Themis Theodoridis

Hi again Mr. Jan,

As I can see in Cloudflare’s GDPR Compliance page (https://www.cloudflare.com/trust-hub/gdpr/), the SCCs, including supplementary measures as necessary,?are contained in their standard DPA, which is incorporated by reference into their Self-Serve Subscription Agreement,which has to be agreed during Sign up, therefore, no action is required to ensure that the appropriate cross-border data transfer mechanisms are in place.

With that in mind I assume that in Real Cookie Banner in the General service configuration > Special treatment for unsafe countries, both options
‘I have concluded standard contractual clauses with the provider’
and
‘Provider is self-certified in accordance with the Trans-Atlantic Data Privacy Framework for secure data processing in the USA’
have to be selected? (maybe by Default in the Cloudflare Template? I can’t check because I have the free version of Real Cookie Banner??).

All in all, thank you so much for the valuable information provided, I appreciate the effort to answer comprehensively with such an amount of detail. You’re awesome!!

Best regards,
Themis Theodoridis

Hi Mr. Jan,

I hope this message finds you well. I wanted to bring to your attention some developments regarding GDPR compliance and the use of Cloudflare that I believe may have an influence on the topic discussed.

On July 10, 2023, the European Commission adopted a new agreement on data transfer between the European Union and the United States, which officially came into force on July 11, 2023. This agreement aims to ensure an adequate level of protection for personal data transferred from the EU to US companies, similar to the protection within the EU itself.

Link: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/eu-us-data-transfers_en

Given this significant update, it seems that Cloudflare’s compliance with GDPR may have shifted. This article I’ve come across:

https://www.managedserver.eu/cloudflare-and-gdpr-how-things-stand/

suggests that Cloudflare is now to be understood as compliant with GDPR regulations due to this new agreement. This contrasts with previous concerns raised about the potential risks to visitor data when using Cloudflare as a reverse proxy.

This aligns with Part 1 of Article 45 of the GDPR:

https://gdpr-info.eu/art-45-gdpr/

which states that transfers to a third country that ensures an adequate level of protection shall not require any specific authorization.

I wanted to reach out to you to get your perspective on these. Considering this new agreement, its alignment with Article 45 of the GDPR, and its implications for GDPR compliance, do you believe your previous recommendations regarding the use of Cloudflare remain the same? Have these developments influenced your stance on the matter? Do the above mean that the necessary cookies for Cloudflare CDN to function if I use it in my website intentionally are to be considered essential and do not require user consent?

Your insights would be greatly appreciated. Thank you for taking the time to consider this.

Best regards,
Themis Theodoridis

• This reply was modified 7 months ago by Themis Theodoridis.
• This reply was modified 7 months ago by Themis Theodoridis.

Hello Mr. Lucian Padureanu,

Thank you for your continued assistance.

I appreciate your efforts in locating the strings within the .pot file and confirming their presence. As mentioned earlier, I indeed used the .pot file to create the .po and .mo files for translation manually using Poedit. However, despite these translations being present in the .po/.mo files, they do not seem to reflect in the plugin interface. Check here:

https://prnt.sc/KKckl8dy7dTv

Furthermore, I did check the plugin Loco Translate, which indicates that the WP 2FA Plugin is already 100% translated into Greek. Despite this, the specific strings in question remain untranslated within the plugin interface.

https://prnt.sc/9dRPcvUfe4RW

Given that these translations exist within the files and have been confirmed by both Poedit and Loco Translate, it appears there might be an issue with how the plugin is handling these translations or something else that I am missing. I would greatly appreciate any further assistance or insights you may have to resolve this matter.

Thank you once again for your help,
Themis Theodoridis

Hello Mr. Lucian Padureanu,

Thank you for your swift response and willingness to assist!

To provide further clarity, the code occurrences of the untranslated strings are as follows:

1. “default-text-code-page”:
   Located in includes/classes/class-wp2fa.php at lines 100, 108, and 109.
2. “default-backup-code-page”:
   Located in includes/classes/class-wp2fa.php at line 111.

As for the plugin interface, these strings are visible in the WordPress Settings menu, within the White Labeling Tab, in the sections for the 2FA code page text and the Backup code page text.

I’ve been handling the translations manually using Poedit, generating the wp-2fa-el.po and wp-2fa-el.mo files. These translation files have been placed in both the wp-content/languages/plugins directory and the plugins/wp-2fa/languages directory.

Attached is a screenshot illustrating where these untranslated strings appear within the plugin interface for your reference.

https://ibb.co/kD12H5F

Thank you once again for your assistance. I look forward to resolving this issue together.

Best regards,
Themis Theodoridis

• This reply was modified 7 months, 2 weeks ago by Themis Theodoridis.