Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
MyBlogLog was a blog community and audience analytics service launched in 2005 and acquired by Yahoo in January 2007. It displayed which readers visited a blog and tracked outbound link clicks. Yahoo shut down MyBlogLog on 24 May 2011. Any remaining mybloglog.com snippet is a legacy compliance risk: third party US transfer, marketing cookies and no working consent flow.
MyBlogLog was a blog audience tracking and community service operated by Yahoo Inc. between 2007 and 2011. It tracked visits, outbound link clicks and reader avatars on blogs that embedded the mybloglog.com JavaScript widget. Yahoo shut down the service on 24 May 2011 but the snippet still appears in older WordPress and Movable Type templates today.
MyBlogLog combined three features: a community widget that displayed avatars of Yahoo users who had visited the blog, an outbound link tracker that wrapped every external link through mybloglog.com to count clicks, and an audience analytics dashboard hosted on yahoo.com. It required only a JavaScript include to be active.
While active, MyBlogLog set Yahoo session cookies (Y, T, B, BX on yahoo.com), recorded visitor IP addresses, user agent strings, referrer URLs and a MyBlogLog user identifier when the visitor was logged into a Yahoo account. Outbound link clicks were proxied through mybloglog.com endpoints, which leaked the source page and the destination URL to Yahoo.
The MyBlogLog widget set non essential cookies for audience measurement and social profiling, none of which fell within the strictly necessary exemption of Article 5(3) ePrivacy. Prior, informed and granular consent under Article 6(1)(a) GDPR was always required. Because the data was sent to Yahoo in the United States, a valid transfer mechanism under Chapter V GDPR was also needed, which the service never documented adequately.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
MyBlogLog has been offline since 2011, so no consent dialogue can produce a working integration. Any residual snippet on a website now results in failed external requests to mybloglog.com but still discloses the URL of the page to Yahoo DNS. The correct response is removal, not banner adjustment. CMP categories such as Statistics or Social Media should not list MyBlogLog as an active vendor.
MyBlogLog was hosted in the United States on Yahoo infrastructure. As of 2011 no European data residency option existed and Yahoo did not publish a Standard Contractual Clauses agreement or Transfer Impact Assessment for the service.
Grep your codebase, theme files and Tag Manager containers for the strings mybloglog, mybloglog.com and MBL. Remove every occurrence. Update your cookie scan and Records of Processing to drop MyBlogLog from the inventory. Document in your retention policy that the integration was disabled on the date of removal.
Websites using MyBlogLog must obtain user consent under GDPR regulations.
DPIA considerations
A formal DPIA is not required because MyBlogLog is discontinued and serves no operational purpose. The relevant action is to inventory and remove every legacy mybloglog.com tag. If a site still carries the snippet, the controller should document why it was not removed, treat the residual processing as unlawful (no valid consent flow is possible) and update the records of processing accordingly.
Sample consent text
This site historically used MyBlogLog from Yahoo to display reader activity and track outbound links. Yahoo discontinued the service in 2011 and the integration has been removed. No personal data is collected by MyBlogLog on this site.
Third-party domains contacted
mybloglog.compub.mybloglog.comstatic.mybloglog.comyahoo.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| Y | Marketing | 1 year | Yahoo session cookie historically set on yahoo.com to identify a logged in Yahoo user across Yahoo properties, including MyBlogLog. |
| T | Marketing | 1 year | Yahoo tracking cookie used to recognise the visitor across yahoo.com pages and link MyBlogLog data to a Yahoo profile. |
| B | Marketing | 1 year | Yahoo behavioural cookie used to associate browsing activity, including MyBlogLog visits, to a Yahoo profile for analytics and advertising. |
| BX | Marketing | 1 year | Yahoo cross site cookie used for audience measurement across Yahoo properties such as MyBlogLog. |
MyBlogLog places tracking cookies for advertising — comply with GDPR using FlowConsent.
When the service was active, MyBlogLog relied on Yahoo session cookies (Y, T, B, BX) set on yahoo.com, plus a MyBlogLog user identifier when the visitor was signed into a Yahoo account. Outbound link clicks were redirected through mybloglog.com which exposed the source and destination URL. Since the service is offline today, those cookies are no longer written, but residual snippets still trigger DNS lookups to mybloglog.com.
Yes. MyBlogLog set non strictly necessary cookies for audience measurement and social profiling. Prior, informed, freely given and specific consent under Article 6(1)(a) GDPR and Article 5(3) ePrivacy was always required. Since the service is discontinued, the practical answer is to remove the snippet rather than ask for consent.
Consent (Article 6(1)(a) GDPR) was the only valid basis. Legitimate interest could not be invoked because the processing involved third party social profiling tied to Yahoo accounts and an outbound transfer to the United States.
Yes. All MyBlogLog requests were sent to Yahoo infrastructure in the United States. Yahoo did not publish Standard Contractual Clauses or a Transfer Impact Assessment for the service. After Schrems II any active deployment of MyBlogLog would have been unlawful absent specific supplementary measures, which were not provided.
A full DPIA is not required because the service is discontinued and no longer processes data. Controllers should document the legacy integration in their records, run a one off scan to confirm removal, and update the cookie policy accordingly.
Remove every reference to mybloglog.com from your codebase, theme files, plugins and Tag Manager containers. Re run a cookie and tag scan to confirm. Drop MyBlogLog from your records of processing and from any CMP vendor list. Keep a dated note of the removal.
Modern, privacy aware alternatives include first party audience analytics such as Matomo, Plausible or Simple Analytics, plus on site comment widgets like Cactus Comments or Hyvor Talk for community features. None of these recreate the Yahoo avatar community concept, which is now obsolete.
Delete the MyBlogLog entry from your cookie table and vendor list. Note the date the service was removed from the site. Add a short historical mention if previous versions of the privacy policy referenced MyBlogLog, so that visitors who saved older policy versions can see the change.