@barnez, that would only be fair as the end user of a wordpress install (no matter who hosts it) has no control over what data is collected and how by:
1) the hosting server (being IPs, Metrics, etc.)
2) the installed script (in this case WordPress)
3) the additional services provided by the WordPress platform (such as JetPack)
4) the 3rd party free or paid plugins
5) the 3rd party active theme
If the site owner was to develop a plugin or theme which performed data collection and installed it on their site, then I’d say sure! He must be the one responsible for complying with the GDPR… but short of that offloading responsibility on site owners when they use free or paid services to publish content is a nonsense equal to considering a hosting platform responsible for the content being published by a site owner.
Compliance is a burden on the entity providing the product and/or service.
It’s no different to the compliance which vehicle manufacturers needs to meet in order to bring a vehicle to market. It’s not the customer who must ensure compliance just because they purchased a vehicle and saying otherwise would be plain silly. It’d be at least as silly as holding responsible a vehicle manufacturer in the event a customer who purchased their vehicle broke one or multiple laws while operating or owning said vehicle.
What is most unfortunate and is creating more doubts and headaches than necessary is that the lawmaker who came up with the GDPR didn’t spell this out in clear terms as they were most certainly thinking to large corporations and companies who collect data, not the small business owners with a web presence, the hobbyist or soccer mom running a web blog and interacting with others via comment threads.
-
This reply was modified 6 years, 6 months ago by freakqnc.