[_o_]

You don't understand it. It is your site, your users. If you enable 3rd party illegal tracking of your users by ANY means, it is your responsability too. To cover your back, you need to sign a legally valid contract (or they need to send you conformation) that they respect GDPR and assess their way of doing it (at least in this early stages, as very often, they are just trying to workaround it, which puts you in danger) to be absolutely sure about them. Analyitics, ad providers, CDNs, SaaS... all of them.

Take it as, "I control the door to a bank vault, if I allow robbers in, I will be a complice to a crime as the crime couldn't be commited without your help". Negligence or direct intent, it can be costly. Assess your 3rd party sources very carefully, I have already removed GA and replaced them with local analytics (https://matomo.org/) as I can't trust them, they are trying to downplay GDPR and there is already a complaint written against them (https://noyb.eu not for GA though), and I have read the PDFs, they are right and quite objectively, they are guilty. I dont want to be in a same boat with them.

[Silhouette]

That is one possible interpretation, but like many things around the GDPR, it is not what the regulation literally says nor how the technology actually works in practice, so other reasonable interpretations are also possible. I am asking whether there is any official, authoritative guidance on this.

[_o_]

Look, GDPR is not about technical means, it is about a concept. If the ICO proves to you that you are conceptually violating the GDPR by enabling 3rd party to violate it and you don't have your back covered, you wont have much to defend you with. You need to have a proof that you have done everything in your power to defend your users right to privacy and you were cheated by 3rd party. This is why all the fuss about GDPR was in last 6 months, you can't downplay the concept as it isnt saying anything what "script" or "service" (or cookies as an ultimate abuse of "concept of law" and an example why GDPR was written this way) you can use or not, it is just talking about user right to privacy and for you as data contoller, it is your duty to defend it.

Yes there is a guidance, it is called GDPR, it is THE only guidance, just take the concepts, I can give you this link, it is the best I was able to find, it will help understand the GDPR, but for each and every site, owner needs to decide on its own: https://www.youtube.com/watch?v=-stjktAu-7k

[Silhouette]

Sorry, but it's not that simple. A lot of the fuss about the GDPR is because it introduces significant uncertainty combined with the potential for severe penalties if your interpretation differs from the regulators. It is not unreasonable to look for concrete, actionable guidance to reduce that uncertainty.

The modern web depends on embedding third party content for many reasons, most of which have nothing to do with invading anyone's privacy and many of which are directly in the visitor's interests. It is not helpful to undermine that whole ecosystem and expect everyone to start having formal contracts in place before they can take advantage of any of those services. Nor is it reasonable to expect services offered for free that aren't doing anything shady to take on significant liability and/or other commitments anyway through formal agreements with their users. Why would they do that, instead of just (as obviously quite a few places already have) geoblocking the EU to remove themselves from the scope of the onerous rules?

[_o_]

Silhuette, I am sorry, I have tryed to help you, thank others, maybe you/others will believe a lawyers in following months, but they wont be free. (And special thanks to HN, preventing me to answer with its policy of "answering too fast", I had an explanation for you, but I was unable to answer)

To the morons (no, it is not insult, it is empirical fact) downvoting me, it is not me, it is GDPR, face the reality, it is not my fault that you are too reluctant to understand it and biting people trying to help you out wont help. Downvoting me wont change GDPR or change anything, you will just loose a valuable source of information as you did just now. Go to the first psychiatrist and it will tell you that a reality will be as it is even if you close your eyes (or shoot the messenger =/).

Don't forget to upvote me, when you figure out I was right and you get a warning/fine.

[dang]

We've banned this account for breaking the site guidelines.

If you don't want to be banned, you're welcome to email hn@ycombinator.com and give us reason to believe that you'll follow the rules in the future.