GDPR: What it means for Read the Docs

Your email inbox has probably been bombarded over the last few days and weeks with “Updates to our Privacy Policy”. These emails pertain to an EU law called the General Data Protection Regulation (GDPR) which comes into effect today.

The goal of the GDPR is to put users back in control of their data. It is an important step toward respecting users’ privacy. The days of collecting as much data on as many people as possible without consent and sharing it with anyone willing to pay for it are over.

What changed at Read the Docs

Read the Docs takes privacy seriously (would any company publicly say otherwise) and relatively little changed for us as a result of the GDPR. We intentionally don’t collect much personal information and we only do it with consent.

Still, we did use the GDPR as an excuse to get our data house in order so to speak. Here are a few key points:

A brand new privacy policy

Read the Docs added a new privacy policy that explains the data we collect, from which users we collect it, and why. It enumerates third parties we use for various services and what data we share. The policy also details the data we keep and when it is deleted. Our goal was to make it easy to understand so please give it a read!

Privacy by default

The GDPR mandates “data protection by design and by default”. For us, this meant reducing the scope and duration of the logs and other data we keep. We attempt to collect as little as possible from users merely browsing Read the Docs. When we do collect data, such as when a user creates an account, we protect it.

No difference for EU residents vs. everyone else

Read the Docs applied the stricter protections mandated by the GDPR to all our users. We believe that is the right thing to do. Creating two classes of users and only protecting them when required by law just doesn’t seem right.

While Read the Docs is committed to making sure we comply with the GDPR, we aren’t just doing the minimum needed. We are taking some additional steps to protect users which we will cover in a future post.

Ethical Ads

Arguably the GDPR is a response to pernicious privacy violations by advertising firms so it makes sense to discuss the advertising we show on Read the Docs.

While Read the Docs is an ad-supported website, we didn’t need to make any changes to our Ethical Ads to comply with the GDPR. That’s because:

  • Our advertising is well-targeted without being personal. We ensure our ads are relevant by keeping them developer focused.

  • Ethical Ads are hosted by Read the Docs, not advertisers or a third party network.

  • We don’t share personal data with advertisers.

By enforcing privacy by default, the GDPR shifts the discussion on advertising. We want to create an advertising model that is a win for all parties especially users. We know from our experience that ethical advertising works. It is possible to make money without giving away your users data.

If you want to learn more about Ethical Ads at Read the Docs, please get in touch!