Thus, a data protection compliant use of Invoiceninja in Germany and probably also the rest of the EU is no longer possible.
Actually, I wanted to finally convert my v4, however, the new version will be denied me here and I have to look around again for a European solution, since v4 is probably no longer supported.
Alternatively, a version would have to come from you, which has exactly these CDNs, fonts and authoptions NOT integrated.
How do the developers see this problem and also the other European users?
Wouldn’t it be enough to notify the client of all the third party stuff, the data that is collected, and the reason for it, when they visit the portal, with a user consent pop up. Just make sure nothing of that is loaded before they accept it. If the don’t accept it, do not allow access.
The reason that case won is because it was done without user consent.
The only thing I can think of, that may be an issues is phantomjs cloud and hosted pdf. As those can be used before the user interacts with the app or has a chance to consent.
Although I’m all for hosting as much as possible locally.
We’re happy to do what we can to prevent IPs from being shared if possible. The framework we use only recently made it possible to host these files locally, if we’re in violation of GDPR we’ll obviously prioritize the work.
Hi,
it’s not only about the fonts but also the CDN from Apple and the Auth from Microsoft.
A warning is not enough, a tool that holds all my customer data should not connect to other services unless I want to integrate them.
I am well aware that the topic of data protection is a huge challenge for many developers, especially outside the EU. Unfortunately, we need to have this topic on the screen.
So at least Javascript is loaded with corresponding connections, which can already represent a violation since personal data is already transmitted here.