Content Delivery Networks

Another frequently occurring category of services are so-called content delivery networks (CDN). Classic examples of CDNs include

• jQuery,

• jsDelivr,

• Cloudfront and

• Google Fonts.

Content delivery networks are networks of distributed servers that are used to deliver digital content (images, JavaScript files, CSS files, fonts, etc.) to users. For example, when an image is served through a CDN, the image is not loaded from your server, but from an external third-party server. The CDN providers receive the user's IP address during this server contact and usually collect other personal data such as location information and data about user activity.

This constitutes data processing or data transfer to third parties within the meaning of the GDPR and usually requires consent.

Problem with consent

Unfortunately, it usually does not make sense for CDNs to load the loaded files only with the user's consent. For example, consider a CDN that is used to load a font set:

If this font set were to be loaded only with the user's consent, then the website would look entirely different for users with and without consent, since without consent a fallback font set would have to be used.

This behavior is usually undesirable and even more serious for other loaded files (images, necessary JavaScript files).

Solution: Embed files locally

For this reason, from a data protection point of view, the only target-oriented solution is that the loaded files are stored locally on the user's own server and obtained from it. This has the advantage that there is no longer any server contact with the CDN provider and thus no personal data is passed on to third parties.

In addition, the corresponding services do not have to be mentioned further in the DSE or listed in the cookie banner, since no data is passed on to third parties.