Hugo and the General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It became enforceable on 25 May 2018.
Hugo is a static site generator. By using Hugo you are already standing on very solid ground. Static HTML files on disk are much easier to reason about compared to server and database driven web sites.
But even static websites can integrate with external services, so from version 0.41, Hugo provides a Privacy Config that covers the relevant built-in templates.
These settings have their defaults setting set to off, i.e. how it worked before Hugo 0.41. You must do your own evaluation of your site and apply the appropriate settings.
These settings work with the internal templates. Some theme may contain custom templates for embedding services like Google Analytics. In that case these options have no effect.
We will continue this work and improve this further in future Hugo versions.
All Privacy Settings
Below are all privacy settings and their default value. These settings need to be put in your site config (e.g. config.toml).
When you turn on privacy-enhanced mode, YouTube won’t store information about visitors on your website unless the user plays the embedded video.
Enabling this for the vimeo shortcode, the Vimeo player will be blocked from tracking any session data, including all cookies and stats.
If simple mode is enabled, the video thumbnail is fetched from Vimeo’s servers and it is overlayed with a play button. If the user clicks to play the video, it will open in a new tab directly on Vimeo’s website.