New GDPR (General Data Protection Regulation) and phpBB

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Anti-Spam Guide
LaxSlash1993
Registered User
Posts: 182
Joined: Sat Sep 22, 2012 2:20 am

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by LaxSlash1993 »

tojag wrote: Mon Apr 23, 2018 9:32 pm The right of archiving applies only to public goods strictly defined in GDPR, for example a medical clinic can archive patient cards. Your forum is your private business and you have no right to archiving for pubic goods.
Sorry, but this is just completely false. I hate this law, and have no plans on complying it with data collected before our geoblock, but it doesn't go that far.
User avatar
GanstaZ
Registered User
Posts: 1187
Joined: Wed Oct 11, 2017 10:29 pm
Location: GZOverse

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by GanstaZ »

If I could edit my posts and know that the forum owner does not delete them, I would edit them all by typing 'bla bla'.
Smells like childish act. People are getting lazy you really think someone would bother doing that? GDPR police can punish an owner if something is really wrong & same goes for registered user/guest/one that wants to be forgotten.

If something is written some time ago, it's already past/history & it's the same as being a part of archive.
Archiving data Article 89
Last edited by GanstaZ on Wed Apr 25, 2018 2:34 pm, edited 2 times in total.
Usus est magister optimus! phpBB pre-Triton & latest php environment.
When answer lies in the question, question becomes redundant!
maxrpg
Registered User
Posts: 95
Joined: Thu Jul 30, 2009 12:33 am

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by maxrpg »

To be fair I personally don't think many (if any) forum users would use the "right to be forgotten". I can see it happening on e-commerce sites or facebook/twitter/google etc but for most of us who just run a forum with no really private information about its users I would be surprised if those users suddenly decided they want all their stuff deleting.

I think in the 8+ years that my site has been active I've only had 2-3 users ask me to delete their account (for various reasons) which I complied with and their posts were kept.

I think I'll just deal with it on a case by case basis and ask my moderators to actively remove any personal information from posts if/when they find it. I think we also need to notify our users about notification settings/email settings and they need to verify that they still want to receive them after the 25th of May. Perhaps setting all users settings to NO and sending out a mass email telling users that if they want to continue receiving them they have to update their settings back to YES.

This GDPR is a pain in the *insert word* :?
My go to phpBB based site and hangout is Codenstuff
User avatar
ajtruckle
Registered User
Posts: 118
Joined: Tue Apr 19, 2005 10:37 am

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by ajtruckle »

There is a lot of discussion here. The is that the phpbb authors give consideration to whatever it or its users needs to do.

For example, when a user signs up, we are going to have to tell them how we are using their data etc. And if we were to be doing system wide emails (I no longer do) we would have to specifically have a checkboxfor them to give GDPR consent. Effectively a specific section in each persons profile.

I am no expert but these kinds of steps have been taken by Mailchimp. I don't want to be bitten by my use of phpbb for my support forum.
User avatar
Lumpy Burgertushie
Registered User
Posts: 69223
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by Lumpy Burgertushie »

assuming that you are in the EU you would need to contact someone who is an expert on this new law in the EU.
phpbb may or may not have to make any changes in order to be in compliance.

if you are not in the EU then you simply do not have to worry about it in my opinion.


robert
Premium phpBB 3.3 Styles by PlanetStyles.net

I am pleased to announce that I have completed the first item on my bucket list. I have the bucket.
User avatar
tojag
Registered User
Posts: 422
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by tojag »

maxrpg wrote: Tue Apr 24, 2018 5:49 pm To be fair I personally don't think many (if any) forum users would use the "right to be forgotten". I can see it happening on e-commerce sites or facebook/twitter/google etc but for most of us who just run a forum with no really private information about its users I would be surprised if those users suddenly decided they want all their stuff deleting.

I think in the 8+ years that my site has been active I've only had 2-3 users ask me to delete their account (for various reasons) which I complied with and their posts were kept.
Even on this forum you can find users who wanted to cancel your account and delete posts and wrote about it in public. Up to now there was no opportunity, and how will it be now when they call on GDPR? After all, this forum is purely technical, but there are forums on which people are written about people, their hobbies, their health, their behaviors, etc. My forum is like that, so I have concerns. You can create pretty good personal profits from the posts. Someone writes that email address encryption is unnecessary, and if you link an address to such a profile, you can target your ads very accurately. This is profiling strictly described in GDPR. Of course, it would be illegal for someone to gain access to the database and use it to send profile-based emails.
What I read more about GDPR is that in order to be in compliance with this law, everything should be encrypted, blocked, not allowed, deleted and asked for consent 10 times :(
I think we should wait until the first court verdict about the forums, and let it involve someone other than myself and my forum :D
LaxSlash1993
Registered User
Posts: 182
Joined: Sat Sep 22, 2012 2:20 am

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by LaxSlash1993 »

Lumpy Burgertushie wrote: Tue Apr 24, 2018 7:11 pm assuming that you are in the EU you would need to contact someone who is an expert on this new law in the EU.
phpbb may or may not have to make any changes in order to be in compliance.

if you are not in the EU then you simply do not have to worry about it in my opinion.


robert
A lot would have to be done in the source code to be compliant. But again, this should all be left to an optional extension that's off by default.
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26502
Joined: Fri Aug 29, 2008 9:49 am

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by Mick »

tojag wrote: Tue Apr 24, 2018 10:15 pmI think we should wait until the first court verdict about the forums, and let it involve someone other than myself and my forum
Now you’re talking and, maybe, it’ll all go the way of the cookie law, in to history.
  • "The more connected we get the more alone we become" - Kyle Broflovski©
  • "The good news is hell is just the product of a morbid human imagination.
    The bad news is, whatever humans can imagine, they can usually create.
    " - Harmony Cobel
andrewilley
Registered User
Posts: 114
Joined: Fri Sep 12, 2008 7:28 pm
Location: Birmingham UK
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by andrewilley »

Mick wrote: Wed Apr 25, 2018 6:42 amNow you’re talking and, maybe, it’ll all go the way of the cookie law, in to history.
True, the Cookie Law turned into a requirement for a simple message to users basically saying "It's a website, so it uses cookies, duh. Now get over it". I think this one will have more teeth when it comes to personal data loss through hacks though.

Andre
--- Admin of www.portorleans.org
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26502
Joined: Fri Aug 29, 2008 9:49 am

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by Mick »

Andre, you’re in the UK, I have my doubts how this is all going to be policed, and it will be down to the police. They can hardly cope with what’s going on over here as it is never mind take on extra spying duties. What will they do, take on extra pc savvy officers (uh?) to monitor our two hundred member bulletin boards? I very much doubt it.
  • "The more connected we get the more alone we become" - Kyle Broflovski©
  • "The good news is hell is just the product of a morbid human imagination.
    The bad news is, whatever humans can imagine, they can usually create.
    " - Harmony Cobel
User avatar
david63
Registered User
Posts: 20646
Joined: Thu Dec 19, 2002 8:08 am

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by david63 »

Mick wrote: Wed Apr 25, 2018 7:04 am I have my doubts how this is all going to be policed, and it will be down to the police
I believe that policing it will be the same as now with Data Protection, it will be policed by the ICO - in other words they will only respond if a complaint is made.
David
Remember: You only know what you know and - you don't know what you don't know!

I now no longer support any of my extensions but they will start to become available here
User avatar
ajtruckle
Registered User
Posts: 118
Joined: Tue Apr 19, 2005 10:37 am

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by ajtruckle »

Why is this being "discussed"?

It is clear to me ...

phpbb offer a "forum".
This forum can be used by people to hold and manage personal data.
Thus the forum must be GPDR compliant really.

I agree it should be an extension, but an extension should be provided.

It is a little disheartening to hear alot of what appear to be excuses to delay, or avoid, or whats the point, comments.

As a user of your forum I am asking for your "thumbs up" that my forum is not going to be an issue. If you have doubts or reservations about saying yes, then somethign should be investigated. After all, you don't want someone to stamp down on you as a company provided the forum to be used but no GPDR compliancy tools of any kind.
User avatar
david63
Registered User
Posts: 20646
Joined: Thu Dec 19, 2002 8:08 am

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by david63 »

ajtruckle wrote: Wed Apr 25, 2018 7:28 am As a user of your forum I am asking for your "thumbs up" that my forum is not going to be an issue. If you have doubts or reservations about saying yes, then somethign should be investigated. After all, you don't want someone to stamp down on you as a company provided the forum to be used but no GPDR compliancy tools of any kind.
You are missing the point.

phpBB provide software that you put on your site. It is your responsibility to ensure that your site complies with all relevant laws/regulations etc. of your country.

Using this board is irrelevant as it is based in the USA and therefore is [arguably] outside the EU regulations.
David
Remember: You only know what you know and - you don't know what you don't know!

I now no longer support any of my extensions but they will start to become available here
User avatar
ajtruckle
Registered User
Posts: 118
Joined: Tue Apr 19, 2005 10:37 am

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by ajtruckle »

Huh? The first thing a user will do is "sign up" to your forum. It has a signup page with wording .... That is the place that this GPDR stuff would be shown. That is part of the forum flowline. I appreciate that the user has the responsibility to ensure actual compliancy. But they are going at the very least need some kind of GPDR plugin so that the signup page offers extra info, specific links and thus custom fields. No more than that.

See this if you are interested:

https://blog.mailchimp.com/gdpr-tools-from-mailchimp/
User avatar
GanstaZ
Registered User
Posts: 1187
Joined: Wed Oct 11, 2017 10:29 pm
Location: GZOverse

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by GanstaZ »

You can try privacy extension that is in development and see if it fits your needs. You can create your own controller and inject it to registration page, it will point to any direction you want. What custom fields you want/need? Only thing that is required after reading privacy/rules & whatever there may be is to click i agree/submit or leave.
Usus est magister optimus! phpBB pre-Triton & latest php environment.
When answer lies in the question, question becomes redundant!
Post Reply

Return to “phpBB Discussion”