Streaming live at 10am (PST)

Type of jquery inclusion not EU-GDPR compliant


#1

Hi!

I found a legal problem, esp. for people with clients in the EU.

jquery is included from code.jquery.com:
<script src=“https://code.jquery.com/jquery-3.3.1.min.js” type=“text/javascript” …>

Therefore the server at code.jquery.com has access to the IP adresses of website visitors, which is personal data.
According to the EU-GDPR law website owners must tell visitors exactly who has access to their personal data and ensure their data does not get into more hands.
Sadly code.jquery.com does not have a privacy statement on their site nor are they listed on the privacy shield website https://www.privacyshield.gov/list
And webflow does not list jquery.com as a subprocessor on https://webflow.com/legal/subprocessors

Here is an article from a Swiss lawyer on exactly this topic:

They suggest simply using a different jquery hosting like Google Hosted Libraries, because they have a privacy statement and are listed on the privacy shield website.

Or even better: Upload jquery to uploads-ssl.webflow.com and include it from there.


#3

Hi @hedwig,

Thank you so much for getting in touch about code.jquery.com not having a privacy statement. :bowing_man:

Our team is now looking into a possible solution where we will have our own copy of jQuery.

Thanks again for brining this to our attention, and I’ll be happy to provide an update to the solution once it is available. :nerd_face:


closed #5

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.