In this topic : https://wordpress.org/support/topic/reviews-rating-gdpr/ you said that the plugin is GDPR compliant, but as long as you call Google places API, how can it be compliant ? For example when you use Google maps in a website it is not compliant…
@sybilrondeau This plugin does not use any of the Google Maps display APIs and it is fully GDPR compliant.
GDPR is not about all communication, no matter what, it is specific and very well-defined. GDPR specifically covers user data and no user data is shared through the Places API.
Here is an example of the request URL:
Ok. thank you for your answer.
Have a good day.
@designextreme: But isn’t it the case that by integrating the external sources, the IP address of the site visitor is passed on to Google’s non-European servers without being asked (without opt-in)? The ECJ has stated in the past that the IP address of a website visitor is personal data that may not be passed on without being asked, see https://www.datenschutz.org/ip-adresse-datenschutz/#:~:text=The%20Europe%C3%A4ic%20Court%20(ECJ)%20has,it%20special%20protection%C3%BCtzt%20become%20m%C3%BCssen.
@schulhilfe There are no IP addresses passed to Google by this plugin. Data is collected by the server direct to Google’s Places API. You can see the data collected in Retrieved Data. No visitor data is ever exchanged at any time.
@designextreme thanks for your reply! 🙂 But I don’t quite understand this. As long as the option “avatar” is set to “true”, for example, the avatars of the reviewers are loaded via img src from the server of googleusercontent.com. And at that very moment, isn’t the visitor’s IP address transmitted to googleusercontent.com? To my knowledge this is exactly a DSGVO / GDPR specific problem. Especially for this there are workarounds with PHP proxy (see e.g. https://www.woltlab.com/community/thread/268348-dsgvo-einbindung-von-externen-bildern-erlaubt/).
- This reply was modified 6 months, 2 weeks ago by Raysn.
@schulhilfe If this is a particular concern to an owner of a website, the business icon can be removed or replaced [with a local image] and, similarly, the avatar image can be removed or replaced.
I have read through several articles on this subject. Even if the IP addresses are collected by hosts [that Google uses outside of the EU], they do not connect with any actual user information. I did see in the first article you posted, it regards standard server logs as “personal information”, but I cannot see how this is remotely practical, workable or enforceable.
The image URLs are identical no matter which website is hosting them, so this wouldn’t even be able to be brought together to provide a link to an individual.
The articles mention the linking of IP addresses to a user’s (or customer) data and so, if it’s just connecting to remotely hosted images – then there is none.
If this were the case, viewing any website outside of the EU would be have to banned because the server would immediately collect the IP and user-agent of any user. GDPR isn’t there to prevent all EU residents from browsing the web beyond its borders.
- This reply was modified 6 months, 2 weeks ago by Design Extreme. Reason: Corrected second paragraph
- The topic ‘RGPD’ is closed to new replies.