This article summarizes all important facts about the EU-GDPR / EU-DSGVO compliant use of ASA1 and ASA2.
General questions regarding WordPress plugins and EU-GDPR
As an owner of a WordPress website, one must ensure that the plugins used are EU-GDPR / EU-DSGVO compliant. In this context, the following questions are in the spotlight:
- Does the plugin collect personal data of website visitors and if so, which?
- Where is this data stored?
- Does the plugin use external sources (e.g. scripts integrated via CDN)?
- Does the plugin use external services?
- Does the plugin generate cookies?
- Does the plugin track user behavior?
Questions regarding ASA1 and ASA2
These questions regarding ASA1 and ASA2 are answered below.
Question: Do ASA1 or ASA2 collect personal data from website visitors?
Q: Does ASA1 or ASA2 use external sources?
A: In the standard configuration, ASA1 and ASA2 use the product images from Amazon image servers. So when the products are displayed on your website, the product images are loaded from an Amazon server. When loading these images, the IP address of the website visitor is transmitted to the Amazon servers. This is not EU-GDPR / EU-DSGVO compliant.
In ASA2 the feature “Local Images” solves this issue. It downloads all external product images from the Amazon servers to your own server before the product is displayed to the user. Then only the local image URLs are used to display the product on your website. This will not transfer the IP address of visitors to external servers. This is EU-GDPR / EU-DSGVO compliant.
Learn more about the local image feature in this blog post: ASA2 update brings support for local images (EU-GDPR ready) and AMP.
The “Local Images” feature is currently only available in ASA2.
When using ASA1, the use of external image sources should therefore be noted in the data protection policy.
Q: Does ASA1 or ASA2 use external services such as Google Analytics?
Q: Does ASA1 or ASA2 generate cookies?
Q: Does ASA1 or ASA2 track user behavior, e.g. which product links are clicked?