內容簡介
2022年1月,德國法院判決一名網站擁有者違反了GDPR,因使用嵌入式的 Google Fonts,未事先獲得用戶的同意即傳輸用戶的個人數據(IP地址),需支付 100 歐元的罰款。
什麼是嵌入式內容?
當從另一台服務器載入外部內容時,它被嵌入到網頁中以與托管網頁的服務器行為相同。
為什麼使用嵌入式內容違反 GDPR?
因為互聯網的工作方式。當瀏覽器(即電腦)請求文件(例如圖像或字體文件)時,服務器需要該電腦的IP地址才能返回內容。所有這些請求(包括 IP地址)都在所謂的 access.log 中記錄下來。
一旦這個IP地址離開了歐盟,你的網站就違反了 GDPR。
這個外掛能做什麼?
GDPRess掃描你的主頁以尋找第三方脚本(JS)和樣式表(CSS),並:
讓你下載或排除其下載,
分析樣式表以加載字體文件,下載並重寫樣式表使用本地副本,
確保你的網站前端使用每個腳本/樣式表的本地副本。
簡單來說,它確保不會向外部/嵌入式/第三方脚本和樣式表發送請求。
外掛標籤
開發者團隊
② 後台搜尋「GDPRess | Eliminate external requests to increase GDPR compliance」→ 直接安裝(推薦)
原文外掛簡介
In January, 2022 a German court ruled that a website owner was in breach of GDPR and should pay a € 100,- fine, because embedded Google Fonts were used, essentially transferring the user’s personal data (IP address) without the user’s prior consent.
What’s embedding?
When an external (i.e. loaded from another server, besides your own) resource is embedded into a webpage, it basically means that the resource behaves as if it’s loaded from the same server hosting the webpage.
Why is using embedded resources in breach of GDPR?
Because of the way the internet works. When a browser (i.e. computer) requests a file (e.g. an image or a font file), the server needs the IP address of that computer to send it back. All these requests (including the IP address) are logged in a so-called access.log.
Once this IP address leaves the European Union, your website is violating the GDPR.
What does this plugin do?
GDPRess scans your homepage for 3rd party scripts (JS) and stylesheets (CSS), and:
Allows you to download or exclude them from downloading,
Parses the stylesheets for loaded font files, downloads them, and rewrites the stylesheet to use the local copies,
Makes sure the local copies of each script/stylesheet are used in your site’s frontend.
In short, it makes sure no requests are made to external/embedded/3rd party scripts and stylesheets.
