hugo/content/en/about/hugo-and-gdpr.md
Bjørn Erik Pedersen 9aec42c545 Squashed 'docs/' changes from 686c7b6eb..7ef2dbce4
7ef2dbce4 Cleanup RSS templates page
0e23d5e1a Fix multilingual permalinks example
b3c342b07 Update faq.md
f73109ae2 Regen CLI docs
ac6ee2027 Fix minor nitpicks (#2233)
f24fcffe1 Mention the Giscus comments system (#2234)
418fa981e Remove reference to Ghost migration tool
94a76df29 Adjust table layout
e263ad6b9 content: Fix typos
fd1eb26b5 Update featured image in digital.gov showcase
d3d946555 Correct directory description
bbe1dff56 Use sentence case for heading
acfa0be54 Add hosting provider fetch depth to GitInfo variables page
d78c427e6 Fix typo
751517fea Fix spelling mistake
cdd77aa9a Update content for v0.118.0
c77d09b1c Format netlify.toml
d5a6c4f51 netlify: Hugo 0.118.1
8c717301a Revert "netlify: Hugo 0.118.0"
a9b2ef5c2 netlify: Hugo 0.118.0
61959591c Merge commit '77b976dd92b4f66657d83d875aef0c617df492d9'
95f2029a1 docs: Regen docs helper
fd57ba960 markup/goldmark: Add CJK extension
2bfb3bf4c docshelper: Improve template lookup order descriptions
b0baa890e cache: Hide IsResourceDir from the exported config
b4b071ea0 docs: Replace docs.json with docs.yaml

git-subtree-dir: docs
git-subtree-split: 7ef2dbce4ad728d32c218761c6cfbe2f58f8da16
2023-09-24 11:54:45 +02:00

4.5 KiB
Raw Blame History

title linkTitle description layout keywords menu weight aliases toc
Hugo and the General Data Protection Regulation Hugo and the GDPR About how to configure your Hugo site to meet the new regulations. single
GDPR
Privacy
Data Protection
docs
parent weight
about 60
60
/privacy/
/gdpr/
true

General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It became enforceable on 25 May 2018.

Hugo is a static site generator. By using Hugo you are already standing on very solid ground. Static HTML files on disk are much easier to reason about compared to server and database driven web sites.

But even static websites can integrate with external services, so from version 0.41, Hugo provides a privacy configuration that covers the relevant built-in templates.

Note that:

  • These settings have their defaults setting set to off, i.e. how it worked before Hugo 0.41. You must do your own evaluation of your site and apply the appropriate settings.
  • These settings work with the internal templates. Some theme may contain custom templates for embedding services like Google Analytics. In that case these options have no effect.
  • We will continue this work and improve this further in future Hugo versions.

All privacy settings

Below are all privacy settings and their default value. These settings need to be put in your site configuration (e.g. hugo.toml).

{{< code-toggle file="hugo" >}} [privacy] [privacy.disqus] disable = false [privacy.googleAnalytics] disable = false respectDoNotTrack = false anonymizeIP = false useSessionStorage = false [privacy.instagram] disable = false simple = false [privacy.twitter] disable = false enableDNT = false simple = false [privacy.vimeo] disable = false enableDNT = false simple = false [privacy.youtube] disable = false privacyEnhanced = false {{< /code-toggle >}}

Disable all services

An example privacy configuration that disables all the relevant services in Hugo. With this configuration, the other settings will not matter.

{{< code-toggle file="hugo" >}} [privacy] [privacy.disqus] disable = true [privacy.googleAnalytics] disable = true [privacy.instagram] disable = true [privacy.twitter] disable = true [privacy.vimeo] disable = true [privacy.youtube] disable = true {{< /code-toggle >}}

The privacy settings explained

GoogleAnalytics

anonymizeIP
Enabling this will make it so the users' IP addresses are anonymized within Google Analytics.
respectDoNotTrack
Enabling this will make the GA templates respect the "Do Not Track" HTTP header.
useSessionStorage
Enabling this will disable the use of Cookies and use Session Storage to Store the GA Client ID.

{{% note %}} useSessionStorage is not supported when using Google Analytics v4 (gtag.js). {{% /note %}}

Instagram

simple
If simple mode is enabled, a static and no-JS version of the Instagram image card will be built. Note that this only supports image cards and the image itself will be fetched from Instagram's servers.

Note: If you use the simple mode for Instagram and a site styled with Bootstrap 4, you may want to disable the inline styles provided by Hugo:

{{< code-toggle file="hugo" >}} [services] [services.instagram] disableInlineCSS = true {{< /code-toggle >}}

Twitter

enableDNT
Enabling this for the twitter/tweet shortcode, the tweet and its embedded page on your site are not used for purposes that include personalized suggestions and personalized ads.
simple
If simple mode is enabled, a static and no-JS version of a tweet will be built.

Note: If you use the simple mode for Twitter, you may want to disable the inline styles provided by Hugo:

{{< code-toggle file="hugo" >}} [services] [services.twitter] disableInlineCSS = true {{< /code-toggle >}}

YouTube

privacyEnhanced
When you turn on privacy-enhanced mode, YouTube wont store information about visitors on your website unless the user plays the embedded video.

Vimeo

enableDNT
Enabling this for the vimeo shortcode, the Vimeo player will be blocked from tracking any session data, including all cookies and stats.
simple
If simple mode is enabled, the video thumbnail is fetched from Vimeo's servers and it is overlaid with a play button. If the user clicks to play the video, it will open in a new tab directly on Vimeo's website.