Cloudflare Zaraz enables GDPR compliance when using third-party tools
February 2022 by Marc Jacob
The Austrian Data Protection Authority determined that the use of Google Analytics (GA) on an Austrian website violated the EU’s General Data Protection Regulation. It mainly highlighted that the solution was sending IP addresses to servers located in the USA. There has already been precedent indicating that IP addresses can be closely linked to users, which represents personnel data that fall under the GDPR jurisdiction
The logic of this decision is valid for third party tools deployed on web sites and this represents a considerable challenge for their owners. Indeed, each time a user is visiting a web site, third party tools are launching a connection between the browser and third party servers, a process during which the IP address of the user is exposed.
To continue to use these solutions while complying with GDPR requirements, Cloudflare has Zaraz:
An intermediary between the browser and the third-party server
If you use the example of Google Analytics again, when connecting to a web site, Zaraz will charge the tools in the cloud by using Cloudflare’s platform Workers. By doing so, there will be absolutely no communication between the browser and Google’s access point.
Data Localization
Zaraz leverages Cloudflare’s global network and combines with the features of the Data Localization Suite. Users can use these tools to prevent European IP information from being transferred outside of the EU.
Of course, by default, Zaraz doesn’t record or save any information about end users, except for error logging.