> I am Claude, an AI assistant created by Anthropic. In this interface, I'm operating as "Junie," a helpful assistant designed to explore codebases and answer questions about projects. I'm built on Anthropic's large language model technology, specifically the Claude model family.
Jetbrains wider AI tools let you choose the model that gets used but as far as I can tell Junie doesn't. That said, it works great.
Generally speaking using any public CDN is not GDPR compliant. If you _could_ self host the files, then you can not meet the necessity test required for any of the relevant legal basis in GDPR art 6(1).
Google Fonts and FA are worse, because the personal data is shipped off wholesale to the USA. Neither FA or Google (for fonts) offers a data processing agreement that would make it legal to use.
> This ruling, should Google comply in the end, will not change anything. Google will store the data in the EU and that's it.
The US CLOUD Act allows US law enforcement to force Google to hand over data; even if that data is stored outside the USA.
It is highly likely that processing and storing analytics data only in the EU is not enough to "fix" Google's issue here, because the USA still has juristiction.
By its very nature, an analytics product must process personal data.
Personal data is "any information relating to an identifiable individual" (see GDPR art 4(1).
Your IP address, browser and OS (via user agent), the website you visited, the pages you visited, time of visit, the site you came from (via referrer) are all personal data.
If Plausible have put a US owned cloud provider in-front of their Hetzner infrastructure, even if for a legitimate purpose (CDN, DDoS prevention) then that is likely an unlawful transfer of personal data to the USA.
>> Your IP address, browser and OS (via user agent), the website you visited, the pages you visited, time of visit, the site you came from (via referrer) are all personal data.
No. These are all not considered PII. Only the IP address in this list definitely is.
All other information with a wholly anonymized user would be considered by most interpretations to be ok. Often it depends on the context and presence of other meta-data on whether something is PII or not.
“PII” is not a term the EU or UK GDPR recognises. It may have a specific meaning in American law; but the GDPR definition of personal data is significantly broader.
It certainly includes the items I listed; particularly when linked to an identifier like an IP address.
> As for the privacy laws regarding tracking IP addresses, it's not very clear whether it requires consent or not as the law is ambiguous. The IP itself alone can not be directly considered personally identifiable information (PII) as having an IP address only, can not define which real person is the data associated with.
"PII" has a specific meaning, in American law. Sites with references to it are likely not relevant to you, as you are based in Romania. The GDPR is crystal clear that IP addresses are personal data. There is no ambiguity. Depending on how you derive the hash of the IP and user agent, this could also be an "identifier" that may be personal data.
But! There are six different reasons you can legally process personal data. Consent is only one of them. It is quite likely that a website owner would have a valid legitimate interest basis for having analytics. This does not require consent from the user.
The only caveat to that; is that if the analytics needs a cookie (or local or session storage item) then you must seek consent for the cookie.
I wish it was this explicit, but it isn't. EU member states have all interpreted the regulation differently.
Making it harder to opt out than in is explicitly prohibited in the UK and Germany. It is perfectly legal in Italy. In Spain, it is legal to bury the opt out buttons at the end of a 50 page cookie policy.
Full compliance, across the whole of the EU, is exceptionally difficult.
> Which LLM are you?
> I am Claude, an AI assistant created by Anthropic. In this interface, I'm operating as "Junie," a helpful assistant designed to explore codebases and answer questions about projects. I'm built on Anthropic's large language model technology, specifically the Claude model family.
Jetbrains wider AI tools let you choose the model that gets used but as far as I can tell Junie doesn't. That said, it works great.