It's not private, but it is personal.stevemaury wrote: ↑Wed Mar 07, 2018 6:15 pm When you post on a public forum accessible to Google, that is NOT "personal data".
When I post your name, address, email, etc. on phpBB, it's your personal data.
It's not private, but it is personal.stevemaury wrote: ↑Wed Mar 07, 2018 6:15 pm When you post on a public forum accessible to Google, that is NOT "personal data".
Mick, I read GDPR. Some basic issues do not require additional explanation. User consent must be mandatory, not implicit and expressed separately for each purpose. It must be collected by the administrator. This will be mandatory in every EU country.
GDPR wrote: (32) Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject's agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement. This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject's acceptance of the proposed processing of his or her personal data. Silence, pre-ticked boxes or inactivity should not therefore constitute consent. Consent should cover all processing activities carried out for the same purpose or purposes. When the processing has multiple purposes, consent should be given for all of them. If the data subject's consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.
Yes, but this extension is still no validation and users reported bugs. I think about this viewtopic.php?f=456&t=2341856
You keep telling that there are bugs in that extension, but you didn't actually tell the extension author what those bugs are. The only thing reported is that "something" isn't working, but that is no help for anyone.tojag wrote: ↑Thu Mar 08, 2018 11:29 am
Yes, but this extension is still no validation and users reported bugs. I think about this viewtopic.php?f=456&t=2341856
So I founded the idea of 2FA. viewtopic.php?f=436&t=2438306
I support you! I keep looking into your thread topic and I am waiting for the work to be completed and the extension validated. It's really good work!
There's probably a regulation against doing that somewhere...
We're in the same situation. We're ignoring it completely. Being based in the US, we added this to our Privacy Policy, but this is the absolute extent to us budging anywhere on the GDPR:
There's also other small things in it, like saying if we were breached and we ever had sensitive data (which we don't collect anyways, but just to cover us or w/e) - we would report it, but would not cooperate in any investigation by agencies outside of the US.Section I: Scope and who this policy covers
This policy shall be interpreted to apply to all users that use any service, online or otherwise, of [Community name]. Such services shall include services directly owned by [Community name], as well as the interaction of third-party services that [Community name] interfaces with through the usage of interfaces and facilities such as, but not limited to, APIs and data sharing. By connecting to any service owned by [Community name], or by interfacing with [Community name] through such a third party service, you express your agreement to this policy.
Section II: Legal Jurisdiction
[Community name] is based in the United States of America, and as such, it and all of its users, both domestic and foreign, are subject to United States jurisdiction. [Community name] does not comply with, respect, nor recognize, foreign data privacy laws, and is not under any obligation to be in compliance with them. This includes the laws of such countires and governing bodies that claim to have extra-territorial scope in such laws, such as the European Union. Through your use of [Community name] services, you recognize that your information will be submitted to and stored on servers within the United States of America. In certain cases, servers in other countries may be used to provide services that may store data in a temporary manner... however, all data will be ultimately stored on US servers.
Outside of that, I wouldn't worry about it. I don't think that this reg will last for more than a year, if that. It's just the next EU Cookie Law, and the ePrivacy Act will be the same way.Recitation 18: Individuals don't count.
If you can plausibly claim that an individual owns the data, and that the others running the site are friends helping the site, then the data-controller is an individual.
This is true!Ger wrote: ↑Thu Mar 08, 2018 11:13 amIt's not private, but it is personal.stevemaury wrote: ↑Wed Mar 07, 2018 6:15 pm When you post on a public forum accessible to Google, that is NOT "personal data".
When I post your name, address, email, etc. on phpBB, it's your personal data.
Unless your wording is imprecise: next time ask the lawyer what distinguishes a person from a user. If I need consent of a person, and a user can withdraw that then this only raises more questions. It is one issue to follow all GDPR principles, but it is another issue to identify a person (internet wise). Accounts (read: effectively what then appears as the user) can be used by multiple persons - one could give consent, another could revoke it - is this really intended?
That would not comply with several law's basic principle in dubio pro reo - it may be difficult to prove you guilty, but it may be impossible to prove your innocence.
When I wrote this, I used interchangeably: person and user. I'm not a lawyer.
Same as with taxes. If you have money, you must be able to explain where you got it and whether you paid tax.
You are responsible for differentiating personal info posted by shared accounts in the event of a request.AmigoJack wrote: ↑Wed Mar 28, 2018 3:18 pmUnless your wording is imprecise: next time ask the lawyer what distinguishes a person from a user. If I need consent of a person, and a user can withdraw that then this only raises more questions. It is one issue to follow all GDPR principles, but it is another issue to identify a person (internet wise). Accounts (read: effectively what then appears as the user) can be used by multiple persons - one could give consent, another could revoke it - is this really intended?
That's the very point: and how should I be able to? No matter with what you come up - I can neither verify that (not even when I personally allow the log in just in time), nor can I tell people apart. IP addresses and usernames may be personal data, but technically an IP address is just a network node without any hint if it's an end or just a gate to countless others. Likewise accounts can be used by zero to many persons (and one person can use zero to many accounts). This is all unsound and, as usual, as vague as possible. As much as I like this new regulation from the point of a customer, as much do I ask myself "how does the opposite know I am demanding this and that, and not just an imposter?"LaxSlash1993 wrote: ↑Wed Mar 28, 2018 10:17 pmYou are responsible for differentiating personal info posted by shared accounts in the event of a request.