-
-
We just have purchased and installed the Specular template.
On a fresh WordPress install, the page is now connecting to:
* Google APIs
* Google Static
* GravatarDomains:
fonts.googleapis.com
gravatar.com
gstatic.comHow can those connections be removed? We already tried setting fonts in typography options to not-google webfonts.
This is, beside the privacy ethic implications, also a major issue in terms of legal compliance with the EU General Data Protection Regulation (GDPR).
At the current state of making those connections and transmitting personal data (IP address) to non-EU services, it may be illegal to use your template in some countries and within particular institutional/organisational policies.
That’s why this is an very urgent matter. Please advice, thank you! -
Thanks for the reply,
but it would be good to have the option to disable the implemented scripts in the settings.
I estimate it won’t be a big task to provide the option on the template level. Exactly how it is noted as an example in the link you provided.
Providing this option will also improve the quality of your product.What about the gravatar script?
How can that be removed to avoid transmitting personal data (IP address) of users to a third party?And can you point me please to where in the template’s files and code those two scripts are implemented?
-
More issues regarding Google Fonts:
when going in the WP admin backend to the theme configuration, there is again connection to Google API established:This happens just when going to the codeless theme admin.
e.g.: https://DOMAIN.END/wp-admin/customize.php?theme=specular%2Fspecular&return=%2Fwp-admin%2Fthemes.phpURLs:
https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js?ver=1.6.26
https://fonts.googleapis.com/css?family=Open+Sans%3A400%2C500%2C600%2C700%7COpen+Sans%3A400%2C500%2C600%2C700&ver=6.5.5These must be removed — the EU GDPR legal framework clearly requires minimization.
Loading things in the background of a web administration interface just for admins is definitely not required.Art. 5 GDPR: Principles relating to processing of personal data
Personal data shall be:
[…]
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimization’);Link: https://gdpr.eu/article-5-how-to-process-personal-data/
Just having a font on the backend is not in line with the GDPR and can be considered illegal. It is not a “legitimate interest” and violates Art.5 c “limited to what is necessary”
Please do not force those web components by default on (often unaware) users. They are not “for free” but are part of a surveillance business model, and need to be avoided — also in terms of the whole EU countries legislation. Hosting fonts locally is no complicated thing, as can be easily done, also for your theme. It is just CSS.
I hope this helps to support your product to have a better EU GDPR compliance without the risk of legal issues for everyone of your clients who act in the role as data controller or even as contractor in terms of GDPR.
Please keep us updated about plans regarding the matter for a next update,
Thanks!
-
You must be logged in to reply to this topic.