Jens Oliver Meiert

Web Development and the GDPR

Post from August 31, 2018 (↻ September 25, 2020), filed under .

Who shares or presents code has a special responsibility, because for both the uninitiated and the quality-minded such code should be of a considerable standard. We’ve known this responsibility for ages, whether from ad networks with dubious pseudo-HTML code to social media companies with invalidating gadget code to frameworks and libraries and polyfills and shims with their sometimes “plug & play don’t care” approach to web development.

With the European General Data Protection Regulation (GDPR), this has become even more important.

Where formerly, one often also pointed to some third-party script or style sheet—e.g. or https://maxcdn.bootstrap­—, we’re now confronted with another problem in that such simple hot-linking resources is clearer than ever a privacy issue for: everyone.

Why is that? Because blindly referencing foreign-origin URLs (that is, embedding resources without any referrer policy in place) exposes referrer information to those foreign origins, and with that means a privacy hazard. This is especially true with organizations in countries with lax privacy provisions, and with script or style providers who live off data, like Google or Facebook.

As such, then, what formerly looked just user-friendly and innocent carries now even more weight. Not only be the ambition to offer quality code (and, per my own taste, also the most minimal code), but also to be less suggestive, and indeed perhaps quite a little less usable, when it comes to plug-in play privacy consequences.

Kosugi embed dialog on Google Fonts.

Figure: How easy it is to embed Kosugi. (Privacy? Alternatives?)

What should be done? Perhaps, as I suggested to Robert and Tim after a Google Developers Experts call, we could start with using local references in code samples, and providing the full URLs (and said privacy context) in footnotes. That might bring awareness and attention to the issue without making the samples unusable. Especially with huge enterprises like Google, any code sample comes off as a recommendation or even a best practice, and so Google and other major tech firms turning more mindful, and looking more closely at the matter of responsible code sharing, could set a great precedent.

About Me

Jens Oliver Meiert, on April 29, 2020.

I’m Jens Oliver Meiert, and I’m a web developer and author. I love trying things (sometimes involving philosophy, art, or adventure). Here on I share some of my views and experiences.

If you have a question or suggestion about what I write, please leave a comment or a message.

Read More

Have a look at the most popular posts, possibly including:

Cover: CSS Optimization Basics.

Perhaps my most relevant book: CSS Optimization Basics (2018). Writing CSS is a craft. As craftspeople we strive to write high quality CSS. In CSS Optimization Basics I lay out some of the most important aspects of such CSS. (Also available in a bundle with Upgrade Your HTML and The Web Development Glossary.)

Stay up-to-date? Follow me by feed or on Twitter.

Looking for a way to comment? Comments have been disabled, unfortunately.

Found a mistake? Email me,

You are here: HomeArchive2018 → Web Development and the GDPR

Last update: September 25, 2020

“Work is love made visible.”