Photonic, GDPR, 500px and Flickr + SmugMug

In the past few weeks there has been a fair bit of buzz around General Data Protection Regulation a.k.a. GDPR, an EU law on data protection and privacy. In my day job as a consultant I am quite familiar with GDPR, but what took me by surprise was a question on the support forum asking me if Photonic was GDPR compliant.

To answer that and related questions I decided to post this on my blog. I will, subsequently, include the relevant content from this in the next release of Photonic. So, let’s get this out of the way:

  1. Photonic is GDPR compliant.
  2. When you (the WordPress user) install and activate Photonic on your site no information is sent back to me (the developer) or to any website that I own. Additionally when you save your API keys and authentication tokens within Photonic none of that information is sent to me either. It all stays within your WordPress settings, inaccessible to anyone apart from a user with administrative privileges on your website.
  3. What about when visitors (the end users) visit your website? Let’s break this down:
    1. When you set up Photonic without back-end (server side) or front-end (client side) authentication, Photonic stores no information of the end users anywhere. In other words nothing is sent to you, the WordPress user or me, the developer. Also, no cookies are stored in the end users’ browsers.
    2. When you set up Photonic with back-end authentication, you save your access tokens within WordPress’ settings environment. This is used for technical purposes to retrieve your photos and display them on your website. Again, this is within your settings environment and none of the information is collected or sent to me.
    3. When you set up Photonic with front-end authentication, your end-users will have to log into Flickr / Google (Picasa) / SmugMug / 500px to see your private photos. In such a scenario a cookie is stored with the end users’ authentication in their browsers. This is required from a user-experience point of view so that the users don’t have to login each time they visit a new page on your website. Your end-users’ information and data is not sent to you and is not collected by Photonic for storing within your environment or for being sent elsewhere.

From the time I released version 1.65, three things have happened in the photography world which will impact Photonic in the long and short term:

  1. Facebook started clamping down on third party apps after Cambridge Analytica’s shenanigans. They had done this in the past with Instagram, and that caused a massive disruption for sites using the Instagram API. In fact, to date I haven’t been able to convince them to grant the requisite permissions to Photonic to display tags etc. Burnt by my experience with Instagram I had been very wary about extending Photonic to Facebook. In hindsight that was a good decision since Facebook has made it harder to get approvals for apps to pull photos etc. I would have ended up throwing away a lot of development effort if I had built a Facebook module.
  2. SmugMug has acquired Flickr. This took me by surprise. As of now the platforms and APIs are independent and they haven’t announced any plans to merge them in the short term. However, if and when the merge, I will have to redo the code in accordance with the redesigned API. That is a bridge too far for now and I will cross it when I get to it.
  3. 500px.com announced that they are shutting down their API from 15th June 2018. And when this happens, there is nothing I can do to fetch photos from a platform. I have written to them to see if there will be any way to pull photos, but for now we must assume that the 500px.com module of Photonic will stop working from 15th June due to this change.

In the meanwhile I am working on adding video support to Photonic. Stay tuned.