07-26-2018, 08:19 AM
Sorry to double post, but I got a little curious to know if Google reCaptcha is GDPR compliant or not.
A simple google search (hic) with "Is Google reCaptcha GDPR compliant?" doesn't result much. I have also used my Google dev login to search in the big G documentations and found absolutely no direct mention of GDPR. This is a big deal as Google collects information from each and every public search in its public engine and lets not get started with gmail and other products.
After some further searches and a lot of reading I found this discussion: https://law.stackexchange.com/questions/...rs-consent
The whole link is interesting, but this answer stands out:
I just hope that whoever has the power to make decision on this and other issues like payment, doesn't simple take the easy way out and put it on the bill of the mods who are actually volunteers and doing a great job out of their own kindness.
A simple google search (hic) with "Is Google reCaptcha GDPR compliant?" doesn't result much. I have also used my Google dev login to search in the big G documentations and found absolutely no direct mention of GDPR. This is a big deal as Google collects information from each and every public search in its public engine and lets not get started with gmail and other products.
After some further searches and a lot of reading I found this discussion: https://law.stackexchange.com/questions/...rs-consent
The whole link is interesting, but this answer stands out:
Quote:Quote:“From your perspective you should not worry about asking permission to use reCaptcha as it is not you who is processing the data it is google and any GDPR compliance falls on them.“
This is plain wrong. If a user visits your website you are the controller of data collected on your website. Regardless of what entity collects that data.
However in my non-legal opinion reCAPTCHA falls under Article 6 section 1d and 1f. Also Recital 49.
1d:
Quote:“processing is necessary in order to protect the vital interests of the data subject or of another natural person;”
While you could argue in some cases (most probably) reCAPTCHA is used to reduce spam to a business entity thus not a “natural person”.
1f:
Quote:“processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”
Here is where the real ruling applies “Legitimate interests”. You as a business have a legitimate interest in reducing spam into your business. Not only does spam take up your time but it also takes up your resources. As to the extent in which spam takes up is dependent on the usage in question. But nearly everyone can safely assume reducing spam (one of the cornerstones of the GDPR) is a legitimate interest.
Recital 49 (excerpt):
Quote:The processing of personal data to the extent strictly necessary and proportionate for the purposes of ensuring network and information security, i.e. the ability of a network or an information system to resist, at a given level of confidence, accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data, and the security of the related services offered by, or accessible via, those networks and systems, […] by providers of electronic communications networks and services and by providers of security technologies and services, constitutes a legitimate interest of the data controller concerned. This could, for example, include preventing unauthorised access to electronic communications networks and malicious code distribution and stopping ‘denial of service’ attacks and damage to computer and electronic communication systems.
I just hope that whoever has the power to make decision on this and other issues like payment, doesn't simple take the easy way out and put it on the bill of the mods who are actually volunteers and doing a great job out of their own kindness.
"All human judgement is uncertain. The errors of a judge, however innocently or unintentionally committed have consequences as serious as the crimes of others. Judging is a duty to be performed when it cannot be honourably avoided and never a privilege to be coveted."