German court has ruled that embedding Google Fonts violates GDPR because IP addresses are sent to the US. Austrian and French court has ruled that transferring IP information outside the EU is a breach of GDPR, given how it may be combined with other bits of data.

By embedding data from other servers on your webpage in video-, script-, iframe-, and img-tags, you transfer IP information outside the EU.

To make the matter more complex using servers outside the EU is not necessarily a violation of GDPR if the data is being transferred to US companies that are part of the EU-US Data Privacy Framework.

This website does an initial check if you send any data outside of EU.

If your company is located in Germany, Austria, or France, you probably aren’t compliant if you send IP addresses outside the EU. When a court in an EU member state makes a decision, it can be used as an argument in other countries, but it does not automatically mean that it’s valid for all countries. However, it would be wise to look for solutions where you have control over all the data and where the servers are located.

This website scrapes the provided URL and checks for video-, script-, iframe-, and image-tags and which URLs they link to. It then checks where the servers for the content reside. Your URL is marked as “violating GDPR” if some of the content you request is on a server outside Europe.

If you request content serverside or use javascript to fetch the content, this solution won’t pick it up.

No. This website is just a quick way to check if the provided URL leaks IP addresses outside Europe. For performance reasons, it doesn’t check every request that is being made.