hugo/content/en/about/hugo-and-gdpr.md
Bjørn Erik Pedersen 98293eaa15 Squashed 'docs/' changes from 501c6e233..f59b3ab06
f59b3ab06 Fix typo in template lookup order
1e5536d6c Mutlilingual: Document "content directory per language" system (#509)
849a86048 Update index.md
0c24d229b Polish Hugo Next
a4c9b0ee2 Polish
bbec2c76e Some more in birthday post
fc9681e21 More on contributors
09fe3ea31 Some more on the birthday post
8da357240 Content and images for the 5th birthday blog post
fb45bb8dc Add draft for anniversary blog post
4666d0a18 Release 0.42.2
9b74d286a Merge branch 'temp422'
354e7b66b releaser: Add release notes to /docs for release of 0.42.2
57a617f34 releaser: Bump versions for release of 0.42.2
ccc3ac1b8 Update errorf.md
35706c21a Update errorf.md
1c0f35fd1 Update errorf.md
b6170774b Add syntax highlighting gallery links for Chroma
f91d9da47 Update usage.md
c9a8f0190 Improve theme components documentation
3c4e39ddd Release 0.42.1
b45eb453f Merge branch 'temp421'
c74682a10 releaser: Prepare repository for 0.43-DEV
321e07fa5 releaser: Add release notes to /docs for release of 0.42.1
7154271e0 releaser: Bump versions for release of 0.42.1
360d8244f Add link to Privacy Config
1f2454247 Fix typo
a8f5f994e Fix typo
d9f3f078c Update simple variants documentation (#500)
f5cfd44e0 Release 0.42
fe604b321 releaser: Prepare repository for 0.43-DEV
c3e5b3ca0 releaser: Add release notes to /docs for release of 0.42
3174d1b37 releaser: Bump versions for release of 0.42
48cc2d51f docs: Update theme documentation
1922fb1a6 docs: Remove some files now moved
d7e4c453a Merge commit 'b239595af5a9fc1fc9a1ccc666c3ab06ccc32f04'
c40964c1b tplimpl: Remove speakerdeck shortcode
081f8a0f9 tpl/strings: strings.RuneCount
828ea5f15 tpl: Add strings.Repeat
a6b9f654a Add a BlackFriday option for rel="noreferrer" on external links
edb786516 Add a BlackFriday option for rel="nofollow" on external links
e4374971f releaser: Prepare repository for 0.42-DEV

git-subtree-dir: docs
git-subtree-split: f59b3ab06f282c26bce07263c8be6672cf8f7969
2018-07-06 17:52:13 +02:00

4.1 KiB
Raw Blame History


title: Hugo and the General Data Protection Regulation (GDPR) linktitle: Hugo and GDPR description: About how to configure your Hugo site to meet the new regulations. date: 2018-05-25 layout: single keywords: ["GDPR", "Privacy", "Data Protection"] menu: docs: parent: "about" weight: 5 weight: 5 sections_weight: 5 draft: false aliases: [/privacy/,/gdpr/] toc: true

General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It became enforceable on 25 May 2018.

Hugo is a static site generator. By using Hugo you are already standing on very solid ground. Static HTML files on disk are much easier to reason about compared to server and database driven web sites.

But even static websites can integrate with external services, so from version 0.41, Hugo provides a Privacy Config that covers the relevant built-in templates.

Note that:

  • These settings have their defaults setting set to off, i.e. how it worked before Hugo 0.41. You must do your own evaluation of your site and apply the appropriate settings.
  • We will continue this work and improve this further in future Hugo versions.

All Privacy Settings

Below are all privacy settings and their default value. These settings need to be put in your site config (e.g. config.toml).

{{< code-toggle file="config">}} [privacy] [privacy.disqus] disable = false [privacy.googleAnalytics] disable = false respectDoNotTrack = false anonymizeIP = false useSessionStorage = false [privacy.instagram] disable = false simple = false [privacy.twitter] disable = false enableDNT = false simple = false [privacy.vimeo] disable = false simple = false [privacy.youtube] disable = false privacyEnhanced = false {{< /code-toggle >}}

Disable All Services

An example Privacy Config that disables all the relevant services in Hugo. With this configuration, the other settings will not matter.

{{< code-toggle file="config">}} [privacy] [privacy.disqus] disable = true [privacy.googleAnalytics] disable = true [privacy.instagram] disable = true [privacy.twitter] disable = true [privacy.vimeo] disable = true [privacy.youtube] disable = true {{< /code-toggle >}}

The Privacy Settings Explained

GoogleAnalytics

anonymizeIP
Enabling this will make it so the users' IP addresses are anonymized within Google Analytics.
respectDoNotTrack
Enabling this will make the GA templates respect the "Do Not Track" HTTP header.
useSessionStorage
Enabling this will disable the use of Cookies and use Session Storage to Store the GA Client ID.

Instagram

simple
If simple mode is enabled, a static and no-JS version of the Instagram image card will be built. Note that this only supports image cards and the image itself will be fetched from Instagram's servers.

Note: If you use the simple mode for Instagram and a site styled with Bootstrap 4, you may want to disable the inlines styles provided by Hugo:

{{< code-toggle file="config">}} [services] [services.instagram] disableInlineCSS = true {{< /code-toggle >}}

Twitter

enableDNT
Enabling this for the twitter/tweet shortcode, the tweet and its embedded page on your site are not used for purposes that include personalized suggestions and personalized ads.
simple
If simple mode is enabled, a static and no-JS version of a tweet will be built.

Note: If you use the simple mode for Twitter, you may want to disable the inlines styles provided by Hugo:

{{< code-toggle file="config">}} [services] [services.twitter] disableInlineCSS = true {{< /code-toggle >}}

YouTube

privacyEnhanced
When you turn on privacy-enhanced mode, YouTube wont store information about visitors on your website unless the user plays the embedded video.

Vimeo

simple
If simple mode is enabled, the video thumbnail is fetched from Vimeo's servers and it is overlayed with a play button. If the user clicks to play the video, it will open in a new tab directly on Vimeo's website.