applecuckoo
commented
1 year ago Hello there! Google Fonts has already said something about this, see https://github.com/google/fonts/issues/5463#issuecomment-1297422332.
Open smileBeda opened 1 year ago
applecuckoo
commented
1 year ago Hello there! Google Fonts has already said something about this, see https://github.com/google/fonts/issues/5463#issuecomment-1297422332.
smileBeda
commented
1 year ago Nah, that is not answering the question at hand here I think. The question really is, rawly formulated - who is lying? who is basing their statements on wrongful data?
Either google saves and tracks IPs and then the court ruling is justified, or it does not, and then the court rulings are based on hearsay at best.
I do generally understand google does NOT track, store or else use IP address. That is what they say in FAQ and what your linked reply says. So why does a court rule that google does track and store IPs and that it is illegal? Either they do, or they don't. Its as simple as that.
wp-entwickler-at
commented
1 year ago That's not the question concerning the GDPR! Important is the fact, that the website operator shares the IP without consent with Google! The court rule says (in German)
It is not mandatory that Google stores user data for getting problems with the GDPR. The problem is the data transfer to Google without consent! And even with consent it is a problematic area, because due to the GDPR you are not allowed to transfer data (IP & user agent of the browser) of kids, even with the consent of those kids!
It's not only because of the IP address. Due to the GDPR you need an Data Processing Agreement FROM Google for using Google Fonts. And you can bet that Google certainly does not give you that personalized agreement paper. See: "Virtually every business relies on third parties to process personal data. Whether it’s an email client, a cloud storage service, or website analytics software, you must have a data processing agreement with each of these services to achieve GDPR compliance."_ https://gdpr.eu/what-is-data-processing-agreement/
They don't lie! They only say, that they do not store the IP. But u get no assurance and no data processing agreement. So this is only an advertising promise. You can believe 'em or not. But they state, that they store the user agent and so on. So they do store data.
What things did not happen? If you use Google Fonts you provide Google with data from people who did not give consent to share their data with Google. Clearly a violation of the GDPR.
Look into the issues! We've talked about that topic many times!
smileBeda
commented
1 year ago None of those statements or tickets do actually answer the question. A question directed to the google GitHub and not WordPress. Which btw (WordPress.org) not only sends, but definitely stores ip addresses - which get used by forum mods to determine sockpuppeting/data skewing just as an example.
let’s not mix up wordpress and statements of people who are not Google legal reps with this.
i want to know if Google breaks gdpr, and if so, why isn’t google pursued, but the small time site owner (who probably has a server located in the USA or else, which by default logs not only ips (and stores them) but user agents, post and get queries, time of action and possibly more.
I want to know if google intends to take steps or does not (likely because they very well know if a court tries them, they would win the case, because it’s based on something no one with money would be possible to be tried for)
The very https://www.gdprsummary.com/ website itself has a cookie consent (enabling by default Google Analytics) which by what you say this wouldn’t be legal since a minor could be consenting to it, without any issue, and Google Analytics data is certainly not stored on the website owners server, but sent to google servers. And stored there. I can opt out. Not opt in. Because at the moment I reach that site from google search results my action is already logged in Google Analytics (as the “ga” url parameter will show you) Plus, as you say, remains the issue that a minor’s consent would be illegal either way. How’s gdpr website itself confirming I’m not a minor? That’s right, they can’t, and they don’t let me opt in, the only let me opt out.
so I don’t think it’s all so clear, certainly not by lots of non-legal and non-google official statements?
happy to be thought the better.
thanks!
applecuckoo
commented
1 year ago Pinging @davelab6 for an official explanation
wp-entwickler-at
commented
1 year ago If u drive too fast and don't get fined, did you break the law??? So even if you don't get fined you break laws. Mapped onto data protection: That's the case in Europe right now from nearly each and every big company and site owners. Till now no one really cares, but things are changing slowly.
I assume you are not from Europe or even Germany or Austria. Because we here in Europe/Germany/Austria have witnessed the legal problems of using google fonts. All the big media outlets and governmental internet sites have written about this:
And the big companies are losing big, slowly but steady. Like Facebook: https://noyb.eu/en/noyb-win-personalized-ads-facebook-instagram-and-whatsapp-declared-illegal
Google and website owners are joint controlelrs. See here: https://www.insideprivacy.com/international/european-union/cjeu-rules-that-facebook-and-website-operators-are-joint-controllers-if-the-website-embeds-facebooks-like-button/
Google would not win. But at present there are few legal decisions because the the judgement in data protection cases takes an eternally long time in Europe.
That's a private site, not an official or governmental one. A site from a private person who does things wrong. So what does this site prove?
Yeah, you THINK. But it is all clear. The GDPR is clear in the area of sharing data without consent. And it violates other data protection laws in Europe because of: "The CNIL came to the same conclusion in another case, according to which the additional measures taken by Google Analytics were not sufficient to exclude access by US security authorities."
The using of most of US-american internet services violates european data protection laws. We in Europe know that.
smileBeda
commented
1 year ago It is the same as well with this GDPR site: https://gdpr.eu Even worse, they offer "yes/no" and the do use GA, GOOGLE APIS fonts loaded in that website head.
Is this site also private, doing it wrong, and thus... where is the court here please? Or is this site perhaps just hiring better lawyers?
Please, with all due respect, also acknowledge that I am asking an official link, statement of google taking position to this fine issued, not WP Chit Chat or local newspapers (who obviously and historically have no idea what about they talk, they just gather details exactly shared by others, who heard and said something). No lawyer hired by WP yet has made a statement, and none of those people working at that project are lawyers.
I understand you like the GDPR (perhaps), I do not, specially not when it is foolish. I respect private, I am from a country that basically inveted that concept, yet, I would like a real, binding and official statement that can clear this all and for once.
Chats on WP, newspapers, and the likes are known to be the source for confusion, which then leads to "google does not comply with GDPR". Well, I want to see googles statement on this. I am not pretending to know how things work, I am asking an official statement to clarify it.
As my opening comment:
Does google intend to step in and make an announcement to clarify this? Does the German lawenforcment maybe need a nod to actually prove their accusations first? I find it disgusting that on one end we read it is "NOT" tracked, while on the other end folks get FINED for things that might not even be happening. And if they are happening, it would IMO be something to sort out with google, not with the webmaster.
PS:
Github is very versatile with formatting, so it can help to use quotation instead of headings, and less !!! or ??? also helps conveying a less aggressing tone.
If for you everything is clear, this is good. It is obviously not clear however, when one studies the source of the data we want to use, in this case, Google Fonts.
And I am not a lawyer to study the wicked EU laws, either.
That all said, I will not engage here anymore unless actual official voices make themselves heard. If that is not possible, so be it...
wp-entwickler-at
commented
1 year ago There are many! I mentioned them all! Again
"Repeated, mass and routine data transfers could in principle no longer be covered by consent."
It is! But it seems you don't want to accept it. Because of:
I understand you like the GDPR (perhaps), I do not, specially not when it is foolish.
- Weather you like it or not, using google fonts in Europe is in most cases not legal. Even with consent. That's a fact. Read the court rulings. Accept it.
I don't want to be monetarized. Not with consent and not without consent. I don't want my children's data to be turned into money. Data is the new oil, is the new gold. Why should any company make money out of my websurfing behavior? Why should I be tracked by companies?
So the GDPR is the opposite of wicked. It protects people, minors and their data.
I brought you articles, court rulings and links from the most famous person in data protection in Europe. Max Schrems. And his NGO noyb.eu. Max Schrems is the man. He is the person who is responsible for bringing down one of the most important agreements between the US and the EU: Safe harbour! See https://en.wikipedia.org/wiki/International_Safe_Harbor_Privacy_Principles Things he says is no "Chit chat". Court rulings are no "Chit Chat"
What do you expect? That google makes an address where they tell us, that using their services in Europe is not legal???
Do you really think that they would do that???
Google earns its money with advertising. With personal advertising. Personalized due to data collection from 3rd party sites around the globe (due to Google Analytics, Google Fonts and so on). To get a fairly accurate profile of you and your personality. We don't want that here in Europe. That's a difference in mentality.
And big companies like Google and Facebook are fighting against data protection. And lose. Lose big:
That will cost Facebook a fortune! Not beeing allowed to ad target you because the prohibition of data collection and data transfer between Facebook services (Instagram, FB, Whatsapp).
Well, I want to see googles statement on this.
- So what should Google do in your opinion? They got a legion of lawyers, they know exactly what's the case and still they remain silent.
That's a private site. Owned by a private company named Proton AG. You are free to register a domain official-gdpr.eu and host a blog. It still would not be a governmental website, even with the formal domain. So what point do you want to make? Yeah, violating the GDPR is illegal. But this is a relatively young law. And there is not enough law enforcement to handle the tiniest fish.
German court rules Google Fonts to be breaking GDPR and even ruled in some cases the webmasters have to pay fines/retributions when using google fonts. Mainly (or solely) based on the reasoning that Google is tracking, sending abroad and logging the website visitor IP Address. See example https://rewis.io/urteile/urteil/lhm-20-01-2022-3-o-1749320/
Google FAQ however clearly states (it could not be more clear):
IP addresses are not logged.Reference: https://developers.google.com/fonts/faq#what_does_using_the_google_fonts_api_mean_for_the_privacy_of_my_usersThe implications of this are huge. Potentially, a webmaster can be forced to pay hundreds of thousands of dollars fine - as far I understand based on a wrong assumption?!
Does google intend to step in and make an announcement to clarify this? Does the German lawenforcment maybe need a nod to actually prove their accusations first? I find it disgusting that on one end we read it is "NOT" tracked, while on the other end folks get FINED for things that might not even be happening. And if they are happening, it would IMO be something to sort out with google, not with the webmaster.
It would be nice to get some explanation on this huge discrepancy of statements.
Thanks.