Not GDPR compliant.

Hi Larry,

Would you be able to elaborate on what you mean exactly? If possible, add a link to the German interpretation of GDPR you are referring to? This way, our legal team can have a look and get back to you.

Best regards,
Hannah
Cookiebot support

Hi there,

1. You are storing personal data (b.t.w. an IP address is considered personal data) in the cloud. So you are a data processor in the eyes of the GDPR (“DSGVO” in German) and there should be a Data Processing Agreement between you and the website owner (where your plugin is running) See https://gdpr.eu/what-is-data-processing-agreement/. So you should offer one (download from your site).

2. You are calling a javascript from an external site (external to the owner’s website), analog to Google Fonts (with the call to fonts.googleapis.com) [This is a no-go in Germany]. There is a wave of warnings (“Abmahnungen”) regarding Google Fonts in Germany.
See this link: https://complianz.io/google-fonts-and-gdpr-does-it-work/
You should ensure the javascript in question can be installed locally on the owner’s website to avoid any external call (thus avoiding transmission of the user’s IP address).

Best,
Larry

Hi Larry,

Thanks so much for elaborating!

1. We actually do have a DPA available and you can find this here: Can-you-issue-a-DPA-

2. All lot of the descriptions about the legal basis for Cookiebot CMP can be found in our privacy policy and DPA on our website. However, we would hate for you to have to dig through this information yourself. If you would love a more-to-the-point reply on the legal basis for the use of cloud-based services, we would love to provide you with more info. You can write to us via this link;

https://support.cookiebot.com/hc/en-us/requests/new

We aim to reply within 48 hours!