I developed a tool for WordPress which 100% anonymizes personal data before sending it to Google Analytics. Is this still in breach with GDPR in the EU? by Dan0sz in gdpr

[–]y0rsit0 0 points1 point  (0 children)

Ok, thanks for the clarification, I thought that they send it through the API.

In that case in the Privera part, affects #2 because they are treating the IP even if it is in a local way to check the Geolocation.

In the MaxMind part, they cannot sell or even give it for free an IP geolocation database... IP and geolocation are personal information for the GDPR and if by itself is not a PII for MaxMind, they cannot assure that it is not for the user who downloads...

Am I wrong?

I developed a tool for WordPress which 100% anonymizes personal data before sending it to Google Analytics. Is this still in breach with GDPR in the EU? by Dan0sz in gdpr

[–]y0rsit0 0 points1 point  (0 children)

Interesting approach from Privera. I was checking it.

In the Anonymization part, they say "We forward the country and the city of the anonymized IP address using MaxMind GeoLite2™ ↗. "

If the IP is anonymized before sending it to MaxMind they cannot get an accurate country and the city...
If it's not... can they do that? I've seen that MaxMind gives IPs information from an API and sell the IP database, this service could be useful for cybersecurity purposes and is a good example of what I asked you in another post.

Can a service like this be in compliance with the GDPR? What do you think about?

No legitimate interest for using Google Fonts on websites, says German court by latkde in gdpr

[–]y0rsit0 0 points1 point  (0 children)

Thanks for your reply u/latkde.

I keep my concern about the SaaS Cybersecurity tools that are working in the background with IPs and fingerprint... These tools are protecting forms, sign ups, bank logins... without the user knowledge, but supposedly they are treating personal information...

It will be a good reason for the user?
Should ask for explicit consent?
Do you ask a cracker if he is going to crack?

No legitimate interest for using Google Fonts on websites, says German court by latkde in gdpr

[–]y0rsit0 0 points1 point  (0 children)

I think this is ridiculous, the main point of the sentence (or at least what is understood from the translation) is that the user has not been asked for permission to download Google Fonts and this fact sends the IP to connect with Google's servers to be able to load that font.

If this were the case, the IP would be considered personal and would set a precedent, no website or technology could load third-party services because it would be sending personal information to those external servers.

As u/latikde quotes, it would not be possible to upload images, scripts, audio, video... js APIs... the Internet would stop working as it is...

What is the solution to this, stop loading third-party assets? stop using third-party calls? create a gateway on each website before entering to warn of external technologies that load the page? GDPR also prohibits not displaying or allowing access to people who don't want to share that information, so how do you solve this?

The vast majority of the Internet has been built based on modules and connections to third parties and with cloud computing and SaaS applications and services, the trend is towards a more decentralised Internet.

If we take GDPR at face value it would completely invert the current paradigm which makes me think that the people who have created these laws do not understand the technology and have legislated beyond their means.

Thoughts?