What does the GDPR mean for your FlippingBook Publisher publications?

With the General Data Protection Regulation (GDPR), effective from May 25, 2018, EU residents have a bigger say over what, how, why, where, and when their personal data is used. Any organization that works with personal data of EU residents has obligations to protect and properly process said data.

In this article, we describe how this affects your flipbooks, directly and indirectly and how you can make them compliant with the GDPR, if applicable to you.

The short version of this article

To comply with the GDPR you can 
Option 1: Either eliminate all gathering of personal data

  • If you use FlippingBook Publisher and publish to FlippingBook Cloud:
    • Convert Flash publications to HTML5
    • Make sure your projects are uploaded with FlippingBook Publisher version 2019.1 or higher (especially if you use Google Analytics).
    • If you embed third party content (e.g. video) in your publications, then make sure that the embedded content is GDPR-compliant.
  • If you upload to your own server
    • Convert your Flash publications to HTML5
    • If you use Google Analytics, then re-upload your projects with FlippingBook Publisher version 2019.1 or higher
    • If you embed third party content (e.g. video) in your publications, then make sure that the embedded content is GDPR-compliant.

Option 2: make sure that you collect and handle personal data in a GDPR compliant manner

Notify your viewers about the data that is gathered, why, and for how long it is stored before they open your FlippingBook, and ask them for consent.


The full version of this article

At FlippingBook, we have always respected our users’ right to data privacy and protection. We do not rely on advertising as a revenue stream. We have never served ads in publications to our users, and never will. There is no hidden code or script in our flipbooks that gathers your users’ personal data. However, if you use third party services in your publications (like Google Analytics or embedded video), then this may affect what you need to do to make your publications GDPR compliant.

There basically are two approaches:

  1. Eliminate the gathering of personal data in the first place
  2. Make sure that you collect and handle personal data in a GDPR compliant manner

Approach 1: Eliminate the gathering of personal data

For publications hosted on FlippingBook Cloud

If you upload to FlippingBook cloud: make sure that your projects are uploaded with FlippingBook Publisher version 2019.1 or higher (make sure you convert your Flash publications to HTML5). Flash publications and publications that were uploaded with older versions may contain personally identifiable information.

You can check with which version a publication was uploaded in the FlippingBook Cloud Manager.

  1. Open FlippingBook Cloud tab.
  2. Sort your publications by version and look for the publications that were uploaded with older versions.

  1. You can download any project that was uploaded with earlier versions by right-clicking and selecting Download option.
  2. After downloading the project, simply reupload it by clicking Upload Publication button.

What if you use embedded video?

If you embed third party content (e.g. video) in your flipbooks, then you make use of services that are completely beyond our control. Unfortunately, that means that we cannot guarantee that such services don’t gather personal information from your viewers. We can only advise you to

  • Make sure that you collect and handle personal data in a GDPR compliant manner.
  • Alternatively, you can remove the video or replace it with a direct link to the video on the provider’s site.

What if you use Google Analytics?

If your publications use Google Analytics, make sure you reupload the publications with FlippingBook Publisher version 2019.1 or higher. In these versions, we enabled the IP anonymization for Google Analytics by default, so there is no need to enable any other settings in order to make your flipping book GDPR-compliant. 

The way in which we track analytics in publications uploaded to FlippingBook Cloud with FlippingBook Publisher 2019.1 or higher does not constitute Personally Identifiable data.

What if you use private publications?

Private publications are publications that are protected with a username (email address) and password. This is obviously personal information, though whether or not you need consent from the end-user depends. The GDPR allows data processing when it is “necessary for the performance of a contract to which the data subject is party”.

If this is not the case, then you will have to ask your end-user for consent at the moment you obtain his email address for this purpose, and retain records of consent given by users, as well as provide users with clear instructions for revocation of consent. However, this is an organizational rather than a technical issue. FlippingBook does not provide a mechanism for automatic signups and does not use this information in any other way than to provide your users access to the publications that you have entitled them to.


For publications hosted on your own server

If you don’t use any third-party services in your flipbooks (like Google Analytics or embedded video), then your HTML5-publications will not gather any personal data. If you still have Flash publications, then convert them to HTML5.

What if you use embedded video?

If you embed third party content (e.g. video) in your flipbooks, then you make use of services that are completely beyond our control. Unfortunately, that means that we cannot guarantee that such services don’t gather personal information from your viewers. We can only advise you to

  1. Make sure that you collect and handle personal data in a GDPR compliant manner.
  2. Alternatively, you can remove the video or replace it with a direct link to the video on the provider’s site.

What if you use Google Analytics?

If your publications use Google Analytics, then make sure that your publications are uploaded with FlippingBook Publisher version 2019.1 or higher - as in these versions IP anonymization is enabled by default to make the publications GDPR-compliant.

Of course, you can also turn off Google Analytics in your projects and re-upload your publications.

If your GA-enabled publications are uploaded with earlier versions of FlippingBook Publisher, then they will gather personally identifiable data and you must inform your users about what data you track, how you use it and get their consent before your users open a GA-enabled publication. Also, make sure that your data retention policy in Google Analytics matches the data retention in the information that you provide: https://support.google.com/analytics/answer/7667196.

 

Why do I not have to get consent for analytics when using recent versions of FlippingBook Publisher?

GDPR only applies to personal data (Personally Identifiable Information). For publications that you upload to FlippingBook Cloud or to your own webserver with FlippingBook Publisher 2019.1 or higher, we implement Google Analytics in a way that the data is not personal any more.

Instead of using the standard implementation (where a unique ID is stored in a cookie, which could be regarded as Personally identifiable), we instead use a random identifier that is created by our scripts and stored in the browser’s local storage. Unlike cookies, these cannot be read by servers. And while this identifier is generated by our scripts, it is done without our knowledge. It is almost certainly unique (there is a minuscule chance that two different visitors get the same one, which is the nature of working with random numbers).

We don’t gather or store any other data, so neither we nor Google can have any knowledge of which person is associated with which identifier. This means that it cannot be used to make data personally identifiable as described in the GDPR.

Approach 2: Make sure that you collect and handle personal data in a GDPR compliant manner

If you can’t or don’t want to eliminate the gathering of personal data, then you will have to make sure that you collect and handle personal data in a GDPR compliant manner. This means that you will have to notify your viewers about the data that is gathered, why, and for how long it is stored before they open your FlippingBook. Then, you will have to obtain consent and retain records of consent given by users, as well as provide users with clear instructions for revocation of consent.

This scenario can apply when:

  • You used embedded video
  • You use Google Analytics for publications created with FlippingBook version 2.11.1 or lower AND host on your own server.
  • You use FlippingBook Cloud for HTML5 publications that are uploaded with version 2.11.1 or lower (and for all Flash publications)

Please note, that if any of the conditions above apply, then that does NOT automatically mean that you gather personal data. It only means that we cannot guarantee that this is NOT the case. Please refer to the following links to learn more:

For Google Analytics:

Google's general User Consent Policy
Google Analytics Data privacy and security

For video providers:

Vimeo's cookie policy
YouTube cookie types
Wistia's privacy policy

Was this article helpful?
drift chat