GDPR Traps

  • burnuser

    (@burnuser)


    1 year, 5 months ago

    Kadence Blocks is a really good plugin and a valuable enrichment for every Theme, but sadly it contains 2 very evil GDPR traps, because loading ressources from external (USA) servers without prior user consent is not allowed in Europe: https://gdpr-info.eu/

    A) Using additional Google Fonts in Advanced Typography Settings:
    Great feature, but these fonts are fetched from Google Server, which is a severe (and fined!) GDPR violation in Europe.
    So, an option to load Google Fonts locally (like in Kadence Theme, but usable in every Theme) would be necessary in Kadence Blocks to comply with GDPR.

    B) Inserting Kadence “Google Maps” block works out of the box. But displaying the map on the frontend with pageload is also a GDPR violation out of the box.

    To make Google Maps (or any other embedded service) GDPR conform, it needs a 2 step approach:

    1.) No external server connection on simple pageload: Show only a local placeholder image or button (including an added GDPR warning and consent advisory)

    2.) Only a click on the placeholder or button (= active user action as consent) loads the content from external server.

    Maybe you could change something in this direction to make Kadence Blocks legally usable with all out of the box features in GDPR Europe too?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Ben Ritner – Kadence WP

    (@britner)

    1 year, 4 months ago

    Hi!

    Thanks for the suggestions. We are planning a global setting for local google fonts will be added soon (for those not using the Kadence Theme)

    For maps I’ve been trying to figure out the best approach, maybe a consent that adds a cookie so every page load doesn’t require consent and then something were we can also check for a different cookie, perhaps one set by a consent plugin.

    Ben

    Thread Starter burnuser

    (@burnuser)

    1 year, 4 months ago

    Thank You for your kind response!

    But I have an additional suggestion to the described Maps solution with cookies.
    It’s a great idea, whith much comfort for users at the end. But not without problems: Each consent (= click) must be given on an informed base (requires an explanation and a link to the “pivacy policy” page of the website) and also be REVOCABLE. So, any cookie solution (or anything else with a permanent setting) must integrate an option to withdraw the given consent too.

    https://gdpr-info.eu/art-7-gdpr/

    https://gdpr-info.eu/recitals/no-32/

    I would suggest: Start simple!
    If every page-load requests an additional click to see the map, it is not much effort for users. But NO effort for you to make the consent revocable, because consent (= click) must be given for each new loading of the map (= transferring user IP address to external Google server) separate.

    • This reply was modified 1 year, 4 months ago by burnuser.
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘GDPR Traps’ is closed to new replies.