Chapter in this post:
The General Data Protection Regulation of the European Union, or GDPR for short, is intended to offer Internet users in the EU more rights to their data and more transparency when dealing with them. Of course, this entails a lot of effort for individual website and web service operators as well as companies that are directly or indirectly active on the web. Many companies and web service providers are currently rotating to update websites and services, update data protection declarations and incorporate legally compliant cookie information. On the other hand, there are companies, law firms and users who have only waited to put the first GDPR warnings into circulation. Corresponding reports are already available.
First GDPR warnings after a few days
"Warning because of missing data protection declaration", "Warning because of integrated Google Fonts", "Warning because of incorrect integration of Google Analytics" - these and other headings can now be read after one and a half weeks in a wide variety of media and specialist publications. The wave of warnings and lawsuits, which was dismissed as unlikely in advance, is picking up speed. And contrary to the assumptions of many website operators and self-proclaimed experts, it does not only affect large companies and global players. There are even warnings for Facebook Like and Share buttons.
Reports on EU GDPR wave of warnings
In the following I have listed a few sources for you with reports, tips and approaches on the subject of GDPR warnings. In the first source of E-Recht24, several cases of a GDPR warning are listed. The respective situation is presented and under the heading "What to do" is listed which steps the affected persons should take. The cases mentioned above are dealt with.
- E-Recht24 article with a list of known cases and assistance
- Data protection guru blog on the topic with additional links and podcast
- Forum discussion on integrated Google Web Fonts
My view and opinion on the subject
As a web service provider who has my hands full with updating customer websites and own projects due to the EU GDPR, I of course form my own opinion on the regulation, content, enforcement and warnings. I find the law and regulation in itself to be welcomed, but it could have been more realistic. What particularly bothers me about the matter:
- Many politicians and experts have said that there will be no wave of warnings; one shouldn't worry. In fact, there are now various lawyers who are filling their pockets at the expense of the small website operators, even though the GDPR was actually intended to curb the data collection frenzy of Facebook, Google and Co. From my point of view, it hits the wrong people again.
- Even if you as a website operator go to great lengths to make the website GDPR-compliant, the use of Google Web Fonts actually makes it easy for lawyers to diligently distribute GDPR warnings. Anyone who uses Google fonts is likely to unintentionally transmit at least the visitor's IP address to Google, meaning that their website is no longer data protection compliant. And there is no option to anonymize the IP address here, as is relatively easy to do with Google Analytics. In addition, over 50% of the world's websites are already running with WordPress and most WordPress themes also use Google web fonts. While SSL encryption and GDPR-compliant Like buttons are still fairly easy to implement, this is much more difficult with Google Fonts. According to his statement, my webmaster, who also takes care of the blog and the WordPress behind it, tried on four different WordPress websites make a change so that the Google fonts are hosted locally and are not loaded by Google. His sobering result: Different problems have surfaced on every website that even he couldn't get completely under control with over 10 years of daily WordPress experience. How is a halfway average blogger supposed to do that?
- The last point, which follows a bit on the first, is the fact that the GDPR primarily puts pressure on the smaller website operators. These would have to deal with the anonymization of the IP addresses in Google Analytics and similar services, which for most of them certainly meant a few days of work, as one cannot easily read into the topic. From my point of view, it would have made more sense to force Google and Facebook themselves to anonymize data that is determined by German or European website operators. And here one should carry out controls and introduce draconian penalties for the data collectors instead of punishing those who ultimately have no use of the data.
From my point of view, the EU GDPR was a good idea, but unfortunately it missed the target again due to the ignorance of the decision-makers. If people from the hosting sector or smaller and larger website operators had been brought on board, a more intelligent and everyday solution would have come out.
More on this: EU data protection for bloggers
Jens has been running the blog since 2012. He appears as Sir Apfelot for his readers and helps them with problems of a technical nature. In his free time he drives electric unicycles, takes photos (preferably with his iPhone, of course), climbs around in the Hessian mountains or hikes with the family. His articles deal with Apple products, news from the world of drones or solutions for current bugs.
Did you like the article and did the instructions on the blog help you? Then I would be happy if you the blog via a Steady Membership or at Patreon would support.