Wondering if it might be worthwhile if we had a shared logo/message for stacks or themes etc that are ‘GDPR friendly’? Is obviously a big concern for folk so it might be good to add something like this to our websites - either against individual stacks/themes (if not all are gdpr friendly) or perhaps in our footers if they are all gdpr friendly.
Thoughts. And anyone any good at logos 
?
At the moment no one knows what constitutes GDPR compliance, particularly concerning CDN services and passing of isolated IP’s.
You will get a different answer from different people.
The only sure thing is that courts in the individual countries followed by a challenge and a ruling by the European court will ultimately set the rules. Until then the only view getting any public traction is that of the no win no fee data protection lawyers.
When such a binding court ruling exists I would be happy to make legal compliance statements on my site, until that point I feel that it would be crazy to do so.
But those that don’t use CDNs or link to remote services can surely say they are compliant (or ‘friendly’)? If everything out of the box just works with local files and is not making any calls to anywhere? A lot developers have been switching from using CDNs for this very reason.
Agree though that we would definitely need a shared understanding of what we consider to be compliance.
OK, just to play devils advocate and because that is my day job, here are a few thoughts:
A stack cannot be compliant or non-compliant, only a website can.
A stack that uses Google fonts is perfectly compliant if it is placed on a page after consent has been given.
Is a stack that just has the option to use a Google font labelled as compliant or non-compliant or do we have another logo for “can be GDPR compliant”?
Following on from the previous point, it follows that, for stacks that you can “surely say that they are compliant” would not have the option for users to make them non-compliant. This means no drop zones or styled text areas as users could drop non-compliant scripts in there.
While the idea in itself is certainly laudable in theory, should we really be encouraging users not to take responsibility and think carefully about the GDPR consequences of what they are building?
It is also certainly true that any badge or traffic light system is only effective if it has 100%% uptake and is regulated - back to my original point about the actual meaning of the law being determined.
That’s all fair enough. I was really suggesting the use of ‘GDPR friendly’ which would assure the user that out lf the box there is nothing in the stack/theme that makes these external calls. It’s not clear to the end user which stack does this at present without inspecting the code. Obviously if the user adds content that does this then that is on them and this would be made clear in the messaging.
Anyway, let’s leave it. I just thought it was a discussion worth having.
Thanks,Stuart