Open r-ferrier opened 1 year ago
https://developers.google.com/youtube/terms/api-services-terms-of-service
https://decareto.com/en/embed-youtube-in-a-dsgvo-compliant-way/
Strictly speaking, information about the storage period of the data would also have to be provided, but unfortunately there is no clear statement from Google on this.
i vaguely remember there being a cookie-less youtube option but im damned if i can remember what it was or if its still a thing
Have started this and have written a draft policy here, based on the one on the trans dimension: https://github.com/geeksforsocialchange/gfsc-v3/tree/feat/250-add-privacy-policy
HOWEVER have run into an unfortunate barrier: spotify embeds do not conform to this policy. Users must consent to the use of analytics cookies before we can show them. We also currently say that we collect anonymous data using plausible analytics (nbot sure if this is true) but if it is true, even if it is anonymous, AFAIK we still need to ask for visitors consent to collect this. I will raise a new issue about these things.
New issue here: https://github.com/geeksforsocialchange/gfsc-v3/issues/287
@aaaaargZombies @ivan-kocienski-gfsc @katjam any thoughts on the above?
Seems okay to me (but I am not a legal person so...)
Perhaps change the email address from Kim's ?
alas, it's definitely not ok - have linked to the regulations in the issue I mentioned in the comment above.
There's a lot of detail in there but the headline info for cookies is:
This means that if you use cookies you must:
say what cookies will be set; explain what the cookies will do; and obtain consent to store cookies on devices.
Have made a proposal for dealing with cookies on the website and this will remain blocked until this is agreed on and https://github.com/geeksforsocialchange/gfsc-v3/issues/287 is sorted out.
GFSC collects anonymous analytics data.
We sometimes use third party services for example Plausable Analytics, to gather statistical data about the use of gfsc.studio. That data isn't linked to you in any way.
We use Spotify to embed podcasts on our website. Spotify use cookies to gather analytics. Spotify privacy policy
We embed youtube iframes in blog posts and projects using youtube's 'privacy enhanced mode'. These load functional cookies required to run videos but do not gather data that can be linked to any actions you take on our site. Youtube API ToS
In connection with services offered through this site we may ask you to submit information such as your name and e-mail address. You are under no obligation to provide such information, however should you not provide such information we may not be able to offer you the following services:
GFSC may analyse and disclose statistics about the number of visitors to our website in order to describe our services to prospective partners, other reputable third parties and for other lawful purposes. These statistics do not include and personal or identifiable information about visitors.
GFSC may disclose personal information if required to do so by law or if it believes in good faith that such action is required by law.
GFSC contains links to other sites. GFSC is not responsible for the privacy policies or the content of such sites.
By using this site, you consent to the collection and use of this information by GFSC and to the GFSC privacy policy.
If you have any questions or concerns about your privacy when using our website, please contact us: kim@gfsc.studio
That draft looks good and much better than ignoring it. I agree with ivan though, we should probably move towards using a privacy@gfsc.studio or info@gfsc.studio address so that Kim is not a single point of responsibility.
Issue
What should this be? We need to audit the trans dim site - this should be more or less in line with what we want here? Can we use the same stuff? Check the differences & similarities
see #182