This NGI funded project does not comply to GDPR

While I am really scared what NGI funded, I want to note that this is additionally illegal in the EU:

The Creative Passport

The dark cookie pattern alone is illegal and I am proud we achieved

So, apart from the green button, you have no possibility to deny cookies here:

Please note also that there is no Imprint, in Germany this legally binding element needs to contain

  • Name of responsible natural person
  • Address
  • Phone number
  • USt-ID or similar
  • Link to Regulatory Authority and EU Dispute settlement
1 Like

I don’t know this project. Is this a Fediverse project? Did you report to their issue tracker? If they are not GDPR-compliant while they have a cookie wall (whatever we think of these things), then you are most probably seeing a bug. If deliberate you also best report to their contact points first.

Update: I found the site. There’s something of a deception pattern in there, or at least the dialog can be improved but it seems to honor the setting in the first screen when pressing accept. It sets 1 cookie for Google Fonts.

Nowhere do I find a link to Fediverse or ActivityPub. I feel that this post is rather off-topic for this forum. Anyway, I changed the title from “project is illegal” to “project does not comply to GDPR”.

I guess the title was right since beyond not complying with GDPR it does not comply to German law.

Maybe. But then still the question of it being off-topic and the timing. Idk, it did not give me a good feeling. But I am happy with your opinion on it.

I did not look into the project since there’s no link to it as far as I can tell.

AFAICS it is not fedi-related. Hard to see, as I did not find a link to the sources.

It’s indeed funded by NGI0 and the AGPL code is on Github The Creative Passport · GitHub (that includes AP support).

The developer in British, so the imprint might be an overlook. I have contacted Mark, and he should be here shortly.


Sorry i’m missing this, how does it not comply with German law?

The site linked too in Sebastiens post also has no option to reject the cookies? Unless I am viewing the site incorrectly?

Also the site as is does not support AP, that is a new thing being built. It is not Fediverse related, though we would like it to connect. So obviously we will need to review how we present and link.

The cookie pattern i’ll look into though.


1 Like

Welcome @mark! Thank you for taking this up. Maybe @Sebastian can clarify?

:slight_smile: ok, we have looked at the cookie dialog and will make amendments as it is not clear, though I dont think it is actually wrong, i’m much happier to not have a dodgy pattern in use. I think we should have some more company details on the site as well, we are looking into that as well, though again I dont think we are ‘illegal’.

All these contact details are fully detailed in the privacy policy that is linked too from the site.

Also to be clear, NLNet / NGI have NOT funded the Creative Passport, they have funded a new piece of work to see how we could add in ActivityPub functionality to the system.




Hi @mark, welcome to SocialHub. Nice to see you are implementing AP support in Artist Hub. I have added the project as an entry in the ActivityPub Application Watchlist (this is a staging area for inclusion on Fediverse Party). I also tooted and announcement just now.

Hello everyone,

Kathi from The Creative Passport Team. We have now added more company details on the website and amended the cookie consent button to also apply to the German regulations. Please do let us know should you have any more concerns or questions.

Thanks for letting us know.
Kind regards,


Welcome @kathi and thank you for the updates. Please see About the Software category if you want a category for your software.