8 Comments

  1. Bradley Allen

    Thanks so much for the CSS which provides a temporary fix for the bug with social icons in Jetpack 6.6 — exactly what I was looking for!

    Report

  2. Vishwajeet Kumar

    Just updated my Jetpack to 6.6. I haven’t tried out their Assest CDN but definitely willing to give it a try. Thanks for sharing the update.

    Report

  3. Anh Tran

    I love the idea of assets CDN. It’s brilliant. Thanks for making it available for free!

    Report

    • ruth weizenbaum

      Voids GDPR :-(

      Report

      • Jeremy

        GDPR requires information to and consent of user before any request to CDN.

        Most CDN providers seem to disagree with your approach today: you can check CloudFlare or KeyCDN‘s documentation about this for example. Those companies offer Data Processing Agreements to help you as a site owner remain compliant.

        Automattic also offers Data Processing Agreements; you can request one by following the instructions here.

        It’s also worth noting that WordPress itself loads data from a CDN by default. This would make 30% of the web non-compliant with the GDPR if your statement above were true. This is discussed here:
        https://core.trac.wordpress.org/ticket/44001

        The ticket is still open. Don’t hesitate to chime in with your remarks if you’d like.

        Most Jetpack functions void GDPR, using Jetpack in EU is high legal risk.

        Jetpack was updated before the GDPR came into effect, and a few things were added to allow you to keep using the plugin and make sure your site remains compliant with the GDPR. You can read more about this here. Note that just like with every other plugin, there is no simple turn-key solution: you do need to take action on your site (like updating your privacy policy) when installing additional plugins that can deal with personal information on your site.
        You can also check Jetpack Privacy Center to learn more about all this and find links to the documents you may need.

        Report

  4. Jeremy

    GDPR requires information to and consent of user before any request to CDN.

    Most CDN providers seem to disagree with your approach today: you can check CloudFlare or KeyCDN‘s documentation about this for example. Those companies offer Data Processing Agreements to help you as a site owner remain compliant.

    Automattic also offers Data Processing Agreements; you can request one by following the instructions here.

    It’s also worth noting that WordPress itself loads data from a CDN by default. This would make 30% of the web non-compliant with the GDPR if your statement above were true. This is discussed here:
    https://core.trac.wordpress.org/ticket/44001

    The ticket is still open. Don’t hesitate to chime in with your remarks if you’d like.

    Most Jetpack functions void GDPR, using Jetpack in EU is high legal risk.

    Jetpack was updated before the GDPR came into effect, and a few things were added to allow you to keep using the plugin and make sure your site remains compliant with the GDPR. You can read more about this here. Note that just like with every other plugin, there is no simple turn-key solution: you do need to take action on your site (like updating your privacy policy) when installing additional plugins that can deal with personal information on your site.
    You can also check Jetpack Privacy Center to learn more about all this and find links to the documents you may need.

    Report

    • ruth weizenbaum

      @Jeremy: Whataboutism won’t help. Jetpack out if the box is not GDPR compliant, period.

      There is no notification during installation that a) a data processing agreement is required and b) where it would be available and c) that it is mandatory.

      WordPress core does not use CDN by default, emojiscript is only included in very old subset of browsers, oembed is only used if embeds are published actively by user, which requires GDPR notifications and other data processing agreements anyway.

      Instead of censoring these impotant hints, better do some interviews with leading EU GDPR lawyers and publish the results.

      Report

      • Jeremy

        There is no notification during installation that a) a data processing agreement is required and b) where it would be available and c) that it is mandatory.

        We indeed do not display such notification on installation. We do, however, display information when you want to connect your site to WordPress.com: to do so you must agree to our Terms of Service and we inform you about the data that is shared with our service when connecting with WordPress.com. What you do from there is up to you, and will depend on your site, your readership, the features you use on that site, and the GDPR recommendations you may have received from an attorney in your country. We cannot give specific legal advice about your particular site of course, because we are not your attorney.

        Instead of censoring these impotant hints, better do some interviews with leading EU GDPR lawyers and publish the results.

        We published the results of our GDPR work in this blog post a few months ago.

        If your attorney disagrees with our approach, it’s indeed best if you do not use Jetpack on your site.

        Report

Comments are closed.

%d bloggers like this: