My new blog post might of interest to anyone running websites / developing apps for people in the UK:
-
My new blog post might of interest to anyone running websites / developing apps for people in the UK:
# An overview of the UK's updated laws on storing information in someone's terminal equipment, and accessing information stored in someone's terminal equipment
Catchy. But useful (I hope).
I must admit that - as you'll see towards the end - some of this baffles me.
An overview of the UK's updated laws on storing information in someone's terminal equipment, and accessing information stored in someone's terminal equipment
The UK’s law on storing information on someone’s terminal equipment, and accessing information stored in someone’s terminal equipment, has changed.
(decoded.legal)
-
My new blog post might of interest to anyone running websites / developing apps for people in the UK:
# An overview of the UK's updated laws on storing information in someone's terminal equipment, and accessing information stored in someone's terminal equipment
Catchy. But useful (I hope).
I must admit that - as you'll see towards the end - some of this baffles me.
An overview of the UK's updated laws on storing information in someone's terminal equipment, and accessing information stored in someone's terminal equipment
The UK’s law on storing information on someone’s terminal equipment, and accessing information stored in someone’s terminal equipment, has changed.
(decoded.legal)
You might be interested, in particular, in the ICO's examples relating to:
* third-party hosted fonts; and
* CSS (and other technologies) which adjust a site based on a user's preferences
which, the ICO asserts, require notice and the chance to object / opt-out.
-
My new blog post might of interest to anyone running websites / developing apps for people in the UK:
# An overview of the UK's updated laws on storing information in someone's terminal equipment, and accessing information stored in someone's terminal equipment
Catchy. But useful (I hope).
I must admit that - as you'll see towards the end - some of this baffles me.
An overview of the UK's updated laws on storing information in someone's terminal equipment, and accessing information stored in someone's terminal equipment
The UK’s law on storing information on someone’s terminal equipment, and accessing information stored in someone’s terminal equipment, has changed.
(decoded.legal)
@neil love how we've got ourselves into a situation where parliament wants half of the Internet to require uploading your ID card/likeness; but god forbid your PC downloads a FONT from a CDN without consent.
Led by donkeys, truly.
-
You might be interested, in particular, in the ICO's examples relating to:
* third-party hosted fonts; and
* CSS (and other technologies) which adjust a site based on a user's preferences
which, the ICO asserts, require notice and the chance to object / opt-out.
@neil What the hell?
That raises a *lot* of questions.
Third party fonts - so you are OK if the fonts are on the same web site as the html? Yes? How is it being third party a factor in the decision?
Also, if I ran my site though a CSS tool to make all the styles on all the elements explicit style="" tags, which I assume is quite possible to do, is that still covered? OK some things are tricky for anything dynamic. What of just inline <style> for the css, is that OK as in the page?
-
My new blog post might of interest to anyone running websites / developing apps for people in the UK:
# An overview of the UK's updated laws on storing information in someone's terminal equipment, and accessing information stored in someone's terminal equipment
Catchy. But useful (I hope).
I must admit that - as you'll see towards the end - some of this baffles me.
An overview of the UK's updated laws on storing information in someone's terminal equipment, and accessing information stored in someone's terminal equipment
The UK’s law on storing information on someone’s terminal equipment, and accessing information stored in someone’s terminal equipment, has changed.
(decoded.legal)
@neil I am forever glad that I've never once tried to keep track of a single [expletive] thing about anyone connecting to any of my sites. And I've recently started self-hosting fonts to avoid leaking data back to Google. I expect I need to have a little harder think about the commercial site, and double check a few things, but mostly, I'm glad I don't engage in surveillance capitalism.
-
My new blog post might of interest to anyone running websites / developing apps for people in the UK:
# An overview of the UK's updated laws on storing information in someone's terminal equipment, and accessing information stored in someone's terminal equipment
Catchy. But useful (I hope).
I must admit that - as you'll see towards the end - some of this baffles me.
An overview of the UK's updated laws on storing information in someone's terminal equipment, and accessing information stored in someone's terminal equipment
The UK’s law on storing information on someone’s terminal equipment, and accessing information stored in someone’s terminal equipment, has changed.
(decoded.legal)
@neil so somehow we're supposed to magically avoid gaining access to things like browser user agent strings, which are automatically sent with the request?
Given that makes it impossible to actually run any form of web server, we may as well just geoblock the whole of the UK, I guess
-
@neil so somehow we're supposed to magically avoid gaining access to things like browser user agent strings, which are automatically sent with the request?
Given that makes it impossible to actually run any form of web server, we may as well just geoblock the whole of the UK, I guess
> we're supposed to magically avoid gaining access to things like browser user agent strings, which are automatically sent with the request?
Unless an exemption applies, yes...
But an exemption may well apply, depending on use case.
-
You might be interested, in particular, in the ICO's examples relating to:
* third-party hosted fonts; and
* CSS (and other technologies) which adjust a site based on a user's preferences
which, the ICO asserts, require notice and the chance to object / opt-out.
@neil sorry what
-
You might be interested, in particular, in the ICO's examples relating to:
* third-party hosted fonts; and
* CSS (and other technologies) which adjust a site based on a user's preferences
which, the ICO asserts, require notice and the chance to object / opt-out.
@neil
Nuts! -
@neil What the hell?
That raises a *lot* of questions.
Third party fonts - so you are OK if the fonts are on the same web site as the html? Yes? How is it being third party a factor in the decision?
Also, if I ran my site though a CSS tool to make all the styles on all the elements explicit style="" tags, which I assume is quite possible to do, is that still covered? OK some things are tricky for anything dynamic. What of just inline <style> for the css, is that OK as in the page?
@revk @neil third party fonts are a potential problem because they leak information (google knows all the websites you visit that use their fonts)
Of course, Cloudflare knows (in great detail) all the websites you visit that use them too, but I imagine they're far too lawyered up for the ICO to bother even glancing at.
-
You might be interested, in particular, in the ICO's examples relating to:
* third-party hosted fonts; and
* CSS (and other technologies) which adjust a site based on a user's preferences
which, the ICO asserts, require notice and the chance to object / opt-out.
@neil over here (Germany specifically) third-party hosted fonts have been a regular topic, a few years back a court awarded someone damages for a site using Google Fonts without informing them.
The "adjust based on user preferences" part I would have thought the intent would be something like "you can store the preference (e.g. if the user uses an option on your site to increase font size), and if doing so leads to more stuff being loaded tell them" but it isn't really clear
-
@neil sorry what
@neil like, I understand that it's often an unhelpful cliche to assume that people writing legislation that governs technology have no idea how anything actually works, but sometimes...
-
@neil over here (Germany specifically) third-party hosted fonts have been a regular topic, a few years back a court awarded someone damages for a site using Google Fonts without informing them.
The "adjust based on user preferences" part I would have thought the intent would be something like "you can store the preference (e.g. if the user uses an option on your site to increase font size), and if doing so leads to more stuff being loaded tell them" but it isn't really clear
> over here (Germany specifically) third-party hosted fonts have been a regular topic, a few years back a court awarded someone damages for a site using Google Fonts without informing them.
And indeed that case is linked from the blogpost
-
> over here (Germany specifically) third-party hosted fonts have been a regular topic, a few years back a court awarded someone damages for a site using Google Fonts without informing them.
And indeed that case is linked from the blogpost
@neil ah sorry, missed that bit
-
You might be interested, in particular, in the ICO's examples relating to:
* third-party hosted fonts; and
* CSS (and other technologies) which adjust a site based on a user's preferences
which, the ICO asserts, require notice and the chance to object / opt-out.
@neil the CSS bit took me two readings to make sure I understood. (This is not about your writing, it's just that's a wild thing to put in a law)
Funny how I recently decided I should add a dark mode option to my personal website.
-
You might be interested, in particular, in the ICO's examples relating to:
* third-party hosted fonts; and
* CSS (and other technologies) which adjust a site based on a user's preferences
which, the ICO asserts, require notice and the chance to object / opt-out.
@neil Note the CSS thing explicitly says 'Detecting preferences on the subscriber's or user's operating system' - not about your choice within your webpage; so it's saying you can't detect that the preferences for the system are dark mode/huge font/big monitor and transmit that data to you as a provider without permission.
-
@neil Note the CSS thing explicitly says 'Detecting preferences on the subscriber's or user's operating system' - not about your choice within your webpage; so it's saying you can't detect that the preferences for the system are dark mode/huge font/big monitor and transmit that data to you as a provider without permission.
@penguin42 That is one possible interpretation, but not the only one.
-
You might be interested, in particular, in the ICO's examples relating to:
* third-party hosted fonts; and
* CSS (and other technologies) which adjust a site based on a user's preferences
which, the ICO asserts, require notice and the chance to object / opt-out.
@neil Is it possible they were intending to target third party fonts loaded via JS and accidentally went too broad?
-
@penguin42 That is one possible interpretation, but not the only one.
@penguin42 I say this because "detecting" does not appear in the legislation, but the legislation covers both storage and access to information stored.
Put another way, the ICO could be a lot clear in its example
-
> Another wrinkle, CSS and especially fonts, can come from other third parties.
The blogpost expressly addresses third party fonts!
