Podcast audio transcript

DrupalEasy Podcast 237 - Donata Stroink-Skillrud (Termageddon)

Audio transcript


[0:01] Hey now and welcome to Drupal Easy Podcast episode number 237.

My name is Mike Anello and in this episode I have an interview with Donata Stroink-Skillrud one of the founders of Termageddon dot com.

That's a service that helps you keep your sites, Privacy Policy, Terms of Service and other site policies up to date.

And I might add all for a very reasonable price.

In my opinion, this is an episode that everyone who owns, maintains or builds a Drupal site should. Here before I get to that, I want to mention Drupal career online.

[0:39] So 2021 is the 10th year of Drupal career online, and next semester begins on March 1st.

Drupal Career online or, as we call it, the D. C. O.

Is the longest running long form Drupal training program in existence.

Twice a week for 12 weeks, we focus on best practices for building and maintaining Drupal eight and nine sites.

We cover things like composer, developer, workflow, information, architecture, views as well as module and theme development, and more so if you're interested or if you know someone who's interested,

or if you know someone who needs it.

[1:19] Check it out at Drupal easy dot com slash d c o.

If you or someone you know applies, you can use the coupon code 10 years when applying and you'll get 5% off the cost of the course.

That's Drupal easy. Com slash d c o.

[1:40] So I've been wanting to do a Privacy Policy Focused podcast episode for a long time, but it took until now for me to find a qualified guest Donata more than met my criteria. So let's get.

[1:53] Music.

Interview With Donata Stroink-Skillrud

[2:01] I'm here with Donata Stroink-Skillrud, Donata, how are you? Hi, I'm doing well. Thank you. How are you?

Pretty good. So let me introduce you to everyone s So everyone This is Donata. This is everyone.

Uh, Donata is the president of Termageddon, which we're gonna talk about What Termageddon is in a few minutes.

But you're also a licensed attorney, a certified information privacy professional as well as the vice chair of the American Bar Association E Privacy Committee.

[2:34] So there's a lot there, So let's break that down a little bit.

[2:40] So I wanted to have you on because, um, I just went through the process of updating our Privacy Policy.

[2:47] And I kind of, you know, the last time we did our Privacy Policy, I think, was three years ago, and I did what I suspect most folks do.

And that is just copy and paste stuff that you find around the web. This is Oh, that seems like that applies tow us and kind of make this Frankenstein Privacy Policy.

Andi, I've kind of known that having a static Privacy Policy you're not reviewing it every so often.

Whatever that time period is is probably not the best thing. So it being around the holidays, Um, you know, my client load is kind of slow down a little bit, so I said, Okay, well, this is a good time for me to dive. Dive into it.

Um, and I was out there on Twitter and LinkedIn and just doing some searches and stuff, and I found Termageddon, which is a service on. I think maybe we'll talk.

Well, I don't think I know we're gonna talk about that more in a minute. But it's a service that provides policy Privacy Policy ease, Aziz Well, as keeps them up to date.

[3:48] Yeah, that's kind of the point of this conversation, but let's go back and learn a little bit more about who we're talking to.

Um, S o do not know what is. What does it mean to be a certified information and privacy professional?

Sure. Eso certified information Privacy professionals are certified by the International Association of Privacy Professionals.

Um, if you ever want to learn about privacy, I encourage everyone to go toe I a p p dot or GTA and it is the largest privacy organization in the world.

I'm actually the chair off the Chicago chapter here, and the I P P has created a certification mechanism.

So essentially, what you do is you study about privacy laws and what they mean and how they apply on DWhite.

Somebody needs to do to comply with those privacy laws. And then you take a test Onda.

Once you take a test, you get well, if you pass, I guess, um, you get certified of as a certified information privacy professional and you know, we also have to keep our certifications up.

So every single year, I have to dio a certain amount of studying and a certain amount of educational events and privacy to keep my certification up.

But it basically the point of it is to show others that you're an expert in privacy.

[5:11] So is this something that's only available to attorneys? Or is this anybody? It's anyone that's interested.

Eso If you go toe i p p dot org's you'll see certifications on Ben. You can click on that and learn more about the various certifications that are offered.

Um, and they're offered Thio. Anyone who's interested in privacy, You don't have to be an attorney. You don't have to work in privacy.

Um, but if you are interested in it, it's definitely something that I recommend.

[5:39] And it sounds like a lot of it is probably geared around online activity. But not all of it, I'm guessing.

Yeah, that's correct. Eso it really depends on what certification you get.

You can also get a certification in a technology.

So if you're working in I T, you might want to consider that certification. Or if you're managing like a privacy team, there's a different certification that you can choose as well.

And there's different certifications based on you know what areas you're interested in or what Privacy Policy you're interested in.

So it's really a lot of different choices and and flexibility.

But the one that I have is mostly focused on online privacy. Yes, so let's go ahead and compare and contrast that this will be like a college essay question with the American Bar Association E Privacy Committee that your vice chair off?

Yeah, So the American Bar Association for Anyone that doesn't know it's basically.

[6:39] A very, very large group of attorneys in the United States that are interested in keeping up to date with developments in law in their area that they're focusing on eso.

The Privacy committee helps other attorneys keep up to date with privacy developments.

Eso You know, we have different events that we plan, um, that help attorneys understand different developments or keep up to date with different developments.

Eso It's also group that's mostly for attorneys that are that are interested in privacy. So I guess the biggest difference probably is the I p. P. You don't have to be an attorney to join versus the A B. A is mostly for attorneys.

[7:20] All right. Very good. So, in reading about Termageddon a little bit, I learned that you and your husband founded the company.

You being an attorney and him having, um, run a digital agency for a number of years.

[7:36] So very much seemed like a chocolate in my peanut butter type thing where it was a good match for a site like this. Is that pretty much the genesis?

Yeah, exactly. Eso before Termageddon I was actually writing. Privacy Policy is for my clients.

[7:52] Eso I was doing them one at a time, and I noticed that I was asking my clients very similar questions about their privacy practices.

So, for example, like, what personal information do you collect?

What do you do with that information who you share it with? And then I noticed that I had, like, five or six templates that, as you said, I would Frankenstein together on D end up with the final Privacy Policy.

And I noticed that that process was very cumbersome on, but to be honest with you, very boring.

Um, it was very repetitive. Eso I wanted to figure out a way to automate it.

And for him, you know, he had his own Web design agency, which he's successfully sold to come over to Termageddon full time.

And he noticed that his clients would always ask him, like two days before launch.

Hey, I think I might need a Privacy Policy. Where do I get one? And you know, he would either have to copy and paste some template first clients, or he would refer them to Privacy Policy generator.

But he wasn't really getting anything in return.

And he's like, You know what? That's not fair. I'm you know, I'm giving all this business to someone, and they don't even really care that I exist.

Eso That's how we came up with Termageddon So did it start off?

Um, with just Privacy Policy is because I know now. So this is what I ended up using. I think I mentioned that, um, and I know that there's other, um.

[9:20] Other policies that you can generate using Termageddon.

Actually, just the other day I did our Terms of Service is Well, um, but when it first started, was it just Privacy Policy ease? We always started with the privacy policies Terms of Service disclaimer and end user license agreement.

So we've had all four since the very beginning.

Um, but what's really interesting is that when we initially started the business, we thought that only U S based companies would be interested in working with us.

Um, which was a really big mistake.

Eso we actually started getting people reaching out to us from, like, Canada and the U. K.

Saying, hey, like, can we use your service? Um, so that was one thing that we learned was that, you know, we should not have thought of this is a product that only us cos we're going to use eso.

Pretty recently, we launched compatibility in Canada and the UK, which has gotten a great response.

Eso It's really interesting as US based lawyer to try to figure out, like the terms laws and other countries.

[10:25] Um, it's definitely been a very interesting experience from that point of view, right and Termageddon. And this is not a brand new thing that you have been around Termageddon since I think 2017. Is that what I read?

Yeah. So that's when we initially started. Obviously took a long time to get all of the policies engineered initially and, uh, you know, and to get the system built up.

And what's really interesting to is that with privacy, law changes were constantly re engineering things.

[10:56] Eso we're always adding new stuff and a new feature. So it definitely has not felt like three years.

Um, it's gone by a lot quicker than that.

[11:06] Yeah, that's, you know, you just touched on a point that I mentioned earlier.

And I think a lot of folks who either have their own sites or who build sites So you know, I'm from the Drupal community.

So a lot of folks who listen this podcast or building sites for for their for their clients And,

I know in the back of my mind for a long time it's, you know, I've always thought man that you know, that Privacy Policy on that client site I know is five years old, and I know that it's probably wildly out of date.

[11:37] But up until I started doing my homework a few weeks ago about how you know, you know, is there are service, um, that that can provide me with up to date.

Or like, how do I How do I wrap my arms around this? That was kind of one of those things I kind of worried about for a long time is you know, am I going to get burned one day? Because I'm not keeping things these things up to date.

[12:00] Um, so I've got a few kind of big questions around all this stuff that can hopefully answer.

Help some other folks out as well.

Eso let's start with you know, something very basic you mentioned a couple minutes ago that Termageddon does Privacy Policy ease Terms of Service disclaimers and end user license agreements.

So do do all sites always need all four of those.

Or, like what are the in general broad stroke conditions under which a site might need one and not the other?

[12:33] Sure. Eso I know it's definitely could be a confusing topic for a lot of people. It seems like a lot of documents like Do I need all of this? Do not need all of this s o when it comes to Privacy Policy.

Any Web site that collects what we call personally identifiable information or pii II needs to have a Privacy Policy.

[12:54] Now P. I. Is any information that could identify someone.

So, for example, name email. I p. Address phone number.

Eso as a developer, The main thing that you should know is if a website has a contact form or for website has analytics is collecting P II, and it needs to have a Privacy Policy.

[13:14] So when you're building a site and you're building that contact form, that's when the light bulbs should go off in your head.

And it's not necessarily sharing or selling or even using the P I that's collected.

It's just collecting it when it comes to a Terms of Service.

A Terms of Service is a document that basically lays out the rules of using a particular website, Andi.

It helps limit liability. So a great, um, kind of thing to look out for on websites is third party links.

So if a website that you're building includes links to Facebook, Twitter or LinkedIn or any other third party website, that's when you want a Terms of Service.

Because if somebody goes from your website to a third party website and gets a virus or scammed or something like that happens, they can come back to you.

Andi, you could potentially face, um, liability there. So you want to make sure every exactly eso pretty much any website You want them to have a Terms of Service because you want to limit your liability.

Another great example is e commerce. You know, you want to answer consumer questions about refunds and cancelation shipping those things air done in the Terms of Service.

[14:35] Um, if you're potentially worried about copyright infringements, Terms of Service can help protect you. There s Oh, that's a great point of which you should look out and have a Terms of Service.

A disclaimer. The best way that I can explain a disclaimer is like, if you've seen those exercise videos from the nineties and you know how at the beginning they'll have the,

please stop exercising if you feel faint or if you don't feel well, um, that's a disclaimer.

Eso You usually need a disclaimer if you are participating in affiliate programs if you are providing exercise or health tips.

Um, if you're providing any information that could be seen as legal advice, those are the main areas in which you would need a disclaimer and then, lastly, an end user license agreement or a U L. A.

You need that. If you're selling software like package software s O, for example, if I were to go on a store and purchase Microsoft office, I would get an end user license agreement.

And that's what that ISS well, how about if you're like a music artist and you're selling downloads of your music directly, is that would that require Ula as well.

No eso That's different. If you're that's a u L. A. Works for software.

Eso. If you're selling package software, that's when you need it.

[16:00] I was just making the argument that a like an MP three file or not. The argument. The question is an MP three file A.

You know, a piece of software in the eyes of the law, and it sounds like you're saying it isn't not really no.

Okay, so let's go back to Privacy Policy really quick.

So it sounds like if you have a just completely static site, meaning there's, like no forms, not even a contact form if you add Google analytics, for example, to your site.

[16:30] That would trigger the need for Privacy Policy. Exactly. Yes.

Eso Google Analytics will collect an I P address, which is considered P.

I s at that point, you need to have a Privacy Policy. And then, in addition, Google's Terms of Service when you,

actually install Google and analytics, you have to agree to their terms of service and their Terms of Service specifically requires you to have a Privacy Policy.

[16:57] All right, so another question, This is something I thought I you know, it was kind of I figured it was true, but you actually confirmed it in one of our email exchanges a week or so ago.

Um, you mentioned a contact form. If you have a contact form that collects information, I was never 100% sure. Does that mean if that information is being stored, like in a database on the Web server?

Or what happens if that information is just, you know, put into a form, hit a button and it just sends an email on nothing else on?

And, um, I believe you explained it to me that it doesn't matter where that data stored.

That's correct. Giving you data, you need a Privacy Policy. Exactly. So it doesn't really matter where it's stored.

It doesn't matter if you use it. It doesn't matter how you use it like you could never look at it again and you would still need to have a Privacy Policy.

And the reason for that is is because privacy is are relatively unique.

[17:55] Privacy Policy protect consumers and not businesses and privacy laws were written in such a way that they haven't extremely broad application.

So a great example is the California Online Privacy and Protection Act, which applies to any website that collects the P I of California consumers.

Now, if you think about your website, and if you think about the contact form that you're building, anyone from anywhere could submit their information on your contact form,

meaning that California consumers could be submitting their information, meaning that callable will apply to,

virtually any website, which I think a lot of people miss.

So, you know, in the U. S. California has a couple of privacy laws. Delaware has a privacy law in Nevada, has a privacy law, so a lot of people will think.

OK, well, I'm not located in those states, so I don't need to worry about that.

But that's actually not the case. What matters is who's P I. You're collecting where you do business and where your customers reside.

So, for example, I'm here in Illinois.

Let's say I have a customer who's from Nevada.

That's sufficient connections to that state, meaning that I have to comply with Nevada's privacy law.

Even though I'm not located there. And let's say I've never stepped foot in Nevada, that doesn't matter.

[19:12] So you mentioned something which I don't even have a written down that I was gonna ask you. But it triggered something in my mind.

And I think that I read, you know, sometime in the past couple of weeks, while I was doing all this that the California Privacy Law does that Onley kick in for certain sites of or businesses of certain size?

Or wasn't there some criteria for that or my my off based on that?

Yeah, you're correct. Actually, it's so nice to talk to somebody who, like, did their research.

And I'm sorry that you had to do that because it could be frustrating for a lot of people.

So California actually has to privacy laws.

One is the one that I previously mentioned Kelapa, that one does not care about the size of your business or where you're located.

[20:00] The second one is the California Consumer Privacy Act, which is a law that was passed recently, and it was actually recently amended by the California Privacy Rights Act.

And I think just that combination of the three illustrates how complicated this could get on.

But you really want. An expert is taking a look at this, but the C C P A.

The second Privacy Policy does usually apply to larger businesses only.

So if you have like a certain revenue threshold or,

if you sell 50% or if you receive 50% or more of your annual revenue from selling the P I of California consumers, or if you collect the P I of 50,000 or more California consumers per year,

so generally speaking, the CCP A will apply to larger businesses.

Onley. However, one big portion of the C c p. A s vendor management.

So if you're a developer and you're doing business with a large company like let's say you're building a website for a large company and you have access to their databases.

[21:05] Um, just through the nature of managing their site and you have access to that P I, your customer might actually require you to comply with the CCP A.

Because if you have access to their P II and you're not compliant, that means they're not compliant.

Eso It's important to check your contracts. Um, if you're doing business with larger companies, especially ones that are based in California, you should definitely check your contracts to make sure that they're not requiring you to comply with the CCP A.

Just because you're building them. A website.

[21:39] Okay, So my next question was gonna be why you're Privacy Policy so difficult to write and maintain, But I'm pretty sure you just answered that.

And I'll give you I'll give you a great example. Just from my process over the past couple of weeks is I had no idea until a couple weeks ago that Nevada had privacy loss.

Exactly. E don't know when that happened, but, uh, it's not in my circle of like daily news where I would even like that would ever be on my radar, right?

Eso if I can illustrate an example for you right now, there's right now.

There's 23 proposed privacy bills in the United States, um, those air bills that I track on a daily basis through three different software programs that send me alerts.

Um, now, as more privacy laws were passed, Privacy Policy is will change.

So right now, we have a certain number of privacy laws out there.

There's a lot of stuff happening in California. So, for example, when a new privacy laws passed, the state attorney general will come out with regulations.

[22:48] California's regulations have now been updated a total of four times in the last year and every time the regulations update your Privacy Policy updates, right.

So unless you have alerts set up for the California attorneys, generals like Privacy Section, you won't know about this.

Um, and that's something that makes it really, really difficult for small businesses to have enough to date Privacy Policy,

because you have all of these changes to existing laws and you have all of these states proposing their own privacy laws. And that's not even to discuss, like other countries.

So, for example, Canada has a privacy law, and right now they're considering changing that law to allow consumers to sue businesses directly for privacy law violations.

So and it's not just consumer, not just businesses that are based in Canada.

So it's really something that you know you have to keep track of because you have to update your Privacy Policy each time.

But it's really hard for small businesses to do that because it's very time consuming.

It's difficult because you have to read laws and interpret them and understand the cases and what the wording means and keep track of the regulations.

Um, you know, and that's what makes Privacies difficult for small business owners, and that's why we started. Termageddon is to help make that process less painful.

[24:11] Yeah. Sounds like a great business opportunity for someone who can get through all of that legalese and still be awake.

Yeah, I am not that person. We're very lucky that I love my job. Very lucky.

Alright, So I guess the question is then how often should Privacy Policy policy be updated?

And you know the wide open question. Obviously, it probably,

you know, there's a lot of it depends, But maybe we could just say, like, what's the minimum amount of time that an organization should like, Set their stopwatch for that saying, Hey, we haven't update our Privacy Policy and,

three months, six months, nine months Like what's what's? Is there any advice there?

Sure. So you know, if you ask me this question like, five or 10 years ago, I will probably never, um, you know, down to three days every three days.

It's not eso, you know, if we look at how Privacy Policy years ago, um you know, consumers didn't really pay much attention to it.

Regulators didn't really pay that much attention to it.

Um, no one paid that much attention to it. I mean, you copied and pasted some template, and that was it.

[25:25] Um because of the Cambridge Analytica scandal that all changed eso in 2018.

That happened, and consumers became very upset about their p I I being scraped and shared and all of that. So they pressured their legislators to create new privacy laws.

[25:44] Um, I can tell you that in the last year we've updated our clients policies.

I believe five times eso you had Nevada's privacy law was amended, so we had to make an update for that California Consumer Privacy Act.

And the regulations updates Brexit, which was a big update as well.

So in reality five years ago, the number would have been zero.

Now the number is probably five or six times over the year, sometimes less, sometimes more.

I would say at a very minimum, knots if I don't touch on the regulatory updates and the law updates at a very minimum, you should be updating your Privacy Policy every time you're collecting new P I I.

So if you amend your form and now you're collecting phone numbers and you never collected them before, if you want to use P I for new purposes. So, for example, if now you want to send an email newsletter.

Um, you should update your policy if any of your privacy practices has changed.

And then also, I think at a minimum you should definitely review it at least once a year to make sure that it's accurate.

[26:57] Okay, and that's kind of what Termageddon does, right? So this is a service that folks pay for on for.

I believe plan started $99 a year and correct me if I'm wrong on that $10 a month or 99 a year. Yes, yes.

Okay. And that's for one site Privacy Policy for one site on that basically.

[27:22] Um, you know, I went through the process with Termageddon and there's I don't know how many questions there were, but there are a bunch of questions about what kind of data we collect, what we're gonna use it for.

[27:32] Um, you know where we do business and questions like that. And then the policy was generated and it's kind of slip because its's generated, um, automatically.

And then I was provided with basically a little bit I frame code that I put on our, you know, on Drupal easy dot com slash privacy and poof, there's our brand new Privacy Policy.

So I'm assuming that if there's some tweaks the language that that you make in the next month or so there's really nothing I have to do.

Well, in some cases, there would be nothing that I have to do. I'm just, you know, automatically. I would get that the new text coming through the I framed I have that right?

Yeah. So one license basically protects one website. So it has a Privacy Policy Terms of Service disclaimer and end user license agreement, and you can use the ones that you need.

We don't charge extra based on the laws that you need to comply with,

um, and essentially, when a new law is passed, we update your policy through that code eso Most of the time it is automatic.

We could just add some language or take some language away from our end.

But if a new law passes that require some obscure disclosure that we couldn't answer for you, we might send you a question in an email. So, for example, let's say new law passes that asks you to disclose whether you sell information.

[28:53] We just sent you an email asking you, Hey, do you saw information? You click yes or no, and then your policy is updated accordingly.

[29:01] Alright, so let's wrap this up. And this was the trickiest part for me personally, Um, was there was There were some things that we were doing. We're starting a ADC, an online ad campaign.

Um, in the next few weeks here and there are some privacy implications there. And it wasn't a so far as I could tell. There's nothing like in the questionnaire that directly corresponded to what we were doing.

[29:27] Um, so it was kind of up to me to, you know, figure out Well, how do I write this and include as part of our Privacy Policy, you know, im Termageddon and you can override sections of the Privacy Policy if you want. With your own language.

Um, I ended up just just adding kind of like an addendum to the end. But that person almost not important what I want to talk about and, um, you know, we exchange emails about this. I'm pretty sure what I'm about to say is correct.

But please, you know, correct meter or add on as you see fit.

[29:58] Um, for the stuff that I had to add, which I think a lot of folks we're probably gonna you know, everyone's got weird edge cases here and there.

I think what it all comes down to in a Privacy Policy or a lot of it, let's say, is what's being collected.

[30:15] Why is it being collected?

[30:17] Where is that data's going like, What is it go? Is it staying with your company, or is it being shared with other companies or other organizations?

Um, how can I opt out?

And I guess opt out was almost How can I opt out from you even collecting data on me?

Or how can I opt out? Say, Forget about me for GDPR which I can't believe we're 29 minutes in and this is the first time either of us has said GDPR One of things about GDPR is you have thio.

The consumer has to give consent before you can even start collecting data.

So that's, you know, I kind of figured all out all of those questions, and I wrote kind of our addendum based on those questions.

Do I have all that like it's faras broad strokes? Are there any big questions that I'm not answering? This part of that?

[31:07] Sure eso the questions that you just said are based on your business and exactly what you dio eso.

The way the questionnaire works is the first set of questions. Help assess determine what privacy laws applied to you and then based on what Privacy Policy supply to you, the remainder of the questions change.

So, for example, if you need to comply with GDP are and nothing else, you're Privacy Policy will look one way if you need to comply with GRPD/CCPA.

On let's say CALOPA, but you're Privacy Policy looks completely different.

Eso it's all based on what Privacy Policy apply to you, and that's why the questionnaires need to be dynamic.

And that's why the beginning we figure out what privacy is applied to you because if you don't do it based on what Privacy Policy apply to you. You can end up with something that's completely different.

Eso, I think. Yeah. You know, if you look at it from a general perspective, Yeah, it's what information you collect. What do you do with it? Who you share it with.

[32:10] But, you know, certain privacy laws have very specific disclosures.

Like, for example, what's a toll free number that a consumer can contact you at? Thio, Um, Thio ask you to stop selling their p i s so it can get very specific based on what Privacy Policy apply to you as well.

Well, I think that that's about all I you know I can think of to ask you at this time.

I mean, I know that you you know, you answered a lot of my questions online over the past couple of weeks, So I wanna say thank you for that.

[32:43] Um and I would just encourage I mean, folks, you know, I can't imagine that there's anybody who listens to this podcast,

who isn't thinking that I think I fall into the into the category of I may need to look at my Privacy Policy. Or I might have a client that needs to look at theirs.

[33:03] Um, so I encourage everyone to go and check out Termageddon dot com. So it's t e r m a g d d o n Donna. I want to thank you very much for your time here over the holidays. I appreciate it.

Of course. Thank you so much for having me on. I'm always happy to talk about privacy.

Ammand, help answer any questions that our customers have or that any of you have.

[33:28] Yeah, you saw me in a conversation on Twitter about it and you and your child in which was, which was very nice. And I appreciate it.

That always helps when, you know, you do have a couple of competitors out there that I saw and, um, you know, being ableto find someone who is willing to engage in a one on one conversation online is, you know, very helpful. So I really do appreciate that.

Thank you. Okay. You are very welcome. And thank you very much. Donata. Let's move on to the next segment.

Thank you for listening to the DrupalEasy podcast.

[33:57] Music.


[34:07] Now, before you run off and start updating your Privacy Policy, which I know you're about to do.

If you like what you heard, please subscribe to our podcast, and you can find us on any of the major podcast services.

Or if you use YouTube regularly, you can subscribe via youtube dot com slash Drupal Easy.

We also provide a transcript of this episode at Drupal easy dot com.

[34:32] Finally, if you have suggestions for future guests or topics, please let us know on Twitter at Drupal Easy or via the Drupal easy dot com contact form.

Thanks for listening, Seeya.

December 31, 2020