Comments (4)
At the very least, disclosing this behaviour clearly in the README would allow developers who use this library to comply with the requirement to get informed consent from their users, as required by myriad privacy laws these days. At the moment it's just a hidden unpleasant surprise that this library sends analytics data.
from giphy-js.
@jbg Thanks for your feedback. Pingbacks are invaluable to maintaining and improving GIPHY products, so we donβt have plans to accommodate this request
from giphy-js.
I'm interested in creating a PR for the second part of this, i.e. disabling the pingbacks. Since I find the environment variable overly cumbersome, I'd like to implement a prop that can be passed to the individual components in order to control the pingbacks. I could also add a corresponding property for the fonts.
Furthermore, in the interest of Privacy by Design, I would like to make this an opt-in setting. Please let me know if you have any objections.
from giphy-js.
Despite not being a lawyer, I would like to add some context from the GDPR that I find relevant here. In Recital 47, which expands on the concept of "legitimate interests" that may justify collection of data without user's constent it says:
[3] At any rate the existence of a legitimate interest would need careful assessment including whether a data subject can reasonably expect at the time and in the context of the collection of the personal data that processing for that purpose may take place.Β
[4] The interests and fundamental rights of the data subject could in particular override the interest of the data controller where personal data are processed in circumstances where data subjects do not reasonably expect further processing.
I would argue that these components may be used in contexts where the collection of this data is not reasonably expectable*. Therefore, to comply with the GDPR, developers would have to be able to block these requests (or at least allow their users to disable them), which your decision makes impossible. I could see this forcing projects to re-implement these components on their own, which costs them time, will pobssibly result in a worse product and that might come back to damage your brand, e.g. if users see its name associated with a bad UI.
Again, I want to emphasize that I am not a lawyer. But neither are most developers and I can imagine that many of them, just like me, would rather be on the safe side and not risk violating the GDPR. This decision just forces them to not use this library.
More importantly though, I would agree with @jbg that the collection of data should be prominently disclosed in the README, as the current version might lead developers to accidentally and unknowingly violate the GDPR.
* Personally, I would even argue that it is never reasonably expectable that an app may collect data about me hovering over an HTML item, combined with a presumably unique user ID. ESPECIALLY if this data is being collected just for a 3rd party.
from giphy-js.
Related Issues (20)
- How to pick the format having only the id? HOT 3
- Gif does not support keypress event HOT 3
- At Grid component: "Warning: Can't perform a React state update on an unmounted component. This is a no-op, but it indicates a memory leak in your application. To fix, cancel all subscriptions and asynchronous tasks in the componentWillUnmount method." HOT 1
- Add support for AbortController HOT 1
- Why there is no 'clips' type? HOT 1
- Carousel does not pass noLink property HOT 1
- Giphy React Grid component is not working HOT 4
- Please upgrade to react18 HOT 5
- SearchBar component make search button optional HOT 2
- Giphy/react-components 5.13.0 corporate proxy issue HOT 1
- renderGrid gifs positions are not set properly in lit HOT 2
- Focused Gif is not visually emphasized HOT 4
- Remove Grid not working HOT 1
- `require` in ESM build HOT 2
- `SyntaxError: Named export 'appendGiphySDKRequestHeader' not found. The requested module '@giphy/js-util' is a CommonJS module, which may not support all module.exports as named exports.` HOT 2
- It is advised to avoid ship styled-components in the build bundle. HOT 5
- React logging errors similar to "React does not recognize the `isFirstLoad` prop on a DOM element." HOT 1
- Next.js build fails: "Module not found: Can't resolve 'styled-components'" HOT 2
- Security concern: qs vulnerable to Prototype Pollution
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from giphy-js.