You could create a local copy of the theme via RW theme inspector, and afterwards adjust the theme to your needs (-> most probably inside the index.html of the theme content).
Referencing local copies of the libraries isn’t difficult.
You can ask 10 people and get 20 different opinions about that. Especially if you as guys from UK or Germany.
Mostly UK people say: You do not have to ask.
German people say: Oh no! Get away with all that remote calls.
People from the “borders of Europe”: Whats GDPR all about? Who are these guys in Brussel - forgetting that this regulations are covered by local government laws.
IMHO, you would have to “ask” the website user “first” before making “a single” CDN request. But that’s my opinion, not being a lawyer (coming from Germany, and knowing there are a lot of lawyers just awaiting the 25. May).
Just want to say for anyone passing by this thread… Foundation is good to go! The only thing that could be non-compliant is if you are using a Google Font. The theme has the power to use other fonts though. (Even though I think that this entire CDN debacle is absurd)
Just bought and released a web with Nicks Depth Theme and contacted him because of Google Fonts (the usual suspect) and Social Icons (from an unknown S3 server). Last was especially annoying because I didn’t use any of these “so called social” icons. I’ve now managed to load Google Fonts from my own server and my website is now GDPR compliant: https://ul-fluglehrer.de
If a theme Author doesn’t take GDPR into account, I won’t buy any themes. It’s that simple. @joeworkman: Ja I am using Foundation with basic Arial font settings (https://jakobssystems.net) and would like to use Google Fonts, but because you’re dynamically linking them with JS vars I have no chance to search and replace something. As feature request: Give us a switch or setting for offline google Fonts please.
UPDATE: just recieved an Mail from Nick: he will add a “no-load” font options and will address this in the next theme update!
UPDATE 2: And Joe, I forgot this discussion about CSP last year. You promised to add better CSP support in future Foundation releases, please do not forget us.
UPDATE 3: As urgent feature request for RW, enable hashing for inline scripts and styles please!
My understanding though is that an IP address can’t be used on its own to identify an individual. It can identify a machine that’s making the connection and the general geographic area, but without other info, I don’t see how it can identify that I was using it, rather than someone else in my house or office.
Therefore it seems to me that it doesn’t come under the umbrella of ‘personal data’.
In Europe IPs belongs to personal data like your name or address. And of course they can easily be put into context when other data from trackers or ads is available. Over time you receive the whole life with all desires and longings and secrets. Google Fonts as example. The Server-Logs of fonts.google.com are priceless.
I’m sure something similar will be coming for us in North America at some point but I hope they’ve ‘worked out the kinks’ by then. I feel for you poor b*stards and the headache this seems to be causing.
Basically a process of making themes more ‘self-contained’ and removing links / calls to external resources. Mostly it effects jQuery, Font Awesome icons, Bootstrap, UIKit, Flickr galleries, Google Web Fonts and a couple of other opensource libraries. I am making these changes as part of my ‘nothing external’ policy. As well as ensuring you don’t have anything to worry about with regards to GDPR, it also safeguards you against external libraries vanishing due to sudden API changes, political tensions (e.g. China blocking Google), technical issues or other unknowns etc. Keeping everything inside the theme simplifies things, which in-turn means we can promise a stronger and more reliable theme that will give you many, many years of flawless service. The original reasoning behind using CDNs is less relevant nowadays, hence this change in policy.
From what I’ve seen, most are taking a proactive approach. But a few have worryingly said they intend to do nothing and GDPR is not their problem! I think time will tell who is on the ball and who isn’t. Stack developers probably have the least amount to do. Some theme developers may have rather more to do. It depends really on where individual developers have been calling scripts / libraries in the past and if they are considering making changes going forward.
Yes, it is a lot of hard work and very time consuming to update these themes. So far the free designs are all done and the others are in the latter stages of completion. I’m mostly publishing updates on an ‘as requested’ (ask and you shall get) basis, because there are too many to release all in one session. Many of the themes are older designs from other developers, hence the need for rather more work doing to them.
Of course, the protracted update process does also throw-open other questions; like whether it is worth maintaining hundreds of demo sites or simply giving-out free demo versions and project files for people to download and play with. So the updates do form the basis for a wider business strategy / rethink.
Yep, I sent out Abstract this morning. Going to take it slowly as to not overwhelm the inbox of both users and myself, as well as to ensure things go smoothly in case I hit any bumps in the road while sending out updates. Once I’ve sent out updates for all of the currently available themes in the Elixir store I will make a blog post outlining the updates, as well as let people know how to manually retrieve updates in case they do not get an email for some reason.
This will be a long process though, so please everyone, hang in there with me as I send out updates as you will get a separate email for each theme you’ve purchased in the past.
No they do not. Certainly not in the UK and not according to GDPR.
The only thing you have to be concerned about with your website is personal and sensitive data. Personal data is data that can identify a specific living individual. I have had extensive conversations with the Information Commissioners Office (ICO) who regulates the GDPR in the UK. They stated that if an individual is not specifically identifiable from the data it is not personal data. The example the ICO cited was of a photo and stated a photo is not personal data because you cannot identify the individual without other data. An IP cannot identify a specific living individual without other data. If you are only supplying the IP then you are not processing personal data in the uk.
I do know that EU member states can add to the base GDPR legislation, so you would need to check with the regulators of GDPR in the EU country that you are hosting the website, but in the UK, sending IP’s to google or elsewhere with no other data that makes identifying an individual possible places your data outside the GDPR.