GDPR compliance is going to be left optional, right?

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Scam Warning
User avatar
AmigoJack
Registered User
Posts: 5332
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: GDPR compliance is going to be left optional, right?

Post by AmigoJack » Mon Dec 11, 2017 11:49 am

HiFiKabin wrote:
Mon Dec 11, 2017 9:55 am
That letter is then published in the Radio Times.
Why? If they do so without my consent I'm not the one who insisted on publishing it. This is a bad example. Not to speak of anonymizing a publication.
The worst thing about censorship is ███████████

User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 3241
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James
Contact:

Re: GDPR compliance is going to be left optional, right?

Post by HiFiKabin » Mon Dec 11, 2017 12:03 pm

AmigoJack wrote:
Mon Dec 11, 2017 11:49 am
HiFiKabin wrote:
Mon Dec 11, 2017 9:55 am
That letter is then published in the Radio Times.
Why? If they do so without my consent I'm not the one who insisted on publishing it. This is a bad example. Not to speak of anonymizing a publication.
You write a letter to the letters page of The Radio Times
as the letter is sent to the letters page it is for publication and is therefore a good analogy of a public forum

User avatar
AmigoJack
Registered User
Posts: 5332
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: GDPR compliance is going to be left optional, right?

Post by AmigoJack » Mon Dec 11, 2017 12:11 pm

HiFiKabin wrote:
Mon Dec 11, 2017 12:03 pm
the letter is sent to the letters page
That was too vague to me to identify the meaning of publishing a 1:1 copy of my letter (is this even possible? Or is it only the text, without me drawing fancy pictures or writing by hand? I mean: I still don't know which details are published and which are not).
The worst thing about censorship is ███████████

User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 3241
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James
Contact:

Re: GDPR compliance is going to be left optional, right?

Post by HiFiKabin » Mon Dec 11, 2017 12:49 pm

AmigoJack wrote:
Mon Dec 11, 2017 12:11 pm
HiFiKabin wrote:
Mon Dec 11, 2017 12:03 pm
the letter is sent to the letters page
That was too vague to me to identify the meaning of publishing a 1:1 copy of my letter (is this even possible? Or is it only the text, without me drawing fancy pictures or writing by hand? I mean: I still don't know which details are published and which are not).
I posted the text of the letter, which was published.

EXACTLY the same as me posting this message on here. It is now can be seen as being 'in the public domain' as people will see it. Google will index it, It may be quoted by someone, screenshotted, downloaded etc. It can not be un posted.

User avatar
thecoalman
Community Team Member
Community Team Member
Posts: 2797
Joined: Wed Dec 22, 2004 3:52 am
Location: Pennsylvania, U.S.A.
Contact:

Re: GDPR compliance is going to be left optional, right?

Post by thecoalman » Mon Dec 11, 2017 12:52 pm

AmigoJack wrote:
Mon Dec 11, 2017 12:11 pm
HiFiKabin wrote:
Mon Dec 11, 2017 12:03 pm
the letter is sent to the letters page
That was too vague to me to identify the meaning of publishing a 1:1 copy of my letter (is this even possible? Or is it only the text, without me drawing fancy pictures or writing by hand? I mean: I still don't know which details are published and which are not).
I don't know about where you live but "letters to the editor" are common here in US newspapers. There is specific address for them and the expectation is it will be published in full if selected.

LaxSlash1993
Registered User
Posts: 179
Joined: Sat Sep 22, 2012 2:20 am

Re: GDPR compliance is going to be left optional, right?

Post by LaxSlash1993 » Tue Dec 12, 2017 12:31 am

Sanborn wrote:
Fri Dec 08, 2017 6:13 pm
IPs can be considered as personal data, because you can link an IP to an actual person (albeit through the ISP)
Usernames can be considered as personal data, because a lot of people just use their real name for this.
Posts can be considered as personal data, because I can write "Hello I'm John Doe, etc"

Just because a user uses his own name as username or adds personal data in a forum post doesn't make it his problem.
It is your problem if it's on your website. Same goes for pictures, videos, all of that can contain information to identify a person.

Out of the box phpBB has a "location" field in a user profile. There you go, personal data.

There is a difference between personal data and sensitive data. Personal data is your name, your address etc. Sensitive data is your religion, sexual preference etc. GDPR targets personal data, not just sensitive data. If data on your website can contain personal data, then it should be considered as personal data. So eg a username is personal data.

And GDPR enforces you to clean up this info, when a user requests it, or if a user doesn't interact with your website for a period of time.
Just re-enforces my point that this regulation is complete and utter overkill bullshit, sorry to say it. As far as I'm concerned, the EU can go kick rocks.
HiFiKabin wrote:
Mon Dec 11, 2017 9:55 am
I have been thinking about this some more, as well as trying to read/understand the documents. As I understand it, this is about information held and used by YOU the website owner.

Looking at this from a slightly different angle.

You write a letter to the letters page of The Radio Times. The letter is as follows but you sent it to them with your real name and address.
That letter is then published in the Radio Times. You then want The Radio Times to delete your details, They remove your real details from their database, but not the letter. The magazine has been printed, millions of people have seen it, its in the archives, etc etc

You can not go and remove that information as it exists. I think the same applies to the internet.

The information that you give me in order to join my forum (username, password, email address) can be deleted. What you have decided to post on a public forum for anyone to read can be considered to be the same as a published letter. It can (and will) get archived, indexed by Google etc etc.

All IMHO of course as I am still awaiting a reply to my email
From what I've been reading on the GDPR (I've been doing quite a bit of research on it since this post... still sticking strong on my stance of non-compliance, but it's still just something to know I guess), this would be exempted from the right to erasure as it would fall under the "free speech" exception... so long as the information is not falsified. The thing that's interesting is that this information can become false at any time, and at that point, you would have to erase that material. It could be as simple as "So and so, who can be seen walking down such and such a street in a blue hat frequently" becoming false when they start wearing a brown hat more frequently. They could theoretically force you in that case to remove the article, should you decide to comply with the regulation.

But, having said that, this is a perfect example of why the right to erasure in itself is pretty much a meaningless regulation outside of sensitive (credit card, social security numbers, etc) data.

User avatar
david63
Jr. Extension Validator
Posts: 14721
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Name: David Wood
Contact:

Re: GDPR compliance is going to be left optional, right?

Post by david63 » Tue Dec 12, 2017 7:35 am

One major problem with erasing data that has been posted within a phpBB board (and possibly other boards) is that of quotes. There is no mechanism within phpBB to delete quotes when a user is deleted (whether they have their posts deleted or not) of if their username is changed.

Also if quotes were to be deleted for a user it would make the topic containing the quote meaningless.
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored

User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 3241
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James
Contact:

Re: GDPR compliance is going to be left optional, right?

Post by HiFiKabin » Tue Dec 12, 2017 9:50 am

LaxSlash1993 wrote:
Tue Dec 12, 2017 12:31 am
<snip>The thing that's interesting is that this information can become false at any time, and at that point, you would have to erase that material. It could be as simple as "So and so, who can be seen walking down such and such a street in a blue hat frequently" becoming false when they start wearing a brown hat more frequently. They could theoretically force you in that case to remove the article, should you decide to comply with the regulation.
<snip>
... but if it was factually correct at the time of posting it can not be deemed to be false.

If that were the case ALL history, science and other such texts would need to be pulped at least every year.

The sun goes around the world, the world is flat, "here be dragons". All were 'true' at some point in time, and can still be read in the appropriate tome.

User avatar
Mick
Support Team Member
Support Team Member
Posts: 20093
Joined: Fri Aug 29, 2008 9:49 am
Location: Cardiff

Re: GDPR compliance is going to be left optional, right?

Post by Mick » Tue Dec 12, 2017 1:27 pm

I told you but you wouldn't listen.
"The more connected we get the more alone we become" - Kyle Broflovski

There are no ‘threads’ in phpBB, they are topics.

LaxSlash1993
Registered User
Posts: 179
Joined: Sat Sep 22, 2012 2:20 am

Re: GDPR compliance is going to be left optional, right?

Post by LaxSlash1993 » Tue Dec 12, 2017 1:32 pm

david63 wrote:
Tue Dec 12, 2017 7:35 am
One major problem with erasing data that has been posted within a phpBB board (and possibly other boards) is that of quotes. There is no mechanism within phpBB to delete quotes when a user is deleted (whether they have their posts deleted or not) of if their username is changed.

Also if quotes were to be deleted for a user it would make the topic containing the quote meaningless.
If you wanted to be GDPR compliant, a mechanism would have to be introduced to remedy this.
HiFiKabin wrote:
Tue Dec 12, 2017 9:50 am
LaxSlash1993 wrote:
Tue Dec 12, 2017 12:31 am
<snip>The thing that's interesting is that this information can become false at any time, and at that point, you would have to erase that material. It could be as simple as "So and so, who can be seen walking down such and such a street in a blue hat frequently" becoming false when they start wearing a brown hat more frequently. They could theoretically force you in that case to remove the article, should you decide to comply with the regulation.
<snip>
... but if it was factually correct at the time of posting it can not be deemed to be false.

If that were the case ALL history, science and other such texts would need to be pulped at least every year.

The sun goes around the world, the world is flat, "here be dragons". All were 'true' at some point in time, and can still be read in the appropriate tome.
The way I understand it, describing the person as someone who wears a blue hat counts as PII in the EU's eyes. Once information is factually inaccurate about a person, that can be used as a vehicle for either removal or change.

I agree with you completely, for the record. The GDPR doesn't.

Post Reply

Return to “phpBB Discussion”

Who is online

Users browsing this forum: Ger, Java 1, kinerity and 24 guests