GDPR Framework and Cloudflare?

  • Resolved Ate Up With Motor

    (@ate-up-with-motor)


    6 years, 6 months ago

    It appears that the GDPR Framework plugin is using content served by Cloudflare (the Select2 library, whatever that is). This seems like a useful plugin, but using third-party embedded content is kind of off-mission.

    Is any of the Cloudflare content front-end facing? I’m the only one who has legitimate access to the back end and I’m not an EU subject, so the third-party embeds are probably not an issue in that sense, but I’m trying to get rid of third-party content for GDPR compliance reasons. I don’t otherwise use Cloudflare and I really don’t want to have to sign a data processing agreement with them because some plugin backends don’t host their components locally.

Viewing 3 replies - 1 through 3 (of 3 total)

  • Hi there!

    Thanks for your post!

    No, select2 is not used anywhere in the front-end, it’s purely for the admin interface. I can make it a local component instead, that’s a small tweak.

    However, are you absolutely sure that you need to sign an agreement with a CDN in order to use code hosted by them?

    Thread Starter Ate Up With Motor

    (@ate-up-with-motor)

    I really don’t know! It’s a matter of concern, though. A CDN that serves third-party embedded content has access to user data on sites that use that content, because the CDN server logs the IP and probably the user agent data of devices that load the content.

    If a user is from the EU and visits a site that uses scripts, fonts, or other code served by a non-EU CDN, the CDN would seem to be in a position to collect or at least process personal information on EU citizens.

    Hmm, I’m not at all sure this is a problem, but it’s probably easiest to move the library away from the CDN.

    Thanks for your input! Will move this away in the next release.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘GDPR Framework and Cloudflare?’ is closed to new replies.