Supper Club × Privacy, Cookie Banners, GDPR with Donata and Hans Skillrud

Welcome to syntax.

On this Friday supper club, we're gonna Talking about privacy policies, we're gonna be talking about, well, licenses, g licenses, GDPR, and all kinds of other legal challenges you may face when you have a business online. If anybody, if you have a company and you have users, Chances are you have to have a privacy policy and a terms of service. These are just the realities of the web at this stage in working in a business.

Today, we have Donata and Hans Skilrud, and they are from Termageddon.

And we'll be learning a little bit more about what they We do. And just in general, Wes and I get to pick their brains about some of the legal questions we have surrounding the web.

So Yeah. My name is Scott Tolinski. I'm a developer from Denver, and with me as always is Wes, boss. I'm Wes, what's up, my man? Very excited to ask

What the hell is going on with all these cookie pop ups on all these websites? They're so annoying. And what happens when I click x on a cookie pop up and the website is working Normally. You know? So excited to talk about it. So, welcome. Thanks so much for coming on. Thank you for having us. Give us Just the the rundown of, who you are, what you do, all that good stuff. Sure. So I guess I'll start. My name is Donata, and I I am an attorney licensed in Illinois and a certified information privacy professional.

I'm also the president of Termageddon. So I'm the legal engineer behind all of the policy questions and the millions of variations that we have, and I also keep policies updated, for changes with legislation.

I'm the chair of the American Bar Association's privacy committee, member of the cybersecurity legal task force, and the science and technology council, and then I'm also the chair of the Chicago Bar Association's privacy and cybersecurity committee.

Yeah. I I have nothing to lead off with that. Like, She's the star one.

My name is Hans.

I am the other cofounder of Termageddon. I'm better known these days as, Donata's husband.

But yeah. Mhmm. I ran a web design and software development company in downtown Chicago, for 7 years. I sold that business, and went full time term again After I found out it wasn't just me copying legal docs from other websites for clients, turns out this was like an industry wide thing going on. And, Yeah. So I I help web designers, learn about our tool. They get a free license, and, yeah, I help them, educate their clients about policies

Without feeling like they need to get a law degree to do so. And I guess before we get into it, since we are gonna be talking about, a lot of legal topics, I did wanna say we're not providing legal advice today. If you are looking for legal advice, talk to your attorney. Perfect.

So, I I think A a good place to start would be something that a lot of people hit, especially when they start a business. They have customers. At some point, somebody says, Hey. You need a a terms of service and a privacy policy. These are are 2 things that just about, any business on the web needs to have, and maybe you don't have them or maybe you do and they're generic and they're not covering you fully I know that was something that I hit really early on and I I had to contact a legal professional to Draft these for me.

Could you maybe give a rundown about the privacy policy and the terms of service? What are they specifically, and how are they different from each other? Because they kinda get blended together sometimes. Yeah. They do. It is yeah. That is very common. A lot of people inter,

interchange those things, but they're actually 2 distinct different types of statements you make On your website, a privacy policy exists to, comply with applicable privacy laws and make very specific disclosures required under each privacy law that applies to you. So a privacy policy explains your privacy practices. It lets your website visitors know what information you're collecting, Who you're sharing that with, what your purposes for why you collected it are, and a whole bunch more.

A terms of service, otherwise known as terms and conditions, Terms, these are interchangeable words, and terms really just help you state the rules to using a website.

So your terms help limit your liability By just explaining certain factors about your website. And I like the terms for virtually any website because you can have disclosures in there like, hey. We offer links to third party sites. We're not responsible when you click one of those links. So if you click that link and that site gets hacked, you get hacked, you can't come back and sue us. Little statements like that just kinda set the tone and, make sure everyone understands what is going on, with the rules to your website.

Do the do the terms always have to be so, like, written in legalese? Like, how come they are often so hard to actually read? And then every now and then you stumble upon somebody who is actually just said, okay, here is what this means. We are Collecting your data x, y, and z, and we're using it via these services and for these reasons.

Is that okay a, or does it have to be in that very legalese to cover your butt in every sit situation?

So for terms of service in the US, For example, when you're reading a terms of service, you'll see that certain paragraphs are in all caps.

And a lot of people are very, very confused as As to why that is, but there are a lot of cases that have interpreted terms of service, and courts have literally said this has to be phrased this particular way, or this section has to be in all caps, or if you don't, include this particular disclosure written in this exact way, Then it's not compliant with consumer protection laws or automated renewal laws.

So, unfortunately, as lawyers, we're very drained by these cases, as to how we actually phrase certain things. Because if we don't phrase it a certain way, then it's not compliant, and then, you know, The the client is at risk.

So a lot of it is, written a specific way because of these court cases.

Same with privacy too.

Privacy policies, you know, everyone always says, well, I just want a super simple privacy policy. Well, me too. That's, like, exactly what I want.

But the reality is is that depending on what laws apply to you, you're you're forced into making very specific disclosures required by each of those applicable laws. So it's kind of a balancing act, really, between trying to make things as legible as possible

While also respecting the government requirements that they've laid out. And I think for consumers too. So a great example is sale of of personal information. And one of California's laws, you know, states that very, very broadly.

So, you know, when you get to a website and it says, well, we don't really sell Personal information, but then you scroll down to California disclosures and it says that they do.

You know, that's very, very confusing to consumers And very confusing to anyone reading the policy because that cutesy wording, can really get you into a lot of trouble down the line. So we try to make the policies as Clear and as direct as possible.

Interesting.

So, like, how ironclad are these things in in terms of, like, specifically, like, terms of service. When people use a website and by using the website, are they all automatically agreeing to those Terms of service simply by creating an account on this website,

or do they have to always do check a checkbox that says, I'm agreeing to these terms of service. So in the US, usually, just by the nature of using the website, you are opted in to agreeing to the terms of service. And a lot of terms of service will say by using this website, you agree to this terms of service even if you never actually checked the box, and regardless of Whether or not you actually read the terms of service. A lot of consumers will bring cases saying, well, I didn't read the terms of service, so it doesn't Apply to me. Mhmm. Unfortunately, that's not a winning argument. It never was, and it probably never will be.

When it comes to other countries, it's a little more stringent in terms of consumers having to agree to stuff.

But in the US, usually, you don't have to agree just By visiting your web the website, you are in agreement, at least when it comes to the terms. A general best practice is to indeed have that checkbox whenever people are submitting their data to agree to your terms in a separate checkbox to agree to the privacy policy. I'm sure everyone's probably nodding their head listening to this like, well, duh. But that is the best practice as it if you make it unselected by default and make it a required checkbox, that means that they can only submit their data if they've agreed, to the policies. And that is the moment where you captured consent,

which is super important for a privacy policy. What about those ones that make you scroll to the bottom and Like, you pretend that you've read it.

Does that hold any weight? Like, sometimes I just, like, boom. Like like, flick my scroll wheel. That's exactly. Yeah. Oh. Oh, yeah. Of course, I read it in 6 milliseconds, and and they're they're happy with that.

Why do people do that?

I'm guessing you haven't watched the South Park episode on the human scent I've had, but

Oh, yeah.

Have you seen that list?

I think I have.

Uh-huh. For the record, it's very grotesque, so just be be forewarned for anyone watching it. It's it's not for the weak card. For sure. Yeah.

It's gross. Yeah. You know, I think it's an extra step, to kinda make sure that consumers have an opportunity to review these policies.

Because as we kinda move into the new age of the Internet, consumers are more interested in their privacy and are more interested in in learning about what's done with their data. So I think it's more of a proactive step to kinda present the consumer with these policies and at least allow them to to read those policies.

But most businesses will just link to the privacy policy, and then a consumer can read it at their own leisure.

But, you know, it's up to the business owner if you wanna give them an extra Step an extra, you know, incentive to to read the policies. You can, but, you know, it's really up to that. I'd imagine you probably see that Scroll effect more with companies that are more so in the harvesting and selling of data. Yeah. And they really try to emphasize, like, okay. You have to Scroll all the way down. Whereas gonna lie, scroll through it in 3.3 milliseconds as well. But Yeah. Do do you think people typically ever read The privacy policy or terms of service, like, what percentage of users do you think actually read these things? I think people who are looking for a certain answer do. So for example, let's say I'm buying something online that has a like a high likelihood of a return. So let's say I'm buying shoes. It's It's very hard to find the right shoe size online. I'm gonna check their terms of service to see if I can get a refund and return the item if it doesn't fit.

Or, you know, it's a brand that I'm new to or I'm not sure if I should trust. Maybe I'll click on the privacy policy and search for the word sell to see if they sell my data, and then I'll use that as a way to determine whether or not I do business with them. It's also very common to read the Policies when, like, payment information is being collected or the amount that you're paying the business is high. So you wanna make sure that they're you know, that everything's buttoned up there or if you wanna make sure that a company is legitimate, usually, you'll go and see if they have website policies because that will tell you whether or not it's, like, a legitimate actual company or if it's some kind of a scam or something like that. So I think more and more consumers are reading these policies, and it's really interesting because there's been a lot of studies done Saying that consumers are more likely to switch to a different provider if they feel that the different provider respects their privacy more.

So it is something that is of more concern, and that's actually why we're seeing all of these new privacy laws passed as well is because Consumers are lobbying their legislators for privacy rights. Yeah. Since we, booked this recording,

Iowa passed a privacy law between when we connected and when we had this call. Iowa passed a privacy law, and California's CPRA finalized regulations Yeah. Even though that law has been in existence for over a 100 days now.

And it it's just constantly changing. And I like to think of, like, policies, privacy policies in particular as Kinda like, do you remember when SSL certificates were kind of like a nice thing to have? You get them for e commerce sites. Oh, yeah. But beyond that, you're not really like, okay, what's a big deal? But then all of a sudden, Google, I think, Chrome changed up the viewing of SSL secure sites. And now when you visit a website that isn't secure I mean, I don't know about you, I don't feel secure. I'm like, this is so sketchy.

And I think we're gonna see the same with privacy. It's gonna be a few years from now, but I think what I think ultimately, People are going to have the knowledge that companies don't deserve to just take your information and do whatever they want with it. I think they're gonna look back at and think about the SSL's Times are gonna, we're gonna look back at these times and be like, remember when companies used to just harvest your data and do whatever they want with it? Yeah. Those times are just ending. These regulations are coming, and I don't think anyone disagrees that people deserve, a right to privacy. I think that's all, like, pretty, you know, everyone yeah. Everyone kinda wants Privacy for everyone. I want privacy, but since I live in Illinois, I get nothing. Yeah. That's true.

So, I mean, I think it's something to just get on top of because it's just gonna get in more intense as time goes on. So, like, in that in that, like, Regard do do I just had this idea of, like, a a non legalese

TLDR for, privacy policies and terms. Is that like a thing people do? Like a here's here's a quick recap in plain English.

Maybe even using emoji for for sure. People who don't want to read. Yeah. They do that sometimes.

You know, you have the privacy, label which used to be part of the which is based on the nutrition facts label that you find in in, like, the grocery store or whatever.

My problem with those is that they don't actually end up providing any information. So, like, they'll say, we share your personal data, But then the the list doesn't include who you share it with. Well Yeah. If you share my personal data with your email service provider, cool. That's that's very expected.

If you share my personal data with a data broker, I have problems with that. And then I have to go in and read the entire policy to, like, actually figure out what it is. So I think it's a great initiative. I just don't think we're really there yet in terms of creating this shortened privacy policy, too long, didn't read, That actually provides consumers with the necessary information to make an educated decision as to whether or not to share their personal information with that company. Well, you've you've also expressed concern before with, like, a visual that kinda gave you a high level overview and then to, like, view more, you link into that. I feel like it's been a year since we talked about it, but, like, could that confuse users? I mean, then you just end up clicking on a 1,000 links and getting lost and and, like, not getting all the information in one place. I'm personally the type of person where I like to get all my information in one place. I don't have to click on a 1,000 links to understand what's actually going on, and that just takes a lot more time for the consumer to read the policy at the end of the day. So I like it where it's all in 1 place. I do think the idea of TLDR, I think it's a great idea. I just don't think we've really figured out how to get there yet with a way to present all necessary information to the consumer. Yeah. I'm a big fan of that kind of concept, and I I personally think we're gonna see a variation of that in the future.

I'm curious if people actually get in trouble for this type of stuff, because all the time like, I'll give you an example. I got a text message From a local cell phone shop that I've never been to in my entire life. And what they did is they just went into their list of customers. And they said, all right, these people are going to be expiring soon.

And like, I don't know how they probably got my data from, like, a list of Of customers from my cell phone provider. And then because I lived close, they just started texting me, like literally some guy sitting there texting me. And I was like, You can't do this. There's no unsubscribe. There's no opt out. You're using that information for the wrong rule. And I was like, I'm going to report them to, CAN SPAM, which is Or, Castle in Canada. We have I'm from Canadian.

And then I was like, you know what? I'm not gonna do it. Nothing is ever gonna come of it, you know? Do people actually get in trouble? Like, never mind Facebook and the big companies. But, like, what about the cell phone shop that is clearly abusing

my data? Yeah. So there there's a lot packed in there, but, You're in Canada, so you actually have rights under pipettas. So you can actually file a complaint, and and action could be taken.

You could do that with the office of the privacy information commissioner in Canada Yeah. Or, by the way, the friendliest and most Helpful government agency of all time.

I've had to, like, ask them a couple questions in the past about, like, inconsistencies with laws and stuff, and they are so helpful.

Mom, I'm so jealous. So we'll we'll we'll, email or that can actually be one of the, links we could provide. Like, how Yeah. Canadian, how do you file a complaint so we can make more awareness of this? But, yes. So the news definitely covers Facebook Getting fined 1,000,000,000 of dollars, Google getting fined 1,000,000,000 of dollars. But what isn't really talked much about are 1 person companies, getting dinged, Five figure fines here or there for, you know, changing the email address of one of their subscribers without their consent.

So that a lot of that has happened out of GDPR, which is the privacy law that protects the residents of the EU.

And you can actually go to enforcement tracker.com and actually look these up. So you're at you're gonna see tons of big companies getting hit, but you're also gonna see small companies getting hit too. I just came across a blog where I think, like, a couple dozen people in real estate have been fined in 5 figure territories, for for noncompliance.

So I think it's just the news covers the big ones. And Yeah. But what's happening is there are small businesses getting hit. Now in the US, There really isn't much going on in terms of small businesses getting dinged.

We we there are some lawsuits that are not related to the privacy laws that have happened.

But, really, I think that that there's a couple thoughts here. One, the latest string of privacy laws that have come out of the US have been For, quote, unquote, bigger businesses, businesses that have 25,000,000 or more in revenue, businesses that process the date of 25,000 more residents of a particular state. And just for anyone who doesn't know this, there is no federal generic privacy law just impacting website owners. There's individual states proposing their own Changes. So it doesn't matter where your business is because privacy laws protect people. So you gotta find out, you know, do I get visitors from California, and do those laws apply to me? So that's the 1st aspect you have to go through.

But what's happening in the US is there's proposed privacy bills out right now, several in New York that if any one of them passes, It will allow any New Yorker to sue any website owner for collecting as little as an email address on a contact form, without proper private, New York privacy law disclosure. So if That business owner is not located in New York. Yeah. And regardless of the business's size too. They could be like a 1 person shop in Chicago and and that they Wow. Yeah. That's really I always say, you can't only have policies.

You can't create policies and think you're done. You have to have a strategy To keep them up to date with this ever changing landscape,

because, well, their websites, we get traffic from all over. Like, you know, so it's Mhmm. I don't know. I love the fact that people are getting a right to their privacy. I think it's a little bit of a joke that we, small business owners, have to comply with a multitude of ever growing, ever complex privacy Pause. Do we wanna let's let's get moving to, yeah, GDPR as a concept. And, this is something that I think, You know, web developers were just kind of presented with, especially because a lot of entrepreneurs and developers in our space, you know, get into the space first as Developers not as business owners, and maybe don't necessarily understand some of the implications of some of these things. So, maybe give a quick rundown about what the heck GDPR is. And in 2023,

your average entrepreneur on the web, what do we have to worry about there? So GDPR, PR, a privacy law that protects the residents of the European Union and the European Economic Area.

The UK is not applying to that anymore. UK has its own privacy law, the United Kingdom Data Protection Act, which is essentially the same as GDPR. Just switch the names of EU to UK.

But GDPR protects the privacy rights of residents of EU and EEA.

And, essentially, GDPR has its own set of So for example, you can't collect personal data unless you have an exception or, like, a legal basis. So A consumer consents to their data being collected or a you have to perform a contract or send a contract or there's a legitimate interest in processing the data.

GDPR requires companies that need to comply with it to have a privacy policy that has its own very, very specific set of disclosures, that don't necessarily match the disclosures required by other privacy laws. So let's say you need to comply with GDPR and you have a GDPR PR compliant privacy policy, that does not mean that you're compliant with Nevada revised statute chapter 603 a. Completely different set of disclosures. So GDPR privacy policy will not cover you for other privacy laws.

GDPR is currently very much talked about Because of data transfers, so transferring data from the EU to the US is extremely problematic right now because the privacy shield They used to be used for these transfers, was invalidated a couple years back. They're trying to come up with a new framework, but it's, you know, taking a lot of time. It's very difficult.

A lot of the confusion around GDPR is that everyone assumes that GDPR applies to them even though it really doesn't.

So just because you have a website that may be accessed by someone from the EU by accident, that does not mean that GDPR applies to you. So you need to offer goods or services to residents of the EU. So for example, like, offer your, website in French or provide a special phone number that People from Germany can call, or if you're tracking the behavior of EU residents online through cookies, pixels, or analytics services.

A lot of businesses right now are getting caught up in GDPR because they use Google Analytics, which track people from the EU.

That's a problem because Google Analytics is not GDPR compliant.

So you're being subjected to this law by using a service that's not even GDPR compliant.

So one of the things that I definitely encourage people to do is stop using Google Analytics, switch to a more privacy focused analytics tool,

you know, things like that. What yeah. One asterisk to that. So after GDP or or after, g d Google Analytics was deemed noncompliant with GDPR DPR last year. Yeah. Google Analytics launched GA 4.

Yeah. Which their claim is it is, it is indeed GDPR compliant because it doesn't track users. So we're not giving our official opinion on that today.

We're still kinda waiting for things to kinda flush out.

But, really, that is the broad reaching nature of this privacy law, which is that it can start applying to you the moment you track a user. So if you're using, like, tools like Hotjar or anything else that monitors people while using your website, you gotta keep in mind if that law applies to you because you could be based in, New York City. But if you get traffic from the EU, you gotta keep that in mind. And therein lies the broad reaching nature of privacy laws, which is privacy laws protect people. They don't care where your business is located. So as a website owner, we have to actually go out and find what laws apply to us because Only then can we determine what disclosures we need to make in our policies, if we need a cookie consent solution or not, and if so, what type of cookie consent solution we need,

and so forth. And I think for for website designers too, we're kind of out of the time where we could just pick whatever services look Good. You know, you had the best service, and that's the one that you picked to put on the site.

There's a lot more compliance obligations that come with that. So, really, if you're a website designer, I would, at the very least, provide a list of these third party services that you intend to install on the Site and then allow the the client to do a compliance check and confirm that these are the third parties that we wanna use. Yeah. Okay. And

What about people that say I'm an American business? I'm making an American website.

And if these Europeans want to sign up, Like, I'm not actively I'm not selling in euros. I'm not actively marketing. I'm not translating to German.

What what do you they say? Like, the US is my country.

These are my laws. Like, what are they gonna do? They're gonna come get me and and ship me back to Europe and put me in jail? Are they like, how how does that even work? Like, how how do you have to I'm not I'm not saying that this is what I think, but this is what I hear a lot about is that people say, Why do I have to abide by rules from Europe when I have nothing to do with Europe? So I think

The best answer to this is what somebody at the European Commission said is, you know, you you have nothing what to do with Europe, But in reality, you're taking customers from Europe and you're taking their money. So you do have something what to do with in Europe. So just because you're not Located there, if you are getting money from European customers, you are doing business with them. Right? And I I think at that point you should be considering GDPR compliance.

Now nobody's gonna take you back to Europe on a boat and and put you in jail or Or whatever, but a couple things can happen. So first, you can be fine.

And second of all, you could be required to delete all of the data. So let's say that 10% of your email marketing list is people from Europe, and you make money off of that list by selling them your products or services.

The European government could make you delete that data making a loss of revenue. And, really, GDPR compliance, Everybody thinks it's, like, really, really hard and really, really complex.

And in some ways, it is, especially for larger firms.

But for smaller companies, it's not as complex as you might think it is.

You know, so you should have a compliant privacy policy See, that has all the GDPR disclosures.

If somebody contacts you to delete their data or to access it, you should comply with that request and delete their data.

You know, you should get consent whenever collecting personal information, so having those checkboxes.

And you could potentially need a cookie consent banner. And having those things will prevent you from that huge GDPR enforcement problem.

Because in reality, if you have those first kind of steps buttoned up, Usually, you can be okay. You know, the complaints usually come when you don't provide any privacy information or somebody you're asking you to delete their data and you don't respond to them or you say no. That's where most of the complaints come from. So if you have that top line button buttoned up,

you know, that will prevent most enforcement actions. Yeah. So, like, if Wes was based in Europe right now and he was getting those text from those people trying to sell him cell phone services. Oh, man. Those people Yeah. Not yet. Get walloped under GDPR. They would Mhmm. They would get annihilated, because all you would have to do File one complaint. I'm I'd imagine they'll come after them pretty hard.

And I think, it's important to remember too, like, you know, we have Individual states proposing their own laws here in in the states.

So GDPR, I would say, outside of the There's US businesses, obviously, that get fined for GDPR noncompliance.

Probably good to get on top of it rather than trying to like, okay. I don't need to deal with it. I don't need to worry about it because Variations of GDPR are coming to the US, without a doubt. I mean, they're already here in a lot in a lot of existing laws, but more are coming. There are over 2 dozen privacy bills in the US alone right now. Mhmm. If any one of them passes, it will require updates to your privacy policy at the very least,

when it comes to, the changes if they apply to you. And it's just about respecting individuals too. Like, why is you you're getting these text messages, and they're awful. And I get them all the time, and I hate them. So as a business owner, I'm not gonna send random people text messages Because I know how that feels.

And and I think when people get these spam messages or spam calls, you automatically get this Terrible feeling about this company, of this company is a scam, or they're trying to scam me, or they're trying to get me as a customer, and they're being so intrusive.

Well, as a business owner, I don't want people to feel like that about my company, so I'm not going to violate their privacy.

And how would somebody No.

What isn't isn't allowed? Because I'm thinking of, like, okay, somebody is 3 years out of school, and they have an idea for a website, and they wanna They got a domain name. They're working on it. They're coding things. They have users sign up, and then all of a sudden you go, oh, this could be real.

How do they figure out What what am I am I allowed to do, and what am I not allowed to do? You know, I wanna make sure everything is buttoned up, but I I can't necessarily afford a lawyer right now. Of course. So, you know,

I know that reality so much because I've started a handful of businesses, Termagadine included. And I know when getting going, it's It's very motivating because you have this new idea and you want to burn the midnight oil getting things produced. And sometimes compliance doesn't really come until after the fact.

I would say a general good practice is to ensure you have good policies in place, you know, and and, of course, if you can't afford an attorney at that Early stage of your start up, there are generators out there, that can help you generate comprehensive policies.

And from there, You know, I would say just a good general practice is to make sure you're getting consent prior to you collecting people's data. So making sure you get consent prior to them registering an account And they consent to your privacy policy, for example. I would say that's a good general first practice you could take, so that you at least are Capturing when people agree to your privacy, meaning they've agreed to subscribing to your newsletter if you've talked about that in your privacy policy. They have agreed to Billing relationships, if you wanna have them agree to your terms, and so forth. So if I could give, like, one little nugget of of recommendation, It would just be to capture consent, meaning you have the user. If they're submitting data, they agree prior to submitting data, Or capture consent like a cookie consent solution where they accept nonessential cookies allowing you to put nonessential cookies on the user's browsers.

And what I would suggest doing so and we all do this as as privacy lawyers.

First, determine what privacy laws apply to you.

So On our blog, termagaddin.com/ blog, one of our blog posts is what privacy laws require privacy policy.

And you can read through that blog, and it has all of the factors of who each privacy law applies to. So I would read through that, See if I meet any of those factors. So, like, one of the factors could be makes $25,000,000 or more in revenue. Well, I don't make that, so I don't need to worry about that.

And then once I figured out which laws apply to me, I would go through the rest of the blog because we have compliance guides on each law. So let's say you need to comply with CALOPA, one of California's privacy laws. You search CALOPA compliance guide, And you'll see the compliance guide of all that that law requires. So that can be a great first step, in figuring out what you need. Obviously,

not substitute for an attorney's advice, But it's a great way to get started on just general knowledge of what you need to do. Yeah. I think there's 2 great routes to getting policies early on. Number 1, attorney. Great. If you can afford that, good for you. Congrats. Go that route. Nothing beats having your attorney do it. Number 2, generators. A good built generator a well built a good built A good build generate a well built generator, will help you identify the laws that apply to you, and then will adjust its questionnaire to make those respective disclosures and help you expedite The setup.

So awesome. The web is a mess right now. You visit a website you've never been to and you're just assaulted with Cookie pop up with all these options, and then you've got a newsletter sign up pop up and all this type of stuff. And it's it's kind of sad how awful the 1st visit experience to many websites is, what's the cookie what are cookie laws, and and do Americans building websites need to to have these on their website? Yeah. So,

I hear you. When when when when you say, like, it's it's annoying, like, cookie banners can, just and it's invasive. And I think a lot of people when they visit a website that have a cookie banner think, oh, this company sells my data because they have a cookie banner. It's like, oh, that's Really? Yeah. Oh, yeah. I get that also. Heard that. Oh, well, anyone listening, you can, tweet us or something and let us know if you if you've also felt this way.

But, really, what's happening here is there's several privacy laws that require you to capture consent prior to putting nonessential cookies on a user's browser. And when we step back and think about it, it's because we as web designers and developers, we've been implementing third party technologies that, you know, you embed YouTube videos. Well, You're not just embedding YouTube videos. You are sharing the data now with Google when people play that video and interact with that video, for example.

When you install Calendly, to embed you embed Calendly to book you for a consultation or something like that, You are actually sharing data with, Calendly.

And it's important to understand maybe it's not Calendly, but companies like Google may sell the data that they've now collected on you. And, really, like, what these privacy laws are trying to do is to at least give people the option to say, no. I don't I visited this website, but I don't really want my data to just be, like, Hawked out and shared behind the scenes to a bunch of people who then broker it and then sell it off to other people. So that's why these cookie consent mechanisms exist.

They are to capture consent prior to letting, like, scripts fire and put nonessential cookies on a user's browser. And I I get the you know, I get it. It's, like, kind of invasive, and not a lot of people fully understand it. But I feel, like, personally, like, Well, I'll just say this. I love targeted ads. I think targeted ads are the best. I want relevant ads brought to me. But sometimes when I visit websites, I don't necessarily want their targeted Ads provide be be like advertising to me. So Yeah. I like to decline those types of cookies. Whereas other websites, I'm like, okay. I like this brand. They're fun. I actually wouldn't mind ads from them. I want to accept.

So, really, a cookie consent mechanism is to by default, it's to give People who have privacy rights, that respect, and, like, allow them to have the choice on whether they want their data to be just passed off and shared with third parties or not. A GDPR and UK data protection act cookie consent mechanism is very different than California's CPRA cookie consent mechanism.

California's cookie banner is only necessary if you sell the information you collect. So if you're just, like if you randomly have to just comply with California's privacy law, CPRA, that doesn't necessarily mean you need a cookie banner for that, for those visitors. So,

yeah, does that help? Yeah. It does. And I think one of the main misconceptions about cookie consent banners so with a cookie consent banner, To comply with these privacy laws, you need to get consent for these cookies. Right? Mhmm. So any cookies that are essential so, like, without those cookies, the website would break. You don't need to worry about those. Those are accepted by default. All other cookies We're talking about, like, like login cookie

and Just information that would make the website work. It's not necessarily that you're tracking them, but somebody logs in and you're storing a session token in their cookie or like that. That's actually a great example of an essential cookie. Meaning, if that if all you have are essential cookies being utilized and put on users' browsers, You do not need a cookie consent mechanism because you're only, using essential cookies, meaning the website's not gonna work unless you have them.

Yeah. It's only when you're using cookies like Google Analytics, Facebook ads, LinkedIn ads, any of that kind of stuff. Pixels. Any Cracking pixels, that's when you need a cookie consent banner.

And to get consent, you need to have an accept option and a deny option.

So any cookie consent banner that just says, by using this website, we assume you're okay with cookies. Okay.

Or cookies are delicious, and we like them, and you should keep them. And the answer option is accept or okay or whatever, and there's no decline and no no option.

All of those are not compliant.

In addition, there are a lot of what we call placebo cookie consent banners out there where they don't actually do anything. So regardless on what you click on there, the scripts still fire or don't fire.

Really, the script should all be not Firing until the user clicks accept or until they click yes or okay.

And if a user clicks decline or clicks the x button, then those scripts should not fire. And, just 1 more thought here. If if you don't like cookie consent if you're listening and you don't like cookie consent banners, you don't wanna have 1 for your website.

Can you adjust the nonessential scripts being utilized on your website and possibly remove anything That would allow you to not have to have a cookie consent in the 1st place because West just gave an excellent example of an essential cookie where it's like, I need this cookie to work So that people who log in remain logged in. Like that there's no consent necessary for that. So if you're only using essential cookies, you don't need a cookie consent. So, like, that might be a good motivating factor to reduce the amount of third parties you're sharing your website day visitors' data with. Or you could also enable geolocation

where the cookie consent banner pops up only for the people who have the right to see it. Yeah. You know, and nobody else Use it. So that's another option too. That's what I was gonna ask is that I'm here in Canada, and

I get Cookie banners all over the place and most of them, if not none of them, they don't apply to me. And I'm wondering, like, I don't I don't want to see these if I don't there's no and I think Republic will start to see browser APIs built into the browsers where you can accept them. And This whole pop up business will has to change at some point, but, it seems like everyone is just throwing them up for almost everywhere, every visitor on their website. And it seems kinda silly. And like you said, I if you just click the x, the website works exactly the same. And I'm often wondering, like, what are they even doing here? I I think Just doing it for show.

So for Canadians, you do actually, need to get the sent of residents of Canada to collect their personal information.

So that's why you're seeing the cookie consent banner because, for example, Facebook ads will collect your IP address and device identifier, to track you using those ads. So they need your consent to track you via those ads, so that's why you're seeing them.

In terms of when you click on x, the website looks completely the same.

That's correct.

The only difference should be that you're not being tracked by, for example, Facebook ads or LinkedIn ads. So the site should look the same because the essential cookies are still enabled,

but you're just not being tracked by these particular scripts. But but you said, like, if you embed a YouTube video, you have to pop that up. So, like, would I, the developer, have to say, If they have not accepted the cookie consent, I can't embed a YouTube video in there? Not ex so there's a lot of third party consent solutions Out there where they have already done all the work behind the scenes so that if a user denies

functional cookies like a YouTube embed, When they get to the page that has an embedded YouTube video, within that embed area, they'll see the option to accept.

So they would just accept on page, And that's when the script will be able to fire and load the YouTube script. Yeah. But when you're a website developer, basically, what you do is you Implement the code for the cookie consent banner, and then the cookie consent banner controls all the scripts. So it's not like you need to go through each and every single script usually or,

You know, kinda deny or accept things or configure it. Usually, the cookie consent script itself configures everything for you. You can always manually set 1 up too, but there's an argument to be made A pain in the butt. Yeah. Because, like, scripts like, third party tools will change all the time. So, yeah, it's kind of a balancing act whether you wanna do it yourself or Yeah. Or have a third party do it. So but it's messy. I mean, I can't deny it. I like, when you go to a website, it feels kind of invasive, like seeing this cookie banner.

And, Wes, I I agree that, you know, browsers taking that responsibility on, that would be very nice where you could just set your settings once,

And then websites can respond to your settings. Like, come on. That has to be the future. So A lot of new privacy laws are Actually, saying that that should be developed is like a universal opt out mechanism. And in the UK, they're reforming their privacy law. And one of the things that they are reforming is who needs a cookie consent banner, and they're trying to relax those requirements. Cool. Google Analytics

would be considered a nonessential, marketing slash analytics, script. Yeah. That's used. So GA four is when it starts to get a little bit more, Dicing. Yeah. Up for interpretation.

I feel like within the next 6 months, we'll get an answer as to GA 4. Personally, I think it is perfectly GDPR compliant.

I know. Yeah. And do not a dozen. So,

we're we're we're We're waiting it out before we give our official opinions. So just a general rule with Google where you try to look up you you know, you're trying to use their one of their services, and you try to look up what personal information it collects.

And after going through, like, 5 hours of research, you still get can't get a straight answer.

And it's such a high High risk product because data protection authorities are constantly looking at Google products Salivating all the time and constantly finding that for that clients. So I personally would not use it until it's been confirmed by the data protection authorities that it is compliant, but that's just because I haven't been able to find any Accurate information as to what it does.

I would use it. And if the data protection authorities say don't do it, then I would remove it. This is why I control the Grips on our way. Yeah. Yeah.

If you're out there wondering what kind of alternatives there are, there are Ackie is 1. A c k e e is a Privacy focused analytics. Fathom is a popular one as well. Yeah. They end up being, like, pretty all Fathom. Bare bones compared to Google Analytics, but they're they work and, you know, I don't know. Google Analytics overall, you can't necessarily rely on that information anyways given how many people are running blocking scripts in general nowadays anyways.

Yeah. Yeah. Yeah. You'll get less Data with the alternatives,

but you also get less chance of being fined or getting in trouble. So for me, it's it's worth the Trade off, but, obviously, it's every person's decision what they wanna do. And the the websites that are, like, you know, all about high conversions, like, we get millions of visitors every day, and, You know, every change they make to a pixel of their site matters. Like, that's gonna be a lot more difficult of a conversation. But if you're an everyday website owner, You know, maybe taking a little bit of a privacy focus won't be too much of a sacrifice. I'm just I'm just going through your personal website,

to see. I denied.

Is there anything on your website that will not work if I deny the cookies? Because I denied it And then try to create an account, and that seems to have no problem accepting my data.

Is are those different things? Is that because it's privacy policy versus cookies? That's right. Data that you submit is not related to cookies at all. So the cookie consent is just for cookies.

But, yeah, there will be some things that won't work, like videos won't load. You'll see a prompt, like, on our homepage, you'll have to accept and stuff like that.

And really, it's just, yeah. I mean, And and just so you know, we're a US based business. We partnered with an EU based provider for the cookie consent solution we offer our customers. So Termageddon really at its core We're just policies, but we partner with a, consent provider that's based in the EU.

That's a

Rabbit hole we could dive into. There's no data transfer issues there. But when you submit, like, your name and email on a contact form. That's governed by the privacy policy usually.

That's your choice whether or not you wanna submit that information.

With cookie scripts, You know, if you go on to a website without a cookie consent banner, those just fire. Right? You have no choice of whether or not you wanna submit that information to those cookie script Providers.

So cookie consent banner just basically allows you to make that choice of I wanna consent to this or I don't.

And if you don't, that's okay. You just won't be tracked by certain But if you do, the website still works.

Yeah. Awesome.

Yeah. I'm impressed. You go to the cookies.

I denied the cookie banner in, like, a fresh browser. And you go to the cookies in your dev tools. This has no data present, which is not something you see on almost any website, which is very impressive. So,

well, I will know, it's okay that if cookies still Fire if they're essential cookies. So, like, in West provided an absolute perfect example, which is law a cookie to store login session data. Like, that's Absolutely necessary.

It is there's no deny button necessary. So maybe that's a good motivating factor for people. And let's be real. I mean, even Google said they're they're preparing for, like, a cookie less world in the future. So, you know, it's just good to be practicing here. And And I always like to share this example, which is that a lot of website owners think they don't share data that they collect. They're like, I don't share any of the data I collect. And I always asked like when you submit an inquiry on a contact form, when someone submits an inquiry on your contact page, do you receive an email in your inbox with that person's Email address. And sure enough, if they say yes, that is sharing data with your email service provider.

And therein lies just how Easily, we all share data in this day and age, which I always say it's not a bad thing at all. It's great to use third party tools to help you Run your business as efficiently as possible. It's just the fact that it needs to be disclosed these days, so that there can be that transparency, which I think ultimately is gonna be something consumers are aware of.

And and cookies is Like, what what if we're using local storage instead of cookies? That that applies as well. Right? Cookie is just kind of a an a word that they use for storing data. That's right. Yeah. You're not sharing that data with third parties, so that's already a big plus sign. If you're storing it locally and then somehow,

Like, using that for marketing analytics purposes, maybe you have to make a disclosure, but that's pretty that that usually, it's stored locally for,

Like, log in session data, for example. Are, like, certain things that you can do to avoid the cookie consent banner. So let's say you have Google Fonts. Right. So you install Google Fonts onto the website, so you need to have a cookie consent banner because that collects IP address, And it's not necessary to the operation of the website to collect the IP address, but you can just host the fonts locally.

And that way, they won't collect any user data. So you still get the benefit of the product, and you still get the fonts. You just don't collect any data unnecessarily.

So there are certain

kinda little things that you can do like that that prevent a lot of headache in the future. Not to mention, technically, your website will load slightly faster too since you're not making a call to Google,

in that situation. So That's fascinating. It makes total sense, but I never considered that Google Fonts would be Considered, something that you would need a cookie banner for. So that that is really fascinating to hear.

Anytime that I post anything about Google Fonts, I get Everybody's like, yo. But we don't use Google Fonts. It's awful. Like and then it's just like, well, do you know that? Like, you can just host locally. You can download the thing and and pop it on. It's not a big deal to do that type of thing.

So that's that's a really good point. A company was

fined for using Google Fonts.

Really? So yeah. Yeah. And, the data protection authority said, You don't need to collect IP address to display fonts. You just host them locally.

And, yeah, they got fined for that. So Yeah.

Wow. That's that's wild. But I like I like that you locally store, for multiple reasons. But yeah.

And and for the record, anyone who wants to judge me, I still like the Roboto font. So

So a question about.

And you might not even know any of this, but the whole AI thing that is starting to blow up recently. Do you have any thoughts on How this is going to play into legality, or is it just too early?

Oh, man. I could talk about this for 5 days and forever on And so I'm part of the so I guess the first aspect of it, part of the American Bar Association and the Chicago Bar, There's a lot of ethical concerns with attorneys using CHa GPT, for example, because a lot of law firms are saying, well, you can just put your brief into CHa GPT, And it will read through it. You can look up case law on there. And, basically, they found that it's number 1, it's almost always wrong. And number 2, if you input any data into CHaD gpt, it becomes the property of CHaD gpt, and it becomes, Viewable by Chatt GPT. So you're actually breaking attorney client, privilege by using it, which is really interesting. And on the second point, I actually recently did a study, which is available on our blog, on can chat GPT write your privacy policy? And I basically did a couple different tests based on how much information I provided to it. But the only way that and this this is my finding, is the only way that Chatt GPT can write a compliant privacy policy is if you tell it what privacy laws apply to you and you've already determined that, if you tell it all of the disclosures that your privacy policy needs to contain and if you tell it, your actual business practices as they relate to those disclosures.

So, really, unless you're a privacy lawyer, it's completely useless for writing up your privacy policy because it's not based on any of that information. And if you don't give any of that to To the Chad GPT, then it won't work. And, really, if you are wanting to give all that to Chad GPT, you're gonna spend, like, years trying to figure that information out.

So it's really not gonna save you any time, I think.

So, yeah, that was a really interesting thing that I did. Well, also, didn't it wasn't it last week Italy banned? Yeah. Because it was collecting way more personal data than what was necessary to provide the service. So it's being, investigated by by Italy's government there.

I I think it's it's a cool tool, and I I like it because it can help me write greeting cards to family members that I don't necessarily care enough about to spend a lot of time writing it myself.

You know, and it it's cool in that sense, but I I think there's a lot of Problems with how people are trying to use it, like, trying to have it write legal documents for you.

It's not a lawyer. It doesn't update. It doesn't know the latest laws.

And it I guess you should ask Chad GPT itself whether it's, you know, competent enough to write Legal documents, and it will tell you that it's not. So

And, personally, just my 2¢, I feel like the introduction of plug ins, it's gonna be huge for chat g p t. Yeah. That's gonna be cool. It's gonna be Yeah. Yeah. I I I guess I'm on the I'm I'm buying it. I'm buying all the hype. Like, it's Yeah.

Plug ins are gonna open up. I mean, I saw with the WordPress industry how plug ins just blew up that industry. And to think that you can now have extensions like that,

on On top of that massive powerhouse fun tool. I mean, it it is fun. I think it can be really useful for writing emails or writing, like, You know, notes or or whatever where you don't know how to phrase something. I think it's definitely very, very useful technology. I did think we just have to be careful on how we use it. Yeah. I I bet we'll start to see, like, on prem solutions. So something a lot of companies

that have very tight security Things they'll they wanna use GitHub, but they're not allowed because they can't store their data on GitHub server. So GitHub will literally Come slap a box in their data center and it all runs locally. It's called on prem. Right? Like, I'm curious at what point we'll start to see It kind of already. But, like, where's the on prem chat GPT that lawyers can plug their brief into and it never goes outside of their own Office.

That's genius.

Yeah. Yeah. It's funny that you say that, Wes, because I did just see a a tweet today that was saying, this is a real need who's building it. And It is it is something that somebody is probably working on a good solution to that at this very second, but also definitely something that's going to happen. Also wonder if there's a lot of lawyers out there who are just, licking their lips knowing that a lot of people are getting their legal advice right now from chat GPT.

Yeah. I've actually had a few conversations Annoyingly, we got into talking about chat GPT, and and they're a lawyer, and they're, like, expressing some very d very big concerns from a copyright infringement

Yeah. Did you guys hear about this new technology where, it's an AI that helps you fight traffic tickets? It came out pretty recently, and, basically, what the point was is that you would put an air AirPod into one of your, ears during a court hearing, and it would help you on what to say. And this is wonderful because the first case came up where they were gonna test this out. And, basically, the court said, whoever is behind this tool, we're gonna put you in jail for trying to coach defendants on what to say and how to get out of tickets.

And they tried to get this system to help this man fight his ticket, and then they chickened out at the end of it, because I think one of the supreme courts of the state said, yeah. This This is, like, unlawful practice of law and and defrauding courts and all of this kind of stuff. And they said that they were gonna fight it, But I'm really curious as to whether or not they will use their AI to fight this,

or if they'll chicken out again. But It's called do not Hey, the world's 1st robot lawyer. Yes.

Yes. Yeah.

That's wild. The one. Honestly, that's Interesting because, you know, there are a lot of people who cannot afford legal advice or good legal advice. For sure. But I think that problem can be solved with legal aid where you have Attorney providing pro bono hours and providing, like, actual legal advice and, you know, helping these people because, yeah, a lot of people can't afford attorneys, But we as attorneys should make legal services more accessible instead of having these unproven AI tools Just whisper in a defendant's ear, and then the defendant is supposed to just, what, put their whole life in the hands of this AI? Yeah. You know? That's That's not right either.

Yeah. Legal services. It'll be interesting to see how because those are gonna butt heads a lot, I think. Because, You know, do you really wanna depend on an AI to I definitely would not. Prevent you from going to Chicago. Do. Oh, yeah. Sure.

If it's, like, a $50 ticket, you know, whatever.

Like, if you're about to, like, potentially lose your license to go to jail or something, man, I would not wanna, you know, throw those dice. There there is a line in the sand somewhere. Yeah. And it's about a $50 ticket.

I'd be willing to do a $500 ticket. Not anything about that at all. Yeah. Yeah. Like, I would like to, like, feed it my

local laws and and a parking ticket I got And be like, given all of these inputs, did could you find any loophole that I can then explore? You know?

Yeah.

Yeah. I don't know. It's too fine to do that.

That that is exactly what you are prompt to be.

Oh, that's good. Let's Talk about,

your you you've done a fantastic job of not plugging your own company. So let's talk about what your company does. Sure. So we're from Termageddon, and we create website policies. So privacy policies, terms of service, disclaimers, end user license agreements, Cookie policies and the dreaded cookie consent banner, except our tool will actually tell you whether or not you need 1, so you can at least figure that out, which will be easier.

So the way our service works, is we ask you a series of questions. So the first set of questions helps determine what privacy Laws apply, and therefore, what disclosures your policies need to contain. And the remainder of the questions are based around those disclosures, and then your policies are created. And And after your policies are created, you get an embed code. So the embed code goes on to your website's policy pages and displays the text. And after that, we keep track of privacy laws and privacy bills. So if anything changes, new law passes, existing law amended, new rules, new regulations, anything like that, we can automatically update your policies for you. Yep. So when 3 months, when 4 more privacy laws go into effect,

1 in Quebec and 3 in the US.

Them, and we'll push the respective updates to their policy pages.

So we're $99 a year. You get a full set of policies, no hidden cost, none of that stuff.

And, yeah, if you also, if you're a web designer, you know, I I ran a web design development shop, for for several years. We actually give web agencies a complimentary set of our policies for free in the hopes that you like our tool and, would consider or affiliate programs so you can help your clients get protected as well while making a new recurring revenue stream. You can just find that at trimageddon.com.

And At the top, you'll see agency partners, and you can apply there. Yep. Cool. What I really like about your company is that you have such knowledge of The web specifically, most of the time I'm getting, emails or talking to legal representation who want to write a privacy policy for me there. 1st and foremost, their small business layers are are blanket service.

And and not that they wouldn't know their stuff, but Y'all seem like you really know the web, and and I think that's a a big differentiator Thank you. In this industry,

for people who actually know know that You know, the tech behind it. I, I it all started when we went on on one of our 1st dates, and, I was like, what do you do? And she's like, I write privacy policies with their law practice. I was like, oh, I just copy and paste those whenever my clients ask. So once we realized those 2 things, we kinda Yeah. Yeah. We kinda joined forces. That's the first It's a red flag, I think.

One of many, babe. Yeah.

One of many.

Sure. What a team.

Next section is our Sick pics and say shameless plugs. I don't know if you, read the, the document. Did you come with a sick pic yet? I've been waiting for this For the last hour. Alright.

So Hans and I have been really, really into the show. For anyone who liked lost, it's kind of similar in a way.

It's called From, and it's available on Apple TV, and that's f r o m.

And it is So good. But don't say anything else. Can I just say the basic premise? Don't do the basic. I want I want people to just, like the good news is within the 1st episode, There in the 1st episode, you'll know if it's for you or not, and our lead in would say, if you've ever seen lost and you liked lost, You're gonna like Fromm. And one of the actors from lost is actually in Fromm. Main character too. It's it's really good. We just recently got hooked on it. I think they're coming out with season 2 soon. So yeah. This is why we joined the podcast. We we just wanted our sick pic to come out.

Oh, so I don't see from on Apple TV. I'm looking for it. FROM.

We've been watching it on Apple TV.

It says Paramount plus. Yes. You can watch it on Paramount plus 2. Oh, yeah. So I guess it is Paramount based. Yeah. Yeah. It's MGM Network.

Ugh. It's So good. And nobody's talking about it either, which is kinda weird. It's one of the my favorite new shows.

Hence, why we picked it. Yeah. Yeah.

Yeah. Pick pick? Always looking for cool stuff like this, so thank you. Yeah. I'll definitely give this a check.

And, anything you would like to shamelessly plot? I mean, term again. I mean, if you're if you if you aren't ready to hire an attorney to monitor privacy laws and keep your policies up to date over time, Our service is $99 a year. You get a full set of policies that automatically update over time. And unlike any competitor out there, We are the only tool that helps you identify the laws that apply to you, and then our questionnaire adjusts and asks you the questions necessary to make the respective disclosures you're specifically required to make. And if you're a web designer, you get a free set of our policies for life. No credit card required. We manually prove you. We legitimately manually send you a personal welcome email. We've done it to 6 over 6,000 manually approved partners. And has seen a lot of websites. I have seen a lot of websites. And, And, yeah, you know, as a former web agency owner, I can I just hope that I can help you, help educate your clients on the importance of policies and let them make the decision if they wanna comply with or not? And and this is not just a US only thing. Right? I'm just reading Canada, US, Ireland, UK, and Australia.

Yep. And we have plans to expand further very soon here. Yeah. How do you keep up on the laws in so many countries?

Yeah. Just so it's a process. So I use a service called, LexisNexis State Net.

So that gives me alerts for any US Privacy bills. So, like, you just write in your search term, and it sends you alerts. Yeah. For the rest of it, the International Association of Privacy Professionals, the ABA, CBA, all of those things. So it comes from a lot of different sources, and there's a lot of proposed Privacy bills. So we have a state privacy bill tracker on our blog that you can find,

and I am so sick of updating that thing, but I have to update it all times. Day almost daily. Yeah. Yeah. So it's her full time job. Like, not even kidding. Like, all day every day, she's just monitoring that stuff. Wow. It's wild. Yeah. It's funny because the moment that anything about Canada was mentioned,

Donati, you seem to, like, rip just, like, instantly beyond the Canadian, lot. That was really super impressive. So yeah. So we're actually Canada's great.

We're actually kinda friends with the person who wrote Canada's privacy law. So,

that's nice. Passed a new privacy law too in addition to the federal privacy law, and Canada is just so nice. And and we jokingly never had a bad experience with your government. So we jokingly say that no one gives enough credit to Canada's privacy law, pipette.

Man, I like, I feel like the I'm the hipster of privacy laws. I think that's the coolest Privacy law of them all. Yeah. I think it smokes GDPR.

I think it's so cool. Yeah. It's funny. I I went to school, for, like, an IT degree, and That was a big part of it. Thankfully, they're actually teaching it in schools as, we called it pepita,

which was Sounds delicious. Oh, so I I might be saying it all.

Pipita. Some people call it pipetta. I guess it just depends. I have heard pipita before. Really cool about Canada is that you guys have provided so many resources to businesses on how to comply. Like, there's videos, there's articles, there's charts. Yeah. There's just, like, a wealth of resources. And in the US, we don't have that. We get regulations which don't match the law.

So, you know, I wish we could kinda take a page out of your For sure. Yeah. They're they're pretty good. I'm I'm redoing my checkout right now, and I have a bunch of questions around, Like tax law in Canada. Like, right now, I have to collect information to prove that they're not Canadian and, like, what that information is. Like, what's enough To prove that someone is not Canadian.

So I'm, like, redoing it. And Canada has been great. You can just pick up the phone and ask them questions all all the time.

Awesome. Well, thank you so much for coming on. Really appreciate this. It's been very enlightening. It's kind of interesting to be able to ask these questions that everybody has, and Hopefully, the listeners learned a thing or 2 as well.

It was a pleasure. Bring us back on anytime. If you ever wanna if any updates happen, you wanna we'd love to chat with you again. Thank you for having us. Yeah. It was it nice to have, people who know what you're talking about instead of us just

trying to guess. So sincerely appreciate it. Thanks. Bye. Thank you. Bye. Cool. Peace.

Head on over to syntax.fm for a full archive of all of our shows.

And don't forget to subscribe in your podcast player or drop a review if you like this show.