• Resolved austrohack

    (@austrohack)


    Hi guys,

    I use your awesome plugin on many websites. Unfortunately the GDPR laws are controlled more and more in the EU.

    When your plugin is used, it connects to https://translate.google.com/ the Google translation server without asking the visitor.

    It would be necessary, that it only connects to google, when the translation button is pressed.

    Could you please offer an update and when? It would be VERY important for all your users inside of the EU!!!

    Best regards

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author edo888

    (@edo888)

    Hi,

    Not sure what is the problem with connecting somewhere to load JS/CSS libraries. Can you clarify?

    Data is not transmitted for translation until you select a language and you can add some notification to clarify how the translation works on your website.

    Thanks! 🙂

    Thread Starter austrohack

    (@austrohack)

    Hi,

    the problem is, that Google grabs the IP address and the browser fingerprint, as soon as the connection is established. This is not allowed in the EU without permission of the visitor of the website.

    A good solution would be, to wait with the connection until the visitor clicks on the translation button. The best would be, if he gets a small notification when he clicks on the button, that a connection to google will be established with a second button in it, so a 2-click solution. And a gdpr checkbox in the backend for the people who don’t need it. Otherwise we will have to switch to another plugin on over 50 websites, where we use your plugin. This would be a nightmare for us, also because your plugin is the best for us.

    Please let’s find a solution for this problem!

    Plugin Author edo888

    (@edo888)

    Hi,

    I am really not sure, it seems extreme to me. If someone visits your website you are getting their IP address and may profile them for whatever reason it might be, firewall, logging requirements, etc. I do not believe you have to notify a visitor about it, it is how internet works.

    From what you are saying, it seems that no website in EU can use CDNs (content delivery networks), because they will get the IP and other data browser/client is sending when accessing the content. This does not seem to be true to me.

    Same here, we are loading js/css content from Google Translate server and it acts as a CDN until you select a language, in which case it sends the page content for translation. You probably need to have some disclosures about how the translations work on your website.

    If you use our paid version, it will not load js/css from Google servers, which seems to be what you are asking for. You can even disable automatic translations and no content will be sent to Google for translation and you can translate your content manually. Still the translated content flows through our servers and you probably will need to make some disclosures in your website’s privacy statement.

    I want to make it clear, I do not know if you are right or wrong interpreting the GDPR requirements, but one thing is sure that I’ll not make it a 2 step process in the free version as you suggest.

    Thanks! 🙂

    Thread Starter austrohack

    (@austrohack)

    You’re right, you are not allowed to use a CDN in the EU:

    By using a CDN I’m adding to the system a new third-party that will collect the IP and other metadata from my users. Obviously I can’t get consent from the user beforehand: when they hit the server it is already too late.

    Probably, users will get routed to a server close to them, but this is not guaranteed. I don’t know to which server they are going to connect. I don’t even know the country. It could be that a German user end up sending his IP, browser footprint, etc. to a server in Japan (unlikely but possible). Because I don’t know it, I can’t inform the user about it.

    The Only way to use a CDN or other third party services is by having a contract with the companies where they garuantee me, that they don’t save sensitive data of the visitors of my page. Google don’t offer such a contract.

    You told me, your paid version works differently?!? Where can I find information about your paid version and GDPR? Do you offer an agency plan? For shure I want to pay if you can offer me a version, that fits our requirements!

    Thanks! 🙂

    Thread Starter austrohack

    (@austrohack)

    I already talked to your support chat because of an agency plan. She told me, that you can’t offer us an individual solution and we would have to make an individual contract for all of our customers. This is not practical for us. 🙁

    Plugin Author edo888

    (@edo888)

    You’re right, you are not allowed to use a CDN in the EU:

    I am not saying that I am right here, I’m just saying that your statements lead to that, which is not the case, at least in practice. It also seems to mean, according to your interpretation, that nobody in Europe is allowed to access websites which are not hosted in Europe without consent, which is again something which does not fit in my brain.

    So if your main point is that you do not want to add third parties to your website, then non of our solutions is for you. Because Google is a third party in the free version and we are a third party service provider in the paid version.

    If you are OK with having a third party and just need a DPA, you can check here:
    free version – https://cloud.google.com/translate/data-usage & https://cloud.google.com/terms/data-processing-terms
    paid version – https://gtranslate.io/terms

    We do not offer agency plans. If you have further questions about the paid version, please direct it to our chat: https://gtranslate.io/#contact

    Thanks! 🙂

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘GDPR’ is closed to new replies.