New GDPR (General Data Protection Regulation) and phpBB

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Suggested Hosts
LaxSlash1993
Registered User
Posts: 178
Joined: Sat Sep 22, 2012 2:20 am

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by LaxSlash1993 » Mon Apr 23, 2018 10:16 pm

tojag wrote:
Mon Apr 23, 2018 9:32 pm
The right of archiving applies only to public goods strictly defined in GDPR, for example a medical clinic can archive patient cards. Your forum is your private business and you have no right to archiving for pubic goods.
Sorry, but this is just completely false. I hate this law, and have no plans on complying it with data collected before our geoblock, but it doesn't go that far.

User avatar
GanstaZ
Registered User
Posts: 377
Joined: Wed Oct 11, 2017 10:29 pm
Location: Zverse

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by GanstaZ » Tue Apr 24, 2018 12:59 am

If I could edit my posts and know that the forum owner does not delete them, I would edit them all by typing 'bla bla'.
Smells like childish act. People are getting lazy you really think someone would bother doing that? GDPR police can punish an owner if something is really wrong & same goes for registered user/guest/one that wants to be forgotten.

If something is written some time ago, it's already past/history & it's the same as being a part of archive.
Archiving data Article 89
Last edited by GanstaZ on Wed Apr 25, 2018 2:34 pm, edited 2 times in total.
"When answer lies in the question,.. question becomes redundant!"

maxrpg
Registered User
Posts: 66
Joined: Thu Jul 30, 2009 12:33 am

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by maxrpg » Tue Apr 24, 2018 5:49 pm

To be fair I personally don't think many (if any) forum users would use the "right to be forgotten". I can see it happening on e-commerce sites or facebook/twitter/google etc but for most of us who just run a forum with no really private information about its users I would be surprised if those users suddenly decided they want all their stuff deleting.

I think in the 8+ years that my site has been active I've only had 2-3 users ask me to delete their account (for various reasons) which I complied with and their posts were kept.

I think I'll just deal with it on a case by case basis and ask my moderators to actively remove any personal information from posts if/when they find it. I think we also need to notify our users about notification settings/email settings and they need to verify that they still want to receive them after the 25th of May. Perhaps setting all users settings to NO and sending out a mass email telling users that if they want to continue receiving them they have to update their settings back to YES.

This GDPR is a pain in the *insert word* :?

User avatar
ajtruckle
Registered User
Posts: 93
Joined: Tue Apr 19, 2005 10:37 am

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by ajtruckle » Tue Apr 24, 2018 6:30 pm

There is a lot of discussion here. The is that the phpbb authors give consideration to whatever it or its users needs to do.

For example, when a user signs up, we are going to have to tell them how we are using their data etc. And if we were to be doing system wide emails (I no longer do) we would have to specifically have a checkboxfor them to give GDPR consent. Effectively a specific section in each persons profile.

I am no expert but these kinds of steps have been taken by Mailchimp. I don't want to be bitten by my use of phpbb for my support forum.

User avatar
Lumpy Burgertushie
Registered User
Posts: 64707
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by Lumpy Burgertushie » Tue Apr 24, 2018 7:11 pm

assuming that you are in the EU you would need to contact someone who is an expert on this new law in the EU.
phpbb may or may not have to make any changes in order to be in compliance.

if you are not in the EU then you simply do not have to worry about it in my opinion.


robert
I am available for custom work on a donation basis. Please send me a PM with your needs.

Premium phpBB 3.2 Styles by PlanetStyles.net

OK, so what's the speed of dark?

User avatar
tojag
Registered User
Posts: 333
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by tojag » Tue Apr 24, 2018 10:15 pm

maxrpg wrote:
Tue Apr 24, 2018 5:49 pm
To be fair I personally don't think many (if any) forum users would use the "right to be forgotten". I can see it happening on e-commerce sites or facebook/twitter/google etc but for most of us who just run a forum with no really private information about its users I would be surprised if those users suddenly decided they want all their stuff deleting.

I think in the 8+ years that my site has been active I've only had 2-3 users ask me to delete their account (for various reasons) which I complied with and their posts were kept.
Even on this forum you can find users who wanted to cancel your account and delete posts and wrote about it in public. Up to now there was no opportunity, and how will it be now when they call on GDPR? After all, this forum is purely technical, but there are forums on which people are written about people, their hobbies, their health, their behaviors, etc. My forum is like that, so I have concerns. You can create pretty good personal profits from the posts. Someone writes that email address encryption is unnecessary, and if you link an address to such a profile, you can target your ads very accurately. This is profiling strictly described in GDPR. Of course, it would be illegal for someone to gain access to the database and use it to send profile-based emails.
What I read more about GDPR is that in order to be in compliance with this law, everything should be encrypted, blocked, not allowed, deleted and asked for consent 10 times :(
I think we should wait until the first court verdict about the forums, and let it involve someone other than myself and my forum :D

LaxSlash1993
Registered User
Posts: 178
Joined: Sat Sep 22, 2012 2:20 am

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by LaxSlash1993 » Tue Apr 24, 2018 10:34 pm

Lumpy Burgertushie wrote:
Tue Apr 24, 2018 7:11 pm
assuming that you are in the EU you would need to contact someone who is an expert on this new law in the EU.
phpbb may or may not have to make any changes in order to be in compliance.

if you are not in the EU then you simply do not have to worry about it in my opinion.


robert
A lot would have to be done in the source code to be compliant. But again, this should all be left to an optional extension that's off by default.

User avatar
Mick
Support Team Member
Support Team Member
Posts: 19745
Joined: Fri Aug 29, 2008 9:49 am
Location: Watching cricket probably . . .

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by Mick » Wed Apr 25, 2018 6:42 am

tojag wrote:
Tue Apr 24, 2018 10:15 pm
I think we should wait until the first court verdict about the forums, and let it involve someone other than myself and my forum
Now you’re talking and, maybe, it’ll all go the way of the cookie law, in to history.
"The more connected we get the more alone we become" - Kyle Broflovski

There are no ‘threads’ in phpBB, they are topics.

andrewilley
Registered User
Posts: 105
Joined: Fri Sep 12, 2008 7:28 pm
Location: Birmingham UK
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by andrewilley » Wed Apr 25, 2018 6:49 am

Mick wrote:
Wed Apr 25, 2018 6:42 am
Now you’re talking and, maybe, it’ll all go the way of the cookie law, in to history.
True, the Cookie Law turned into a requirement for a simple message to users basically saying "It's a website, so it uses cookies, duh. Now get over it". I think this one will have more teeth when it comes to personal data loss through hacks though.

Andre
--- Admin of www.portorleans.org

User avatar
Mick
Support Team Member
Support Team Member
Posts: 19745
Joined: Fri Aug 29, 2008 9:49 am
Location: Watching cricket probably . . .

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by Mick » Wed Apr 25, 2018 7:04 am

Andre, you’re in the UK, I have my doubts how this is all going to be policed, and it will be down to the police. They can hardly cope with what’s going on over here as it is never mind take on extra spying duties. What will they do, take on extra pc savvy officers (uh?) to monitor our two hundred member bulletin boards? I very much doubt it.
"The more connected we get the more alone we become" - Kyle Broflovski

There are no ‘threads’ in phpBB, they are topics.

User avatar
david63
Jr. Extension Validator
Posts: 14583
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Name: David Wood
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by david63 » Wed Apr 25, 2018 7:18 am

Mick wrote:
Wed Apr 25, 2018 7:04 am
I have my doubts how this is all going to be policed, and it will be down to the police
I believe that policing it will be the same as now with Data Protection, it will be policed by the ICO - in other words they will only respond if a complaint is made.
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored

User avatar
ajtruckle
Registered User
Posts: 93
Joined: Tue Apr 19, 2005 10:37 am

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by ajtruckle » Wed Apr 25, 2018 7:28 am

Why is this being "discussed"?

It is clear to me ...

phpbb offer a "forum".
This forum can be used by people to hold and manage personal data.
Thus the forum must be GPDR compliant really.

I agree it should be an extension, but an extension should be provided.

It is a little disheartening to hear alot of what appear to be excuses to delay, or avoid, or whats the point, comments.

As a user of your forum I am asking for your "thumbs up" that my forum is not going to be an issue. If you have doubts or reservations about saying yes, then somethign should be investigated. After all, you don't want someone to stamp down on you as a company provided the forum to be used but no GPDR compliancy tools of any kind.

User avatar
david63
Jr. Extension Validator
Posts: 14583
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Name: David Wood
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by david63 » Wed Apr 25, 2018 7:56 am

ajtruckle wrote:
Wed Apr 25, 2018 7:28 am
As a user of your forum I am asking for your "thumbs up" that my forum is not going to be an issue. If you have doubts or reservations about saying yes, then somethign should be investigated. After all, you don't want someone to stamp down on you as a company provided the forum to be used but no GPDR compliancy tools of any kind.
You are missing the point.

phpBB provide software that you put on your site. It is your responsibility to ensure that your site complies with all relevant laws/regulations etc. of your country.

Using this board is irrelevant as it is based in the USA and therefore is [arguably] outside the EU regulations.
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored

User avatar
ajtruckle
Registered User
Posts: 93
Joined: Tue Apr 19, 2005 10:37 am

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by ajtruckle » Wed Apr 25, 2018 8:06 am

Huh? The first thing a user will do is "sign up" to your forum. It has a signup page with wording .... That is the place that this GPDR stuff would be shown. That is part of the forum flowline. I appreciate that the user has the responsibility to ensure actual compliancy. But they are going at the very least need some kind of GPDR plugin so that the signup page offers extra info, specific links and thus custom fields. No more than that.

See this if you are interested:

https://blog.mailchimp.com/gdpr-tools-from-mailchimp/

User avatar
GanstaZ
Registered User
Posts: 377
Joined: Wed Oct 11, 2017 10:29 pm
Location: Zverse

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by GanstaZ » Wed Apr 25, 2018 8:13 am

You can try privacy extension that is in development and see if it fits your needs. You can create your own controller and inject it to registration page, it will point to any direction you want. What custom fields you want/need? Only thing that is required after reading privacy/rules & whatever there may be is to click i agree/submit or leave.
"When answer lies in the question,.. question becomes redundant!"

Post Reply

Return to “phpBB Discussion”

Who is online

Users browsing this forum: No registered users and 30 guests