
Ask HN: GDPR, WordPress.com REST API and Gravatar - cdarwin
Hi, I&#x27;m building a service based on the wordpress.com REST API (https:&#x2F;&#x2F;developer.wordpress.com&#x2F;docs&#x2F;api&#x2F;) which gives access to wordpress.com data, and based on the Gravatar (https:&#x2F;&#x2F;gravatar.com) service from which I download images.<p>So, when my users will use my service, their IP and HTTP header will go to WordPress.com and to the Gravatar service, and they say the use IPs to make geolocalization.<p>Under the GDPR, is it enough I explain this in my privacy policy or do I have to store the consent?<p>Thank you.
======
richardk3000
For new users, explaining this in the privacy policy and getting their consent
is enough. It is wise to store the consent, for a user might complain that
he/she never gave their OK, and then it's up to you to prove that they did.

If you already have a user base, you should inform them that you are changing
your processing of their data, again they must consent. (you will probably
have received those kind of mails or popups on websites during the last year
yourself)

Important question: are you offering the service to individuals interacting
directly with your service, or are you processing this data on behalf of a
business client (the "controller")?

