Podmienenie statnych sluzieb akceptaciou podmienok 3. stran (napr. Google reCAPTCHA)


Ja osobne si myslim, ze aj keby nas UOOU mal rozhodnut o nesulade GA s GDPR na zaklade rozhodnuti z inych clenskych krajin EU, tak by aplikoval dvojaky meter (stat vs sukromne firmy), kde by len sucho skonstatoval, ze stat ma vynimku z GDPR alebo ze je vo verejnom zaujme, aby stat nadalej pouzival GA a na zaklade ziskanych dat mohol skvalitnovat sluzby pre nas vsetkych…

Cesky UOOU udelil pokutu MVCR.


A uz aj Dansko:

Relevantna cast:

On the basis of this review, the Danish Data Protection Agency concludes that the tool cannot, without more, be used lawfully. Lawful use requires the implementation of supplementary measures in addition to the settings provided by Google.

Organisations in Denmark that use Google Analytics must therefore assess whether their possible continued use of the tool takes place in compliance with data protection law. If this is not the case, the organisation must either bring its use of the tool into compliance, or, if necessary, discontinue using the tool.


Riešenie je už blízko → Private Access Tokens

Vysvetlenie tu Replace CAPTCHAs with Private Access Tokens - WWDC22 - Videos - Apple Developer

1 Like

Relevantna cast:

Does Google reCAPTCHA Require Consent?

Yes, according to the French data protection authority, Google reCAPTCHA requires consent. This is because Google reCAPTCHA cookies collect information about a user’s device and browser and transfer that information to Google.
Because this data processing is not “strictly necessary” for providing login authentication, Google reCAPTCHA cookies require consent.

Isn’t Google Responsible for reCAPTCHA?

No, Google is not responsible for how website owners use reCAPTCHA.
The CNIL found that the app or website owner using reCAPTCHA is responsible for getting consent and providing information. Google also states that reCAPTCHA users have these responsibilities.
Generally speaking, you cannot outsource your GDPR compliance obligations—you are accountable for any activities of data processors working on your behalf.



1 Like