Whew, it’s been a remarkably busy spring with lots of exciting developments for the PortlandLabs team. We still need to come up for air and make some public announcements. Stay tuned for more on that stuff soon.

In the meantime, everyone’s scrambling to deal with these new GDPR requirements. If you’re not already aware, the European Union has come out with some new rules regarding how website owners manage other people’s personal information. If you read our blog at PortlandLabs.com, you’ll know we’re big believers in a distributed internet that respects individuals’ privacy. We think the ideas in GDPR are great. Of course with any new regulation, there’s a lot of confusion and fear as people try to determine what it means for them. We’re not offering you legal advice, but here’s what we’re doing about it:

  1. We’ve updated our own Privacy Policy. Frankly we didn’t have to change anything because we’re already zealots about transparency and being good stewards of your information, but you should check it out.

  2. We’ve added a overlay message that lets visitors of this site know that we do use cookies (which we should have been doing years ago) and that they should check out the privacy policy.

  3. We’ve added a form to make it easy for people to request their data be removed, or to get a copy.

  4. We’re adding an age check on our sign-up form. I think it’s great that people of all ages learn how to code and share content with concrete5. We also try to run a very inclusive and safe community in our forums. That said, you need to take on the liability of claiming you’re 16 years or older to have an account here.

  5. We’re documenting our systems that store personal data, backup, and data storage processes so we know there aren’t copies of your personal info sitting around. We’ve hired Lisa Nicholson as our Chief Information Security Officer (CISO) and DPO under GDPR. We’re very excited about her joining the team in June. She’s coming to us from Janrain, where they are entirely focused on securely managing identities with corresponding  personal information for some of the largest brands in the world. We’re lucky to have her.

  6. We’re purging our eNewsletter list in order to comply with the new GDPR rules. The next time we send that out will be the last time you get one unless you sign-up for our new list here.


That’s all about concrete5.org (the website) and the 3rd parties we use to stay in touch with you. Frankly, we were never doing anything particularly “big data-ish” with tracking in the first place, so this is mostly housekeeping.


Now onto concrete5, the content management system you use for your own sites. The next major version of concrete5, 8.4.0, will feature a significant number of improvements to facilitate compliance with the EU General Data Public Regulation. Among the changes:


  • We’ve made it easier to delete certain bits of data log like entries containing user data.

  • We more thoroughly scrub the database when users are deleted

  • We only set cookies on users when custom code demands it, or when users login to their concrete5 installation.

  • We provide a link to the privacy policy on concrete5.org from any concrete5 CMS pages that load the background from it.

  • We’re no longer passing backgroundimages.concrete5.org through Cloudflare to reduce automatic cookies coming in login.

  • When installing concrete5, you’ll have to check a privacy notice on installation. We’ll also provide information on how to reduce connections to concrete5.org if you desire.

  • We’ll provide a similar privacy notice in dashboard if it wasn’t set on installation.

  • We’re thinking about ways to quickly search and sanitize user contributed content like the Conversations block or Express Forms. That’s not always easy, but anything we can do to improve searching so you can hunt down this data when someone requests it to be deleted is worthwhile.


There’s also a few add-ons in the marketplace you might want to check out:




More big news from us soon!