Why I No Longer Allow Blog Comments on Luana.me


As of May 25, 2018, I no longer allow blog comments on my personal blog.

I could sum up the reason with one word: GDPR.

That’s the EU General Data Protection Regulation that came into effect on May 25, 2018, and it applies to all businesses, organizations and websites that deal with EU citizens (not necessarily located in the EU).

And yes—it applies to personal bloggers as well.

So a change was necessary.

GDPR Compliance Can Be Time-Consuming and Stressing for a Personal Blogger

I mean it.

Let’s imagine for a moment that I decided to keep blog comments open.

Under the GDPR, email addresses that you leave in the comments, along with your real name (if you choose to use it) are seen as PII (personally identifiable information).

Sometimes even the text you enter in the body of the comment may fall under PII if it’s combined with personal or sensitive information – although this part of the comment is public and therefore it’s not considered PII unless you add PII in the comment body (ugh).

Now, WordPress automatically stores all this information in a MySQL database under my hosting account, that means that any hackers messing up with my hosting account might access and download your email and IP address stored in it.

The sad truth is that I don’t have the time and the resources to monitor server and database access logs 24/7—I have plugins monitoring that on my business websites, but I need to have personal sites to stay unmonitored at any time without running risks.

So any site feature and plugin that stores visitor information in the database is now gone. Fewer visitor goodies maybe, but definitely a less stressful life for me.

And now we come to the pack of user rights:

  • Art. 15 – Right of access by the data subject
  • Art. 16 – Right to rectification
  • Art. 17 – Right to erasure (‘right to be forgotten’)
  • Art. 18 – Right to restriction of processing

The GDPR Art. 12 GDPR, third paragraph, states (bold formatting is my own):

The controller shall provide information on action taken on a request under Articles 15 to 22 to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.

This is huge for a personal blogger.

Unlike a business blog, a personal blog is a side project, something a person runs on their free time to enjoy some freedom and relax.

When personal blogging begins to add to the stress life itself already gives, it’s generally a good idea to halt blogging or close the blog altogether and (maybe) go back to private diaries.

Having to keep an open channel with commenters at all times because of that one-month feedback rule GDPR forces upon website owners who collect PII even in the form of comments is more than stressful – it’s overkill.

It means you can’t get away from personal blogging at any time and just “be offline” because some old readers might request data deletion at any time and you only have one month to comply.

Even if you keep that email account always running on your phone in case a data removal request comes in while you’re enjoying that one-month holiday abroad, it means you can never be completely offline even if you need to.

It’s not healthy.

And well… honestly, I’m not putting up with that.

Anonymous comments without IP addresses and emails? Ideally yes, I considered that, but I know that moderation would turn into hell and my host might even suspend my site if random anons in comments start flame wars of generally discriminatory flavor.


So I’m sorry and I’m forever going to miss comments, but they are gone permanently.

To sum it up, here’s what you can no longer do here:

  • Post a comment or leave any kind of feedback to be stored on my servers
  • Have direct interaction with me and other readers using this website (no comment forms, no forums, no tagboxes, no social media widgets)

What you can do on this blog post-GDPR

  • Read content (of course!)
  • Vote/like that content (the button is a simple counter and your IP is anonymized)
  • Download free/CC0 content
  • Copy my personal email address to message me through your local email client

Alternative Ways to Leave a Blog Comment on Luana.me

I thought hard about this and I think I found a few ways to allow you to comment on my blog entries that will not put myself under stress.

There are three methods essentially:

  • Email me your comment (add a reference or a link for me to understand which post you’re commenting on)
  • Share my post on social media and add a comment in your post there (mention me as @LuanaSpinetti so I get the notification!)

The third way is an extension of the first one (email):

  • Ask to have your comment manually published under my post (like I did here). This is safe from a PII perspective because it’s just text that I manually input into my blog post and there will be no IP and email addresses stored on my servers. However, PLEASE make sure that what you want published is something you are okay with staying online permanently.

Thank you!

Email me at lu@luana.me if you want to leave a comment on this post.