In January, 2022 a German court ruled that a website owner was in breach of GDPR and should pay a € 100,- fine, because embedded Google Fonts were use …
In January, 2022 a German court ruled that a website owner was in breach of GDPR and should pay a € 100,- fine, because embedded Google Fonts were used, essentially transferring the user’s personal data (IP address) without the user’s prior consent.
When an external (i.e. loaded from another server, besides your own) resource is embedded into a webpage, it basically means that the resource behaves as if it’s loaded from the same server hosting the webpage.
Because of the way the internet works. When a browser (i.e. computer) requests a file (e.g. an image or a font file), the server needs the IP address of that computer to send it back. All these requests (including the IP address) are logged in a so-called access.log
.
Once this IP address leaves the European Union, your website is violating the GDPR.
GDPRess scans your homepage for 3rd party scripts (JS) and stylesheets (CSS), and:
In short, it makes sure no requests are made to external/embedded/3rd party scripts and stylesheets.
/wp-content/plugins/gdpr-press
directory, or install the plugin through the WordPress plugins screen directly.GDPRess' Start screen, simply click Scan Website to start.
After running the initial scan, external requests are listed. Exclude a file when e.g. you suspect it might not work properly when it's downloaded.
Google Analytics is automatically excluded, because simply downloading the file is not enough to use it in compliance with GDPR. Click on the link in the tooltip for more information.
Google Fonts is supported, but when many font families and/or font styles are detected, GDPRess will offer an alternative approach to optimize the request.
When the selected files are downloaded, the URLs of the local copies are listed.
No, because there are other plugins (like Asset Cleanup or Autoptimize) that are already excellent at that.
GDPRess parses the stylesheet for defined src urls. But if it somehow missed it, I’d love to hear about that, because that might be a bug. Please head over to the support forum and submit a ticket, and include the full URL to the external stylesheet.
No, because much more is needed than just downloading analytics.js/gtag.js to your server. To use Google Analytics in compliance with GDPR, you need CAOS Pro.