GDPR Compliance

  • Resolved beiert

    (@beiert)


    6 years, 7 months ago

    Hi there,

    i see 2 Problems according to the GDPR compliance

    1) There are three cookies caused by the plugin (name: api.instagram.com -urlgen, -csrftoken and -rur)

    2) Third-party requests to scontent.cdninstagram.com

    My customers would like to go on using the plugin. Do you plan to do something according to GDPR compliance?

    Greetz! ??

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author smashballoon

    (@smashballoon)

    Greetz @beiert!

    The plugin itself doesn’t set any cookies, the cookies you’re referring to are set by Instagram.com when you visit their website to log in. When using the button inside our plugin to get your Instagram “Access Token” we redirect you to the Instagram.com login page where you can log into your Instagram account on their website. Instagram then stores a cookie in your browser so that you stay logged into your Instagram account. These are only used when a WordPress admin uses the button inside our plugin to log into Instagram, and aren’t used on the front end of the website to collect data from users in any way. Without redirecting the user who is setting up the plugin to Instagram.com to log in it wouldn’t be possible to get an Instagram Access Token and so the plugin wouldn’t be able to function.

    Regarding making requests to scontent.cdninstagram.com, that is the Instagram CDN which stores the images in your Instagram feed. We simply load the images from the Instagram CDN in order to display them on your website. I’m not aware that this is in violation of GDPR. Do you have any resources which confirm this?

    Many thanks!

    John

    Thread Starter beiert

    (@beiert)

    Thank you for your answer.

    After checking again i agree with Point 1) cookies.

    Point 2) Third-party requests to scontent.cdninstagram.com
    I agree that this is not a violation by you. It might be a violation by instagram.

    In fact every page visitor generates a connection to the CDN of Instagram (scontent.cdninstagram.com)

    What we don’t know is the following:

    – Will instagram log the connections by every single page visitor
    – For how long is that data kept?
    – For what purpose is that data collected?

    It is the same discussion as we have now for google fonts. There the connection goes to the CDN of google.

    Without specific information by instagram, we can’t know if we need to ask for user consent or just ignore everything and assume it’s going to be alright. Which of course can’t happen. There is no information by instagram which is the problem.

    If you know more i would appreciate if you let us know. Thx!

    Plugin Author smashballoon

    (@smashballoon)

    Hey Beiert,

    We don’t know explicitly whether Instagram logs connections to their CDN or not – it’s almost impossible to get a response out of them about anything unfortunately. All they would be able to log is the IP address of the user loading the resource. With something like this I think it would just require communicating to the website user that a connection to a third-party service is being made – either next to the feed, or in the website terms. The programmatic alternative would be to not display the Instagram feed at all until the person viewing the website agrees to some kind of agreement. This seems excessive, and would also be required before loading any third-party script/service used on the site – such as Google Fonts.

    John

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘GDPR Compliance’ is closed to new replies.