You may already be aware that accessibility overlay problems can create a number of issues and are best avoided. Here’s another significant reason to avoid overlay plugins: they are probably creating data privacy issues that put your site out of compliance with GDPR (General Data Protection Regulation) and/or CCPA (California Consumer Privacy Act).
Overlay plugins gather health information
You can see from the image on this post that overly plugins ask users to self identify with information about seizures, vision impairments, cognitive disabilities and more. Beyond self identifying, many overlay plugins also scan the user’s computer to identify assistive technologies that may be installed or configured on their device. They may additionally gather health information “guesses” based on how the user interacts with the site.
That means profiles or settings on the overlay plugin that reveal health information can be matched with other non-health information (like IP address) to gather data that the user has no way to opt out of.
Data Privacy Concerns
Most US citizens are probably familiar with HIPAA (the Health Information Portability & Accountability Act), which requires healthcare providers to protect health information. Website owners are NOT required under HIPAA to protect health information, but at least two data privacy laws DO require website owners to inform users they will collect health related data, get permission to do so, and notify users if that data will be passed to third parties.
GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act) both require various levels of notification and opt-ins for users to interact with your site in ways that store or transmit their personal data. And they require that you provide mechanisms for users to remove their data from any storage.
Just like people without disabilities, people with disabilities don’t want to have their personal data sold so that they can be targeted for marketing. For this reason and others, some people with disabilities avoid sites that are running overlay plugins.
Avoid a lawsuit: avoid overlays
Overlay plugins are often marketed as a way to avoid a lawsuit. Ironically, they may be significantly increasing the website owners exposure to a data privacy lawsuit.
Overlay plugins don’t provide any notifications or opt-ins, and since the personal data is sent to the overlay services server, the site owner no longer has a way to provide a mechanism for removal. The overlay plugin service is able to collect quite a bit of personal information, and it’s unclear how trustworthy they will be with safeguarding or not selling that data. All of this means that the site owner using the overlay plugin is at risk for violations of GDPR and CCPA.
You can avoid that risk by simply not using on accessibility overlay plugin, and working to make your site accessible.
- Adrian Roselli, FTC, Commercial Surveillance, and Overlays
- Leonie Watson, AccessiBe and data protection?
- Overlay Fact Sheet
Never miss another article from us. Sign up today to receive our monthly newsletter to learn more about website accessibility, best content practices, and more.