CDN not GDPR Compliant

cdn.trustindex.io …

Hello @peterharlander ,

Some of your options:
– hide reviewers’ photo (paid package features)
– merge photos of reviews (paid package features)

About the logs:
Your IP will transmitted to the USA, if you have used one of their edge location in the US. If you are browsing from (ie.:) Germany, your IP will listed in Frankfurt / Berlin / Düsseldorf / or in any of the german AWS edge locations

The problem of hosting locally:
– you can’t save reviewers’ photo to your own storage
– in some cases the same is the problem with logos

Benefits of using cdn:
– speed, response time
– possibility of using visitors’ browsing cache

(Otherwise, the new T&C is being prepared)

Let us know your thoughts.

CDN are not a general problem. The problem lies in the export of data to Amazon, a US company. From a data protection point of view, this export is only permitted with consent.

Obtaining consent with this tool makes no sense. "Do you want us to export your data to the US so you can see that we have 5 stars?" That question would be absurd.

I didn't load any reviews at all, but already reduced the tool to the view of the stars. Nevertheless, the javascript and the SVG of the stars were loaded via AWS.

I would be happy if I had an automatic update of the stars and if everything that is necessary for this in the frontend is loaded locally. (JS, Star SVG).

Best regards Peter

If you are (for example) in the EU, Your IP will appera in the egde locations located in the EU. The other question is whether service provider need these logs or not and where they store those logs. In our case, this is also in the EU.

Hi! I also would like to point out that we would at least have local images and js. We dont also see no need.

https://cdn.trustindex.io/assets/platform/Google/star/e.svg
https://cdn.trustindex.io/assets/platform/Google/star/f.svg
https://cdn.trustindex.io/assets/platform/Google/logo.svg
https://cdn.trustindex.io/loader.js?ver=6.0.3

We dont use the paid features. This would be a huge savings potential for the cdn costs…

Just pointed it out some month ago

https://www.ads-software.com/support/topic/stop-loading-from-cdn-2/

Thanks for considering it.

Hi there,
I have several customers, who wants to use this tool, but we can not use it, as long as it is not GDPR-compliant. There is

cdn.trustindex.io
ih3.googleusercontent.com

This calls are not allowed without the permission of the users. And I don′t understand why you can′t import the reviews. So you don′t need to have this calls at all. The discussion is in several items and it is everywhere set to solved. I don′t see it solved.

Could you please help? Thanks in advance
Best wishes
Bert

Hi @insich !

Why is it not GDPR compliant?
Here is more info on this topic:
https://www.trustindex.io/frequently-asked-questions/#what-about-gdpr

Trustindex

Hi @liditrudex

I am a lawyer specialized in marketing- and GDPR-topics.
I already tried to explain the facts in short in this thread that I opened.

I invite you to book a video call with me via my website marketingrecht.eu (Just scroll down ?? The advice is free as I would be happy to use your product which is not possible as long as it is not gdpr compliant.

Regards Peter

Hello @peterharlander and @insich,

Loading loader.js locally is not recommended, because with this you will miss the automatic update option, which comes in handy for bug fixes, new features, etc…

You can load the assets from your own server with custom CSS. (In this case, you will miss the auto update option, but perhaps this is not such a tragedy, because they very rarely need to change.

——-

But anyway, why don’t you write into your data protection page that you are using third party software?
In this specific case: your site uses Trustindex’s software to display reviews. This entails:
1) In order to provide the fastest possible service and response time, Trustindex uses a CDN network. In such cases, visitor IP address with a timestamp may end up in a temporary log for a few days.
About using these data:
– You don’t use it
– Trustindex only uses aggregated and anonymized data (without IP) for viewing statistics.
2) The profile photo of individual reviewers can also come from a CDN network. In such cases, visitor IP address with a timestamp may end up in a log file. This data is provided/managed by the review portal/service.

• This reply was modified 2 years ago by tomwolf. Reason: missed @insich

Dear @peterharlander and @datenchef and @insich :

We will also consider how to easily resolve this within the EU/country/customer’s server. (Keeping one eye on the speed and customer experience…)
The new software package will arrive this year, which takes the competition authorities and gdpr aspects into account more…

Hi all, I found this topic als loading from a 3rd party CDN is not feasable with my client.

I solved it by overwriting the HTML of the plugin’s shortcode HTML…

add_filter('do_shortcode_tag', function ( $output, $tag ) {

    if ( 'trustindex' === $tag ) {
        $output = str_replace('https://cdn.trustindex.io/assets/platform/Google/logo.svg', get_stylesheet_directory_uri() . '/assets/images/logo-google.svg', $output );

        $output = str_replace('https://cdn.trustindex.io/assets/platform/Google/icon.svg', get_stylesheet_directory_uri() . '/assets/images/logo-google-icon.svg', $output );$output = str_replace('https://cdn.trustindex.io/assets/platform/Google/logo.svg', get_stylesheet_directory_uri() . '/assets/images/logo-google.svg', $output );

        $output = str_replace('https://cdn.trustindex.io/assets/platform/Google/icon.svg', get_stylesheet_directory_uri() . '/assets/images/logo-google-icon.svg', $output );

        $output = str_replace('https://cdn.trustindex.io/assets/platform/Google/star/f.svg', get_stylesheet_directory_uri() . '/assets/images/review-start-f.svg', $output );

        $output = str_replace('https://cdn.trustindex.io/assets/platform/Google/star/e.svg', get_stylesheet_directory_uri() . '/assets/images/review-start-e.svg', $output );
	}
	return $output;
}, 10, 2);

And overwrite the CSS of the plugin so that the plugin’s CSS rule won’t be loaded.

div.ti-widget .source-Google .ti-star.f {
	background-image: url("assets/images/review-star-f.svg");
}

div.ti-widget .source-Google .ti-star.e {
	background-image: url("assets/images/review-star-e.svg");
}

div.ti-widget .source-Google .ti-review-header::after {
	background-image: url("assets/images/logo-google-icon.svg");
}

So I saved the files in my folder /assets/images/

• review-start-f.svg
• review-start-e.svg
• logo-google-icon.svg
• logo-google.svg

And it fixed that, but I really don’t understand why Trustindex won’t load it from the plugin. Yes, a CDN helps with delivering the assets faster and optimal, but that’s a concern if the website-builder themselfs.

WordPress itself and the Twenty* themes have also ofloaded their fonts from GoogleFonts.

The whole thing that it’s located and handled in the US is the issue. Germany and Austria law have already concluded that although organisations say that they comply to the GDPR, goverment bodies are not allowed to use for example Google or Microsoft products. (Please correct me if I’m wrong @peterharlander)

But as @tomwolfhun says, the new version will take in account the GDPR laws some more. Hope this is a part of the new version of the plugin take this all in account.

I wrote a post about this fix in the hope that people who want to fix it, can find it via Google https://jaimemartinez.nl/blog/2023/01/16/making-widgets-for-google-reviews-of-trustindex-a-bit-more-gdpr-compliant/

Kind regards,

Jaime Martinez

• This reply was modified 1 year, 10 months ago by jmslbam.

Hi @jmslbam !

We’re looking into this, but will come back to you soon!

Feel free to write us, if you need further assistance,

Trustindex

It would be urgent to solve this problem. Is there already a schedule for this? Currently, the Trustindex plugin cannot be used legally in Europe, because as far as I know, it is necessary to ask the user for permission before his data (even if it is only his IP) is transferred.

Hi @netzlodern !

We’ll have a solution soon!

Thanks for your patience!

Feel free to write us, if you need further assistance,

Trustindex

Hi @liditrudex .

That would be awesome! I really think your plugin and service is great and would be very happy if I could use the widgets legally. Thanks a lot in advance!