All Questions
111
questions
6
votes
1
answer
2k
views
Is deciding to use google fonts the sort of decision that makes an entity a controller rather than a processor?
In ensuring GDPR compliance determining which entities are data controllers and which data processors is a critical step. The UK government says:
The UK GDPR defines a controller as:
the natural or ...
-1
votes
1
answer
117
views
Does GDPR or ePrivacy apply to localStorage data if they are not transmitted to the server?
Let's say we have a website is plainly static -- no user login, no third-party component, etc. The website uses localStorage for some very local purposes, such as remembering user's theme preference. ...
0
votes
1
answer
294
views
GDPR compliance - Font Awesome
I am building a simple website and therefore wanted to avoid worrying about GDPR compliance by simply not processing or tracking any user data.
However, when investigating my only third-party service &...
0
votes
1
answer
108
views
How to get user data from Foursquare/Swarm under GDPR?
Is there a way to download all my contributed check-in and reviews data from Foursquare/Swarm?
The foursquare.com doesn't seem to have a way to log in with the old foursquare/swarm credentials.
Isn't ...
0
votes
1
answer
158
views
Does GDPR require consent to collect non-personal information?
If a website never assigns a user a unique identifier, does the website need to get explicit consent from the user before collecting non-personal information?
Examples of non-personal information that ...
3
votes
2
answers
188
views
What rules determine jurisdiction on the internet?
It is in the news that Clearview AI has won an appeal against the UK Information Commissioner's Office (ICO). The reasons for judgment are here: Clearview AI Inc v The Information Commissioner [2023] ...
10
votes
5
answers
4k
views
Is scraping an iCal link legal?
TL;DR: my university says my app is illegal
Since our university doesn't have a mobile app to check our schedules, I created one that does the following:
Opens an embedded web browser (in app) and ...
1
vote
1
answer
115
views
Webhosts' legal obligations to remove publicly available content associated with specific IP addresses
Let's say one builds a website allowing users to post text content that is publicly available and searchable via the IP address of the users who submitted it. Would the owner of that website be ...
1
vote
2
answers
245
views
Is anyone who develops websites or webapps for clients legally responsible for what they are creating and all the gdpr obligations?
Suppose the case of a european (italian) web developer who, at the request of a client, creates a web platform for him from scratch (also with database, saving user’s data, ecc.). When putting the ...
10
votes
4
answers
5k
views
Do I need to present a GDPR banner to IP addresses outside of GDPR regions?
The context of my question comes from this comment:
The problem with solving GDPR compliance with country codes is, it is not in general sufficient to determine if a user is covered by the GDPR. The ...
1
vote
1
answer
430
views
Do I need a cookie policy/cookie consent on my website just because I use PayPal buttons?
I'm building a website, and the only third party element in it is a PayPal button I use for payments. The PayPal button opens a pop-up window which has its own cookie consent banner. Does that mean I ...
4
votes
1
answer
362
views
Do I violate the EU GDPR when I host a static website on Google?
To my knowledge IP addresses are considered personal data under the GDPR and thus may only be processed under one of several conditions (one being user consent). There has also been a verdict in a ...
4
votes
2
answers
2k
views
Under GDPR, does blurhash of a profile picture count as personal data
Suppose I have a web service where users can have a profile page with name and picture. Blurhash is a technology that allows me to create a significantly blurred representation of an image, as a ...
1
vote
1
answer
572
views
Why does Clearview AI get multimillion dollar fines while Pimeyes is allowed to operate freely?
Yesterday the UK has fined Clearview AI 7.5 million pounds for a string of breaches of local privacy laws. The main reason for the fine is that Clearview has never asked individuals whether it can use ...
2
votes
1
answer
183
views
GDPR - asking for consent indefinitely if respondent says no, until respondent say yes by exhaustion. Confirming choices allegedly forcing behaviour?
Under EU regulation, GDPR concerns dealing of personal data and describes the different parties that are responsible for handling those data.
While navigating on the internet, a pop-up is prompted ...