GDPR problem with loading external source cdn.plyr.io

Hi @shehabulislam,

we noticed a problem that can make the plain usage of your plugin illegal in the European Union in terms of GDPR. The reason is that you are loading the player JS from an external CDN (cdn.plyr.io).

The website visitor has no chance to decline it: As soon as he enters the page with your plainly installed player, his browser connects to this external source. So the external CDN gets to know about the IP address and so on (that is “individual-related data” from the EU law’s point of view) of the page visitor. This is illegal in terms of the European Union’s GDPR law.

I know European Union might be far away from you but plenty of websites using your plugin now or hopefully in future are located in the EU and you put them all to the risk of getting a written warning with costs of some lawyers.

We had this problem before with an Open Street Map WordPress plugin that did load the map viewer JS from an external CDN, too. This plugin author realized the GDPR problem after we reported it to him and he simply put the JS file into his WordPress plugin itself instead of loading it from the external CDN. This really should be no performance or loading speed problem nowadays – your player JS currently is 112 kB in size.

I hope you realize the importance of this. There are other possibilities like putting your plugin’s videos behind a GDPR consent tool. But you really would make lifes of many (current and future) users (out of about a whole continent) of your plugin more safe or easier by just putting the JS into your plugin.

Would it be possible that you think about doing this? We know EU’s data protection laws often are annoying, especially for programmers in other parts of the world. But laws are laws and money to be paid to lawyers finding such GDPR violations is money. And just putting the JS into your plugin hopefully shouldn’t be such a problem.

We are looking forward to hear from you and thank you a lot for your work,
-doffine