after the 25th of May 2018, once GDPR takes effect. The process of going to a list or email database to establish opt-ins is called ‘permission passing’."

"Permission passing", ooh er? Sounds a bit 'Derren Brown sleight of hand-ish' to me, but that may be my cynical mind...It is ringing a bell though, as I heard something about all this on You and Yours on R4, in which they featured an association of allotment holders, who found themselves improbably affected by the new rules. They had a database of members you see, and in order to be able to contact them about anything it seems, they needed their express, opt-in permission.

Allotments near my house ~ Source: wrmcomputers

All of which set me pondering, as I have done precisely nothing about the matter. Well, there's been my ears for one thing, says she defensively, then I also have no access to my subscriber base, ie readers who follow by email. I am not assuming they are necessarily the same people as the mosaic of followers in the sidebar of my blog, though maybe they are! But I don't know the emails of those people anyway, unless they have provided a link to some site of their own. So I am pretty sure I am off the hook, perhaps due to the very non-functionality of Blogger versus Wordpress, haha, of which I complain periodically on various grounds!

Then on a personal level, I have basically been ignoring the blizzard of emails from providers of every stripe asking me to 'accept cookies', 'update my preferences' and 'manage my privacy settings'. Life's too short to stuff mushrooms or manage my settings, though I may be being horribly shortsighted. If you have to explicitly opt in to allow them to contact you in future, and I am not deigning to reply, surely this means that the companies I have once had dealings with - often very tenuous or one off dealings - will have to go away now? Hmm, unless the emails are worded with what my old boss used to call 'an assumptive close', where the opt-in is assumed to be your default preference precisely IF you ignore the email! Oh, I don't know... I have just found the torrent of communications on this subject so wearing. I guess I could go and change my settings on a case-by-case basis if stuff keeps coming and really bothers me, as I did with Diptyque indeed...

Yes, you may remember this post from last September on the subject of Diptyque and their annoyingly frequent marketing emails. Boy, did they keep coming, despite my repeatedly clicking on the unsubscribe link, all to no avail. Then I finally found out why my endeavours were in vain:

"While the emails were coming to my correct address, the pop up asking me to confirm that I wanted my email to be removed from their list referred to an address that was not mine!

It was!! WTF??"

So seconds later, I dashed off an email to Diptyque's general address explaining what was going on, and asking them to additionally remove my blog address - flittersniffer at gmail dot com - for good measure. And that finally seems to have done the trick."

I should have gone back and updated that post really, because it didn't do the trick at all!! After a short delay while the company regrouped, the emails kept arriving as before. And then, in the run up to the GDPR deadline, I received two more in fairly quick succession, both along these rather wheedling lines!

Yes, I do mean to say goodbye! And how...;)

Which obviously I have also ignored.

And fingers crossed that it is an active opt-in scenario, not a 'we have sneaked your opt-in into a prepared statement that gives us your tacit consent even in the event of non-response' one.

How is GDPR affecting you - as a business or a punter - or a reader of perfume blogs indeed? 

Are you engaging with your settings, for example? You are a braver person than me in that case.

Never mind privacy ones, the vast majority of the settings on my phone, PC, TV and toaster are also a complete mystery, come to think of it...


  1. Hi V, I think email subs to perfume blogs are going to be the least of anyone's worries as long as you're not using them for any other purpose or selling them on. At work we are adding a Privacy Notice to our grant application form.
    It is a relief to ignore those emails. Quite satisfying really. Although I'm worried the Soambots will bombard you afresh as you've posted your whole email address in this post without doing the 'at dot com' thing!

    1. Hi Tara,

      Yes, I hardly gave the matter a moment's thought, frankly, not least because I don't know the contact details of the majority of my readers, unless we have done swaps or they have sent me RAOK-type samples, or won one of my terrible giveaway prizes!

      Oh, is that why people put 'at dot com'??? I had no idea! I have changed it accordingly in the light of this revelation, also in my sidebar. Thanks for the tip off!

    2. PS Inadvertently unleashing more span upon myself would have been ironic!

  2. still on blogger and they post a message that comes up themselves, so don't have to do anything. Cause they are owned by Google? Probably.

    1. Hi Lucy,

      I did see some kind of message come up, but it looked awfully long, and as though it covered loads of areas to do with data usage etc, so I didn't read it. Maybe that us bloggers' get out clause as you say.

  3. I’m really annoyed by all these GDPR shenanigans (of course, whoever worked it out thought they were doing quite the opposite to this term’s meaning but they are poor pavers, in my opinion). We’ve jumped through endless hoops (at work) for no good reason. I do not understand why would a company have to “forget” about people who used to work and get paid there? You can probably still find documents on who and when was working on Westminster Abby 500 years ago, but G-d forbid to keep a record about Joe Shmoe who delivered candles to there last Christmas.

    Work-related grudges aside, you’re fine with both your subscriptions and your blog: whoever is getting your posts notifications, they’ve already actively opted-in to getting those subscriptions, and they can always unsubscribe. Those opt-in rules are for e-mails that you got from people for other purposes (e.g., sold them something) or collected/bought in some other way. As to the blog, you do not collect or use any users’ data; Blogger/WordPress do whatever they do and provide cookies warnings and other rain dancing.

    1. Hi Undina,

      Thanks for your interesting take on this bureaucratic nonsense, and for confirming that I don't need to do anything else. Loved your Westminster Abbey analogy - how true!

      And ironically I didn't get notification by email that you had commented, as I usually do. Maybe I failed to opt into Blogger's system, hehe. ;)

  4. Hey Vanessa,
    I have taken this chance to put a stop to dozens of emailers and wish I'd done a couple more who seem to think that my not opting out means I want TRIPLE the emails. So annoying when you like them, shop from them and they still annoy you.
    Portia x

    1. Hi Portia,

      We have adopted a similar approach, I see, but still it backfires. I really have gone right off Diptyque now, I have to say. Maybe all these unwanted emails will peter out eventually when companies get themselves organised.