Hugo vs The General Data Protection regulations (GDPR) in EU (EEA)


Very useful article about publishers that use Google products:

Also here is Google’s own Cookie Choices website updated for the GDPR with advice for website admins that use Google products.


Interesting development on the user side. Google recently made it easier to view and delete your activity on their services.


For YouTube I am considering something like this:

There is a link to the tutorial to create it on that page (which just has the examples).

Essentially, only load it when user clicks. The play icon overlay can be adapted to provide a notice as well like the duck duck go example @onedrawingperday posted, but esssentially much more simple. It can also be adapted also for the no cookie version that you have made.


@Jonathan_Griffin I am aware of this technique and tested it.

It can be adapted in two ways.

  1. Create the notice that you mentioned and if a user agrees to YouTube’s goodies then play the video directly from within a Hugo site.
  2. Turn the embed into a fancy hyperlink that plays the video directly on YouTube’s website.

I am a fan of the second option.

Let Google gather user consent on its own for its properties.

Don’t turn yourself into Google’s middleman to gain user consent for its data collection practices and potentially expose yourself to liabilities under the GDPR.


I got an email from some person today. His name was mentioned in an article on the web. He wanted that name removed. The site was powered by Hugo, so he meant that it was my responsibility to get that deleted.


Sadly, there will always be more idiots coming along. Just tell him that you will pass along his contact details to everyone you know that uses Hugo and we will all endeavour to remove his details from the interweb :wink:


This is my first time to hear about so ridiculous logic on it.


Great read - tnx @bep


Just saw the brand new BBC consent banner.

Interesting choice of words in the banner:

“We and our partners also use cookies to ensure we show you advertising that is relevant to you. If you continue without changing your settings, we’ll assume that you are happy to receive all cookies on the BBC website.”

And then when one visits the Change Settings link lo and behold:

Everything is pre-ticked. LOL!

It’s kind of amazing how the BBC spent resources for building this mechanism presumably for the GDPR, but in reality it’s anything but compliant with the new regulation, since at least on the UK’s Information Commissioner’s Office it is stated explicitly that:

Consent requires a positive opt-in. Don’t use pre-ticked boxes or any other method of default consent.


Haha. Save that one for a rainy day then report them to the ICO :slight_smile:

As I think I said before, it is my belief that Google will also find themselves before the EU Court again with the assumptions that they’ve made in regard to GDPR.


I’m afraid Google can pretty much do what they like. If the EU lawyers get too stroppy Google can just say ‘we’ll just turn off Google search for anyone in Europe then …’ :wink:


Well, that hasn’t happened so far - they’ve been fined fairly heavily in the past and the current climate in regard to tech companies is much less favorable that in the past.

Still, we are drifting rather a long way off topic so we’d best curtail this discussion I think.


I just saw this and I just had to post it here:


Slightly more serious analysis and overview of GDPR in case anyone wants it. In particular, note the typically BBC approach of “Don’t Panic”, especially for small businesses.


That DDG disclaimer has actually been there for several years now. You probably just didn’t see it before because…cough…you had a cookie.

Speaking of which, does anyone have a GDPR cookie disclaimer pop-up blocker?


A slightly changed emphasis to this topic:

I just came across the new Hugo GDPR privacy settings and wondered whether it would be possible to have an automatically generated privacy policy document driven by the option settings.

This manually generated privacy policy page gives an idea of what I had in mind. It effectively lists the option settings and the consequences of the chosen options.


That’s a fun privacy policy! Here’s one of my favorites: Short and sweet. Problem with creating one generated by hugo is there’d need to be a generator to genererate the privacy policy generators. But some enterprising soul may make a theme component to tickle your fancy.


All the privacy settings are available to a template, but you would (currently) need to supply the “what” yourself.


Does that mean it’s more a theme framework enhancement than a Hugo enhancement?


A little of both, I would say. We have added a set of privacy settings to the core services. We should possibly consider adding (translatable) descriptions to those settings. So themes etc. can use those to simply create a policy page.