Not GDPR compliant due to including GoogleFonts #11648
Comments
|
See conversation at google/fonts#1495 |
|
This is on the radar of the WordPress Core Privacy team, who might be tracking it elsewhere. @allendav, should this issue here be closed in favour of some other one? |
|
I don't think using Google Fonts causes non-compliance, but IANAL. That said, the use of 3rd party fonts should be captured in WordPress core's privacy policy at a minimum. It isn't immediately clear if this only impacts post editor users or also site visitors. |
|
So far nobody knows what Google actually logs, for how long these logs are kept and how they are later used. There have been many inquiries but there is no official response that says "no we don't log IPs" or anything like that. |
|
Unless, I'm wrong. I think the Core Privacy Team decided that it's ok to use Google Fonts before 5.0. If not let's open a trac ticket as this code is in Core now. |
As you are closing this issue, will you create the trac ticket? Doing nothing and then simply closing tickets seems a bit disingenuous to me. Why should there be a need for a third-party dependency in a self-hosted WordPress installation? |
The point that @youknowriad is making is that the team in charge of assessing the GDPR-compliance of Gutenberg—and/or the rest of WP core—had approved the use of Google Fonts. That is grounds for considering this issue resolved, and it also means that any appeal of this decision should be made with the Core Privacy Team in a new issue. Moreover, since the code in question has landed in core WordPress as of WP 5.0, the Gutenberg repository is no longer the place for this discussion, but rather Core Trac. In short, it shouldn't be seen as disingenuous that the issue isn't automatically opened in Core Trac, since opening that issue means appealing a previous decision. You are welcome to do it. |
|
Well, except I was there for that discussion in Slack and it wasn't at all like you describe. There simply was no consensus to demand immediate removal as a pre-requisite for merging (which would have probably been ignored anyway, but that's a different issue). Certainly no finding of "everything's hunky-dory". |
|
FYI: |
|
After a recent discussion in #core-privacy I've moved this issue to Core Trac as it not only has Privacy implications but also Performance; Discussion - https://wordpress.slack.com/archives/C9695RJBW/p1549043771637800 |
|
Thanks for the update @garrett-eclipse |
|
Is it not worth making sure this isn't an issue in the plugin too? Privacy for all except those running the gutenberg plugin is still a problem |
Absolutely, but I would defer to the decision-making process in Core. Once core-46169 resolves, which ever resolutions are effected in Core should be so in the plugin as well. Until then, this issue isn't actionable, which is a major criterion for all issues in the Gutenberg repository. |
|
Für alle, die Interesse an der derzeitigen Rechtslage haben und auf dieses Ticket stoßen: Kurz: |
|
FYI - I posted an update on the Core ticket here; TLDR; Discussion via make/core points towards bundling fonts or system fonts. Once a discussion and decision is made by Gutenberg design lead(s) this should hopefully move forward. |
|
Update on the legal side of this topic, in short and English (german version below is a little bit more detailled)
GERMAN:
|
Google Fonts in Gutenberg-Code
gutenberg/lib/client-assets.php
Line 759 in f966780
Legal Problem - GDPR
Result
The text was updated successfully, but these errors were encountered: