Page 1 of 2

GDPR regulations

Posted: Tue Dec 26, 2017 1:14 pm
by John connor
I live in the U.S. and my server is located in Chicago. Do I need to inform my users that I use cookies?

Re: GDPR regulations

Posted: Tue Dec 26, 2017 3:24 pm
by stevemaury
phpBB cookies do not record personal information. Also, the EU police don't have jurisdiction over you.

Re: GDPR regulations

Posted: Tue Dec 26, 2017 4:21 pm
by HiFiKabin
The GDPR is confusing at best, and it covers more than just cookies.
GDPR affects anyone holding data on EU citizens, including those companies not in Europe
No, I don't know how that is enforceable either.

I have asked for clarification re forums and as yet have had no reply. Perhaps they are swamped by questions from people trying to understand how it affects them. ;)

Re: GDPR regulations

Posted: Wed Dec 27, 2017 1:51 am
by John connor
Then as far as I'm concerned, bourgeois Europe can screw off. :lol:

Re: GDPR regulations

Posted: Wed Jan 24, 2018 4:37 pm
by HiFiKabin
The ICO have finally replied
Dear Mr #########

Thank you for your correspondence (attached for your reference).

I am sorry for the delay in responding. We are experiencing a very heavy caseload at the moment.

I understand from your email that you are the Administrator for a number of online forums and you wish to know how the General Data Protection Regulation (GDPR) will affect you.

As you have mentioned in your email, you are processing personal data during the course of your activities. This can include email addresses as they could identify a living individual in certain formats. Additionally, the GDPR is now identifying IP addresses as personal data. The legislation covers this in Article 4 (1) which includes online identifiers and is extended upon in Recital 30.

The result of this is that you need to comply with the provisions of the GDPR when processing personal data. Our Guide to the GDPR outlines the provisions of this legislation. A good introductory resource you may wish to review is our ‘GDPR: 12 steps to take now’ document and our ‘Getting ready for the GDPR checklist’.

It is also possible that you may need to register with us. The criteria on this on are still being consulted upon so unfortunately I cannot provide a definitive line on that at this time. Our blog ‘ICO fee and registration changes next year’ currently provides our most up to date information on this.

I hope this information is helpful to you. If you would like to discuss this case further, please contact me on my direct number 0330 ####### If you need advice on a new issue you can contact us via our Helpline on 0303 123 1113 or through our live chat service. In addition, more information about the Information Commissioner’s Office and the legislation we oversee is available on our website at www.ico.org.uk.


Yours sincerely

Martyn Boaler
Lead Case Officer
Information Commissioner’s Office

Re: GDPR regulations

Posted: Wed Jan 24, 2018 7:06 pm
by Lumpy Burgertushie
maybe they should find someone that knows something about how IP addresses work and about how the internet in general works, and maybe even about international laws work.

just sayin......


robert

Re: GDPR regulations

Posted: Wed Jan 24, 2018 7:21 pm
by HiFiKabin
I agree Robert. Most ip's change regularly anyway, so whats the point of saying its 'personally identifiable'

This whole GDPR is (IMHO) aimed at big business and marketing companies rather than fora and the like.

Re: GDPR regulations

Posted: Wed Jan 24, 2018 7:29 pm
by warmweer
HiFiKabin wrote:
Wed Jan 24, 2018 4:37 pm
The ICO have finally replied
OMG, that's the kind of reply which sends shivers up my spine.
In short, the answer is: you probably need to comply with the GDPR since you use something which could indentify a real individual, and it's up to you to find out how because we don't know , but you may as well start hiring a personal data officer, etc... and while you're at it: here's a list of lawyers just waiting to jump on to the money train.
Thanks for asking and BTW your email including emailadress, content and headers will be stored for future reference.
OW, almost forgot. Nothing mentioned in this reply can in any way be used in any kind of complaint against sender of this reply nor his employers, etc... etc...

Just yesterday I had a meeting at my bank, and I was asked to sign a document allowing the bank to offer me unrequested personal advice based on my profile and my liquidities. Should I choose not to sign, the bank wil not have any legal right to inform me about investment strategies etc.. unless I specifically ask for it. Thanks to GDPR. (I didn't sign anyway).

I'm thinking about sending a notice to all my members that I'm not going to comply with the GDPR and if that's a problem their account can be inactivated (without deleting any data connected to that account).

Re: GDPR regulations

Posted: Wed Jan 24, 2018 7:37 pm
by david63
HiFiKabin wrote:
Wed Jan 24, 2018 7:21 pm
Most ip's change regularly anyway, so whats the point of saying its 'personally identifiable'
Possibly for when IPv6 is rolled out?

Re: GDPR regulations

Posted: Thu Jan 25, 2018 8:03 am
by AmigoJack
identifying IP addresses as personal data
Dozens of lawsuits see it the same way. And as soon as not only one person is using the target device (speak: computer) one person alone can't be held liable for using it (i.e. children infringing copyright laws). It all comes down to the scenario: IP address = internet access owner/payer - that's what everybody means by "personal". And since most ISPs store connection details you can be traced with a given address at a given time.

Re: GDPR regulations

Posted: Fri Jan 26, 2018 11:12 am
by John connor
This really is all Euro BS. I won't be complying. I'm in the U.S. and the server is in the U.S. Come get me! :lol:

Re: GDPR regulations

Posted: Fri Jan 26, 2018 6:58 pm
by david63
John connor wrote:
Fri Jan 26, 2018 11:12 am
This really is all Euro BS. I won't be complying. I'm in the U.S. and the server is in the U.S.
And the US doesn't have such stupid rules then? How about COPPA?

Re: GDPR regulations

Posted: Fri Jan 26, 2018 9:36 pm
by warmweer
John connor wrote:
Fri Jan 26, 2018 11:12 am
This really is all Euro BS. I won't be complying. I'm in the U.S. and the server is in the U.S. Come get me! :lol:
Might not be necessary ;)
When all sites registered with European reseller or hosted by a European host are forced to comply.
To take it even further - all non-compliant sites could be blocked in Europe (doomsday scenario).

Re: GDPR regulations

Posted: Sat Jan 27, 2018 4:15 am
by John connor
david63 wrote:
Fri Jan 26, 2018 6:58 pm
John connor wrote:
Fri Jan 26, 2018 11:12 am
This really is all Euro BS. I won't be complying. I'm in the U.S. and the server is in the U.S.
And the US doesn't have such stupid rules then? How about COPPA?
Well, lets see. COPPA stands for The Children's Online Privacy Protection Act and is for children under 13. That makes more sense to me then an asinine bunch of crap about IP addresses and cookies. You would have to live in another universe not to know that all, and I mean ALL websites record your IP address and most if not all use a cookie. Compare that to the protection of children.

Re: GDPR regulations

Posted: Sat Jan 27, 2018 4:16 am
by John connor
warmweer wrote:
Fri Jan 26, 2018 9:36 pm
all non-compliant sites could be blocked in Europe (doomsday scenario).
That would be met with so much backlash it wouldn't be funny.