No solution, alternative or response from Google.
3 Likes
@team Any response from you? Any solution to this topic direct from discourse?
3 Likes
As long as @Discourse may see no need for work in this topic, I did a bit research and found this: Legal Tools Plugin - plugin - Discourse Meta
@angus Is there any possibility, that you and your team can create a plugin for this topic too, to get a chance to use discourse as a community plattform in the EU if one set a foot outside the basic feature and uses Adsense, Stripe etc.?
2 Likes
Keep in mind that all customers of ours have a direct line of support, you can always email team@discourse.org for assistance
5 Likes
Iâm auditing websites for a EU data protection authority.
I noticed that when websites embed youtube videos, often times those websites make calls to doubleclick.net, which is Googleâs advertisement business.
We tell those websites to stop making these calls, because they mean usually:
- international data transfers of personal data without a legal basis
- lack of transparency and documentation despite legal requirement
- if youtube employs cookies or localstorage: lack of user consent required by ePrivacy directive.
You can check out how the court of justice of the EU employs Youtube on their website. Thatâs the minimum safeguard: Court of Justice of the European Union - curia
EDIT: Just checked â the current Youtube embed here on this page also causes calls to doubleclick.net when played.
5 Likes
So, for who is using the âcommunityâ edition, what are the options to be compliant with EU regulation?
The theme component linked earlier is not sufficient by any means. Even using third party frames itâs not really a solution as it doesnât allow the necessary fine-grained choice that should be provided.
This is something that has to be deeply integrated within discourse and, chats about EU minding its own business or not, itâs basically a good tool to allow control of its own data to every person. Itâs not something to just dismiss because only a part of the world is using it.
Edit to also add this:
Anything that OneBox provide that actually brings in further data manipulation/analysis should be asking for permission the first time as well. Even a simple popup that prevent the action after a message in which the user can choose to agree or not would suffice. Looking at the Reddit Enhanced Suite for example, when you expand a content that requires further access, the first time you are asked to confirm that you want to give permission for that.
To further clarify the importance of this topic. Itâs not much the matter of the owners of a forum being malicious or not. I assume that anyone that host a forum in 2023 is kind of a better person than the average 
but it takes only a single disgruntled user or someone who wants to cause trouble just because, to open a big can of worms for whoever is hosting the website and even reach the point of having fines to pay and the forum to close down.
8 Likes
Hi All,
I wanted to mention that we recently created a Meta guide covering Cookie Consent, GDPR, and Discourse that might be relevant to some of the discussions that were taking place here.
Specifically, this guide covers a few options for setting up Cookie Consent Banners along with other Content Manager Service Options, and how these can be implemented on a Discourse site.
If you have questions about any of the information covered in that guide, please let us know.
14 Likes
as a brit (with the server hosted over here too) im glad i dont need to deal with this
I donât know why you would not need to deal with compliance. 
4 Likes
i thought brexit wouldâve eliminated the GDPR
No, afraid not. It is very much still in play.
2 Likes
ffs, good job im moving the servers to 'merica soon
That wonât help either - as long as youâre serving users who are based in the EU, youâll need to follow GDPR. Your only way âoutâ is to block such users by IP address.
2 Likes
bloody gdpr
cant exactly block EU ips, as that means i will be blocking myself
i thought it didnt apply to âjust peopleâ though?
1 Like
The GDPR applies to everyone âin the European Unionâ, so even a US citizen visiting Madrid will be subject to the GDPR during their stay.
3 Likes
yeah, i meant that i thought that websites not owned by companies where exempt
Ah sorry, I misunderstood you.
Nope, theyâre not exempt.
3 Likes
less likely to be fined tho ryt?
These laws are there for a purpose. Itâs not about being fined or not, itâs about protecting people. If someone doesnât like people, thatâs all fine. Just donât offer services to them.
For comparison: http://chudbuds.lol
4 Likes
what can i do to comply with it tho? bc i dont want to block the whole EU