Okay
  Public Ticket #1596045
GDPR
Closed

Comments

  • Manuel started the conversation

    GDPR in Germany is a big issue and you have to pay a lot of money if you don't fit in the GDPR with your website. I found out your slider uses jquery that does not lie on the webspace you install it. It lies on the google server. By that google could track the user on my pages. That means I can no longer use the slider or any other product I have from you wich is also using external sources. Such as Libraries, Google Fonts or whatever.  It is very critical and the first website owners have to pay because of google fonts. That is really, really bad.  Can't you put it all locally on the server?
    Thanks, Manuel

  •  752
    Igor replied

    Hi,

    I am sorry but I really can't see how a google can track your website users if you are using google fonts. Can you please explain this part? 

    Regards,
    Igor

  • Manuel replied

    Hello Igor, 
    I can not explain that technically in detail. I can only tell you what the lawyers say. 
    Google says "Google Fonts logs records of the CSS and the font file requests, " 
    "We use data from Google’s web crawler to detect which websites use Google fonts."

    And in Germany this is a problem for the GDPR. You must ask BEFORE you collect data. So normally you should have a popup saying if its ok to set a cookie, and a popup asking if it is ok to use google fonts and collect this way and a popup asking if it is ok to use google maps, and a popup if it is ok to use JQuery from outside, and so on, before you open the page, but this is not realistic. So we have to remove everything (or put it on our own server) so nothing could get tracked.

    It is really a problem and I hate it, but the first people have to pay now because of google fonts. 

    Regards, Manuel

  •  752
    Igor replied

    Hi,

    I honestly hate when lawyers are trying to explain IT stuff. Google collects data about the website which is using their fonts and not about the users who are browsing your website. Are you saying that someone has already been fined because of using Google fonts on their website?

    That is ridiculous!


    Regards,
    Igor

  • Manuel replied

    Hello Igor,

    yes, the first have received a cease and resist order with a 750-1000 Euro fee. 

    They collect the IP address of everyone who uses the fonts or JQuery libraries as far as I know and that means they know you and they can track you. 

    Lawyers are the pest of our time. 

    Manuel

  • [deleted] replied

    Here is a Joomla plugin for  your problem, the install is easy enough, setup takes a wee bit but watch the video tutorial and also check the site forums.

    I use the EU E Privacy Directive plugin on 4 sites, including my own. This allows use to accept or decline cookies iaw EU GDPR. 

    Depending on how you set it up I have set certain modules for example contact form only to be visible if a user accept cookies. If at any point they chose to decline cookies that module disappears. I use the same for external links to vimeo, youtube etc. User have to accept cookies which coincides with the privacy and cookie polices my sites

    https://www.richeyweb.com/software/joomla/packages/9-eu-e-privacy-directive

    I agree with Igor, Google is not tracking a user who goes to a website, they track the website where their products and services are located. However if someone is using gogole anaylics then yes that data is collected but is for the site owner only.

    This is where the Richey's plugin come into play. 

    Hope this helps

  • Manuel replied

    Hello Scott,

    I use this also on my 32 Websites. It is the best plugin available for cookies, but it does not help me with the other problems. 

    The cease and resist orders are reality here in Germany. Other countries changed the GDPR and the fines are smaller, but that does not help me. External sources like JQuery libraries and fonts and so on are a problem. 

    By the way: Do you think Google is so unselfish to give away the webfonts and the other stuff for free without getting something back? I don't think so. Someone has to pay for the servers. It is a good thing that the people start to think about that. 

    Wikipedia: Google has been suspected to collect and aggregate data of internet users through the various tools provided to developers, such as Google analytics, Google Web fonts and Google APIs. This might allow to figure out a user’s route through internet by storing it’s IP on each site (cross-domain web tracking). Linked to other information made available through Google APIs, which are widely used, Google might be able to provide a quite complete web user profile linked to an IP. This kind of data is invaluable for marketing agencies, and for Google itself to increase the efficiency of its own marketing/advertising activities.

    Best Regards, 

    Manuel

  • [deleted] replied

    even if Google is collecting data, it's 3rd party and your cookie and privacy policies will cover that issue. 

    The other option would  be to have a site specific font directory on your server and edit your sites to use that font directly over google.

    the simplest is to have a html5 and CCS3 page with static images and text no forms or external links


  • Manuel replied

    It would only cover it if the user has the chance to say no when he visites your site. Before the google fonts are activated. With a popup like the Cookie popup. 

    "the simplest is to have a html5 and CCS3 page with static images and text no forms or external links"
    my next projects will look like this because the small customers don't want to risk to loose their business (up to 4% of the income is much) because of a mistake on the website. The bigger problem are the webshops I can not simplify that easy.

    To use google fonts on your own server is easy and no problem. You can simply download them. More complicated is this jquery stuff. It is not easy to know if a script connects back home to give away informations.  

    Maybe in 1 or 2 years some things change when the first courts decided what is the way to go. What is "legitimate interest" and what not. The main idea behind the law was to protect us from data-collectors like google and that is a good thing.