|
|
|
|
|
|
by _o_
2944 days ago
|
|
|
Look, GDPR is not about technical means, it is about a concept. If the ICO proves to you that you are conceptually violating the GDPR by enabling 3rd party to violate it and you don't have your back covered, you wont have much to defend you with. You need to have a proof that you have done everything in your power to defend your users right to privacy and you were cheated by 3rd party. This is why all the fuss about GDPR was in last 6 months, you can't downplay the concept as it isnt saying anything what "script" or "service" (or cookies as an ultimate abuse of "concept of law" and an example why GDPR was written this way) you can use or not, it is just talking about user right to privacy and for you as data contoller, it is your duty to defend it. Yes there is a guidance, it is called GDPR, it is THE only guidance, just take the concepts, I can give you this link, it is the best I was able to find, it will help understand the GDPR, but for each and every site, owner needs to decide on its own: https://www.youtube.com/watch?v=-stjktAu-7k |
|
|
The modern web depends on embedding third party content for many reasons, most of which have nothing to do with invading anyone's privacy and many of which are directly in the visitor's interests. It is not helpful to undermine that whole ecosystem and expect everyone to start having formal contracts in place before they can take advantage of any of those services. Nor is it reasonable to expect services offered for free that aren't doing anything shady to take on significant liability and/or other commitments anyway through formal agreements with their users. Why would they do that, instead of just (as obviously quite a few places already have) geoblocking the EU to remove themselves from the scope of the onerous rules?