I guess history would repeat with "Freedom Fries".John connor wrote: ↑Sat Jan 27, 2018 4:16 amThat would be met with so much backlash it wouldn't be funny.
I guess history would repeat with "Freedom Fries".John connor wrote: ↑Sat Jan 27, 2018 4:16 amThat would be met with so much backlash it wouldn't be funny.
To protect their privacy the law requires you to collect all kinds of data on them....just saying... In any event it's a stupid law that accomplishes nothing and unless your site is intended for minors you can pretty much ignore it. .John connor wrote: ↑Sat Jan 27, 2018 4:15 am Well, lets see. COPPA stands for The Children's Online Privacy Protection Act and is for children under 13. That makes more sense to me then an asinine bunch of crap about IP addresses and cookies.
If a US based domain registrar or host tried that against an American website/company for not complying with a bs EU law, they'd be hit with a lawsuit faster than roadrunner evading a coyote trap.
Contemplating this as well.I'm thinking about sending a notice to all my members that I'm not going to comply with the GDPR and if that's a problem their account can be inactivated (without deleting any data connected to that account).
Do you need to tell anyone, I doubt your users even know what GDPR is?
There is an argument that that is the responsibility of you host. There is only so much that you can do as there is no way that you can secure a host's server.
There is one major problem with phpBB in this respect and that is where a member whose details are to be deleted has been quoted in posts - possibly where they have been mentioned in posts.
I have mostly no issue with either of these two. I do take a slight issue with requiring the second one to be done within 72 hours, as that's not always enough time to fully determine the scope of a breach accurately, and may lead to either a false alarm or sense of security.HiFiKabin wrote: ↑Tue Jan 30, 2018 5:19 pm After driving my self even more insane from reading the Three Volume Novel (ie the regulations) my PERSONAL opinion of the GDPR in relation to the phpBB software is:-
1) A person needs to be delegated as being responsible for the security for the data entered by the user (thats you as the admin)
2) Should there be a breach of that data the person above needs to report the breach and/or inform the users (thats you as the admin again)
Not every forum (ie. ours) wishes to offer this option. We keep and retain as many details as possible about an account to, for example, identify multi-accounters. Plus, with the amount of modifications and integrated systems we have, deleting accounts and data would be a nightmare. The entire right to erasure is (one of) the huge reasons that we are not going to comply with this reg.
All I'm gonna say when considering things such as archiving and legitimite purposes - displaying registrant info is not considered a valid purpose of the WHOIS system, and thus, the WHOIS system as we know it today will have to cease to exist in order to comply with the GDPR.HiFiKabin wrote: ↑Tue Jan 30, 2018 5:19 pm 4) You do not need to delete the users posts as they are considered archive and/or public information as it has been indexed and therefore available elsewhere. ip information is also considered archive in this instance.
5) Should the user information (ie email address) be used for ANYTHING other than Forum Functionality you MUST get explicit permission from the user (a pre ticked "yes" box is not acceptable)
I am no lawyer (obviously) but only my opinion.
True, but the basic idea still stands as the breach may just be on your own database (including any local copy)
I feel that falls within the realms of being 'publicly available'. YOU (as the user) have put the information in the public domain
Agreeddavid63 wrote: ↑Tue Jan 30, 2018 7:16 pm My view about this, and I am not being complacent, is that that there will be bigger fish to catch than the "hobby" boards - certainly in the short term. How many cases have there been under the "old" acts against hobby boards? Very few, if any, I would guess.
I feel that falls within the 'right to archive' otherwise you would be unable to keep a list of banned email addressesLaxSlash1993 wrote: ↑Tue Jan 30, 2018 8:29 pmI have mostly no issue with either of these two. I do take a slight issue with requiring the second one to be done within 72 hours, as that's not always enough time to fully determine the scope of a breach accurately, and may lead to either a false alarm or sense of security.HiFiKabin wrote: ↑Tue Jan 30, 2018 5:19 pm After driving my self even more insane from reading the Three Volume Novel (ie the regulations) my PERSONAL opinion of the GDPR in relation to the phpBB software is:-
1) A person needs to be delegated as being responsible for the security for the data entered by the user (thats you as the admin)
2) Should there be a breach of that data the person above needs to report the breach and/or inform the users (thats you as the admin again)
Not every forum (ie. ours) wishes to offer this option. We keep and retain as many details as possible about an account to, for example, identify multi-accounters. Plus, with the amount of modifications and integrated systems we have, deleting accounts and data would be a nightmare. The entire right to erasure is (one of) the huge reasons that we are not going to comply with this reg.
Its a set of regulations written by lawyers for lawyers to make money for lawyers (so whats new? )LaxSlash1993 wrote: ↑Tue Jan 30, 2018 8:29 pmAll I'm gonna say when considering things such as archiving and legitimite purposes - displaying registrant info is not considered a valid purpose of the WHOIS system, and thus, the WHOIS system as we know it today will have to cease to exist in order to comply with the GDPR.HiFiKabin wrote: ↑Tue Jan 30, 2018 5:19 pm 4) You do not need to delete the users posts as they are considered archive and/or public information as it has been indexed and therefore available elsewhere. ip information is also considered archive in this instance.
5) Should the user information (ie email address) be used for ANYTHING other than Forum Functionality you MUST get explicit permission from the user (a pre ticked "yes" box is not acceptable)
I am no lawyer (obviously) but only my opinion.
That is exactly the torture I have been dealing with at work for the past three months.
Why should I be less protected since I turned 14?John connor wrote: ↑Sat Jan 27, 2018 4:15 amWell, lets see. COPPA stands for The Children's Online Privacy Protection Act and is for children under 13. That makes more sense to me then an asinine bunch of crap about IP addresses and cookies. You would have to live in another universe not to know that all, and I mean ALL websites record your IP address and most if not all use a cookie. Compare that to the protection of children.