15 Replies Latest reply on May 22, 2018 7:36 AM by Marianne Reuter

    GDPR compliance of Muse widgets?

    Marianne Reuter Level 1

      Hi there,

       

      since the European GDPR takes effect on May 25th all our websites should include the new privacy text. One item is whether there are any third party requests running from our websites. My client checked her site (done by me with Muse) and found 24 third party requests. Now the question is, are they GDPR compliant?

       

      The site of my client is www.petra-halfmann.de and here is the report from cookie-checker.com: Petra-halfmann.de uses 0 cookies - Cookie-checker.com

       

      Thank you in advance,

      Janne

        • 1. Re: GDPR compliance of Muse widgets?
          pziecina Level 7

          The regulations are NOT just for websites.

           

          You have posted your clients email address on the site, that means your client should comply with the regulations for any contacts she has received.

           

          As for the 24 3rd party requests, you will have to contact the receivers of those requests to ensure they are compliant. Also the simple fact that those requests are made via your clients site, also means that if any of those 24 3rd party requests require compliance, then your client will also have to ensure compliance is met by those 3rd party requests, as the requests are via your clients site, and that makes your client responsible.

          • 2. Re: GDPR compliance of Muse widgets?
            Marianne Reuter Level 1

            I know about the many other regulations, but this was not my question.

             

            My question is about the 3rd party requests. I don´t know what they are. Most links say http://museengine.parseapp.com/loader.js . I wonder what they are?

             

            Another link is http://musecdn.businesscatalyst.com/scripts/4.0/jquery-1.... which is clearly a Muse thing and another link is https://use.typekit.net/ik/8DBjsOxG0CQja9zOMmuCI8uOKGxgPv... which means that the request comes from Adobe.

             

            I hope someone with inside knowledge will help me soon!

             

            Thank you, Janne

            • 3. Re: GDPR compliance of Muse widgets?
              Marianne Reuter Level 1

              I still wait for an answer from Adobe!!

              • 4. Re: GDPR compliance of Muse widgets?
                ankushr40215001 Level 7

                Hey Marianne,

                 

                I am checking with our product team for your query.

                 

                Will update you with the received information shortly.

                 

                 

                Regards,

                Ankush

                • 5. Re: GDPR compliance of Muse widgets?
                  Ussnorway Adobe Community Professional

                  https://forums.adobe.com/people/Marianne+Reuter  wrote

                   

                  I know about the many other regulations, but this was not my question.

                   

                  My question is about the 3rd party requests. I don´t know what they are. Most links say http://museengine.parseapp.com/loader.js . I wonder what they are?

                   

                  Another link is http://musecdn.businesscatalyst.com/scripts/4.0/jquery-1.... which is clearly a Muse thing and another link is https://use.typekit.net/ik/8DBjsOxG0CQja9zOMmuCI8uOKGxgPv... which means that the request comes from Adobe.

                   

                  I hope someone with inside knowledge will help me soon!

                   

                  Thank you, Janne

                  museengine is a widget preloader file

                  the cdn is a script... "default fallback" in case the user has an old IE browser it will kick in and allow some part of the page to still load so they don't just get a blank page

                  and the typekit is looking for your lic to use that font... you can remove this by only using websafe fonts if you want it gone and you may need to refesh your site afterwards to clear it because you have a 3rd party host server

                   

                  the link that your 3rd party tool mised is the amazon links

                   

                  p.s, nice design mate!

                  • 6. Re: GDPR compliance of Muse widgets?
                    Marianne Reuter Level 1

                    Thx, Ussnorway for your approval and the helpful insight. … So it seems that the cdn script checks users´ browsers and should be mentioned in my privacy text? I wonder why Adobe doesn´t provide those default texts on their website.

                     

                    I detected the museengine parts. They come from a Musegrid widget. I already wrote to them but got no answer.

                     

                    I also wrote to Typekit and got no answer either. I found a privacy text on the web though and copied it.

                     

                    I guess we can´t help the GDPR requirements. But what really annoys me is the fact that those big companies like Adobe don´t care a **** to give their customers a helping hand in providing default privacy texts. It costs my precious working time to write to them all and beg for their declarations. And only a small percentage demean themselves to answer me. Adobe btw. isn´t amongst them!

                    • 7. Re: GDPR compliance of Muse widgets?
                      Marianne Reuter Level 1

                      Thx Ankush! Hopefully they listen to you ...

                      • 8. Re: GDPR compliance of Muse widgets?
                        Ussnorway Adobe Community Professional

                        https://forums.adobe.com/people/Marianne+Reuter  wrote

                         

                        and should be mentioned in my privacy text?

                         

                        I don't think so but I'm a coder that knows a little law not a lawyer that knows any code

                         

                        The host server (that holds the website files) gets a request from the users browser to load your page

                        Normally this request includes the browser id from the user i.e, I'm a firefox browser or I'm internet explorer 11 then the host server sends the files under the basic script

                         

                        However if the browser happens to be a very old browser OR refuses to tell the host server what it is then this fall back is what gets used... Because even if the browser is not known we do know that the older file types will work

                         

                        Imo this system doesn't breech the rules because it allows the user to hide their browser id and still get the files... Perhaps older versions that don't work as well but that is the price they pay to be anonymous

                         

                        p.s, I don't see how Adobe, you or I can talk about GDPR requirements when the new rules are so vague but I wasn't asked by the powers to give my advice... not that I would have been interested in such a pointless bugger up

                        1 person found this helpful
                        • 9. Re: GDPR compliance of Muse widgets?
                          Marianne Reuter Level 1

                          Thank you, Ussnorway – your coder insight really helps me a lot! So it seems the widget´s request gets the information from my host. And the fact that the host is collecting IP data, is already dealt with in common privacy texts. Sounds as if I don´t have to mention those other sources ...

                           

                          Still hoping to get an answer from Adobe as well, though ...

                          • 10. Re: GDPR compliance of Muse widgets?
                            pziecina Level 7

                            The GDPR requirerments are nothing to do with the browser, but all to do with what information is collected, stored and/or used by anything connected with your site, (3rd party or not) and as far as the EU regulations are concerned that is the responsibility of the site owner, who will refer any complaints to you as the site creator, and de-facto expert.

                             

                            If you are using any widgets, then the widget creators are the only ones who can tell you what steps they are/have taken in order to meet the regulations. No one is going to go through the entire code of a site you created just to check what is happening. The one good thing is that the html and css will not be passing on or storing any information, as this requires javascript or server-side code.

                            • 11. Re: GDPR compliance of Muse widgets?
                              Marianne Reuter Level 1

                              @piziecina: So to your opinion it´s the widget creators who should answer to it? And these are the ones who keep silent.

                               

                              Sorry, guys, but I am a designer, no coder and to me it seems that everyone tells me something else. Whom shall I believe? And neither Adobe nor Musegrid get back at me.

                               

                              Not the wiser,

                              Janne

                              • 12. Re: GDPR compliance of Muse widgets?
                                pziecina Level 7

                                Yes, the widgets are the main unknown when it comes to compliance, mainly because only the creators know what information they are collecting, or what they are doing to ensure any information collected is safe.

                                 

                                As I said, one could go through the javascript code but that would be an extremely long job, and one unlikely to be carried out by anyone else due to the time involved in doing so. Also if any of the widgets connect to a server that is supplying the information to your site is using server-side code to do so, then it is impossible for anyone to check what information is being collected, (by you or anyone else in this or any other forum) except by the owners of that/those servers, as server-side code cannot be examined in a browser.

                                • 13. Re: GDPR compliance of Muse widgets?
                                  Marianne Reuter Level 1

                                  I chatted with muse grid and they told me their widget doesn´t collect any data.

                                   

                                  So what remains is http://musecdn.businesscatalyst.com/scripts/4.0/jquery-1.8.3.min.js Anyone who can tell me something about?

                                   

                                  As for typekit I already found a text in the web that I´ll copy.

                                  • 14. Re: GDPR compliance of Muse widgets?
                                    pziecina Level 7

                                    JQuery is a javascript abstraction layer, that makes writting javascript easier, and it collects no data.

                                    • 15. Re: GDPR compliance of Muse widgets?
                                      Marianne Reuter Level 1

                                      Thank you, pziecina! I´ll tell this to my client and hope she is contented with this information.