Some people use https://libretranslate.com/ thinking they are gaining some privacy by avoiding Google Translate. This web service is proxied through Cloudflare, thus exposing potentially sensitive text to a privacy-hostile US tech giant. #Libretranslate uses words like “libre”, “free” and “open” to gain people’s trust. No mention of Cloudflare, so quite deceiving.
A CTO in Czech Republic was considering using Libretranslate on sensitive medical and personal data of people. Yikes! His only concern was whether the Libretranslate admin kept logs of the translations.
Czech is an EU member, thus subject to the GDPR. But I actually cannot think of a GDPR violation here in the general case. Everyone is free to outsource. And Europeans would likely be routed to a CF server in Europe.
This cant be legal, right?
Right?
The website of a Belgian law office specializing in GDPR is (ironically) on Cloudflare itself. So they apparently determined that it’s legal under the GDPR. From there, I suppose the question is whether medical information somehow changes the equation. But that’s beyond the GDPR and essentially my question. I don’t know if Czech has privacy safeguards specific to medical data that covers this.