Yes, US CDNs are definitely illegal under GDPR. They've fined people before for ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

mminer237 on Nov 11, 2022 | parent | context | favorite | on: Shopify Is Illegal in Germany

Yes, US CDNs are definitely illegal under GDPR. They've fined people before for using Google Fonts' CDN because it transmitted residential EU residential IP addresses to someone within the reach of the US government. The law is that you have to have prior consent or it has to be necessary to take steps requested by the Data Subject. US CDNs are not considered necessary because an EU server could host those assets instead.

GDPR just has incredibly sparse, scattershot enforcement because of how disruptive complying with it would be to EU Internet users.

generationP on Nov 12, 2022 [–]

What about Github/Gitlab Pages?

mminer237 on Nov 14, 2022 | [–]

I mean, they're both US companies. Embedding assets from either would clearly be illegal. Arguably if your entire site is on one, accepting user's IP addresses might be considered necessary. I'm not sure a court has addressed that. (They might say you should use an EU host still.)

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact