DSGVO / GDPR problem with PayPal Express Checkout

Hello @aweissinpsyde,

we are using the PayPal Express Checkout functionality of your plugin. Unfortunately we see the following two external resources when your plugin and this function is activated:

– cdn.jsdelivr.net (“Bluebird” / bluebird.js)
– https://www.paypal.com (“Tagmanager” / pptm.js)

As you will know it is not GDPR compliant in the EU to load from such external sources without prior asking the user for consent.

To assure this we use one of the market leading plugins (Borlabs Cookie) to ask for the user’s consent.

But your plugin simply uses these external sources without us having any influence in it.

So our questions would be:

1. Why do you have to load bluebird.js from an external CDN. Couldn’t you simply integrate this file into the plugin package? To become GDPR compliant, exactly this has been done by another WP plugin author of an OSM plugin that previously used an external CDN to load a JS resource. Now the JS file comes from the plugin package itself and all is ok there.

2. You should make sure that using https://www.paypal.com as an external source is realized in a GDPR compliant way. Else the use of this function of your plugin is not legally compliant in the EU and you should point that out to the users.
What can you tell us about this? Will you integrate your plugin with tools like Borlabs Cookie or is there another way of using PayPal Express Checkout with you plugin in a legally compliant way in the EU?

Greetings,
-doffine