New GDPR (General Data Protection Regulation) and phpBB

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Scam Warning
User avatar
Mick
Support Team Member
Support Team Member
Posts: 19718
Joined: Fri Aug 29, 2008 9:49 am
Location: Watching cricket probably . . .

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by Mick » Mon Apr 09, 2018 1:31 pm

zorni wrote:
Mon Apr 09, 2018 1:27 pm
We stopped embeding third party content and login with social media and social buttons etc
At least some good is coming from all this then :)
"The more connected we get the more alone we become" - Kyle Broflovski

There are no ‘threads’ in phpBB, they are topics.

User avatar
GanstaZ
Registered User
Posts: 372
Joined: Wed Oct 11, 2017 10:29 pm
Location: Zverse

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by GanstaZ » Mon Apr 09, 2018 1:34 pm

tojag wrote:
Mon Apr 09, 2018 1:12 pm
I am waiting when phpBB will solve these issues on this forum.
What issues? When you register here, you accept privacy Privacy that you should read before clicking accept. You don't have to fill other fields as name and so on. In my point of view, this site is wiki based (public/shared support/info).

To re-make this privacy mode/page is easy. I will do it for my project, (without any gdpr fear). Everything is easy, if you put effort in it & do something.
"When answer lies in the question,.. question becomes redundant!"

User avatar
tojag
Registered User
Posts: 333
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by tojag » Mon Apr 09, 2018 1:36 pm

Mick, I do not have to add an idea. This is going to be an information obligation throughout the EU in a moment. Does anyone seem to be the owner of this forum? If it belongs to the community, it may be more difficult to implement. I did not see GDPR foreseeing such a possibility. I do not know if in such a case you should indicate the management of the organization or a specific natural person. In the current law, it is the Information Security Administrator (a specific natural person) but it will end after 25/05/2018.

zorni
Registered User
Posts: 117
Joined: Mon Mar 23, 2009 10:29 pm
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by zorni » Mon Apr 09, 2018 1:51 pm

Mick wrote:
Mon Apr 09, 2018 1:31 pm
zorni wrote:
Mon Apr 09, 2018 1:27 pm
We stopped embeding third party content and login with social media and social buttons etc
At least some good is coming from all this then :)
True story :)

Issues that should be solved by phpBB (imho) are:

A note that the privacy policy provided by phpBB is more or less a placeholder and not a legally valid privacy policy. Each forum has to intervene individually and formulate a privacy policy according to its own features.

Any new (or updated) extension must indicate that an addition to the privacy policy may be necessary.

An option to deactivate all (not some) external services, like emoji etc, which are delivered with phpBB.

The possibility to edit the privacy policy in the backend, not in the lang files. (Best case: integrate pages to the core i.e.)

A required option for new registrations. They have to check a box "I accept the priv. policy" etc. The same is needed for existing users. Additional there should be an option to re-request this consent, if the priv. policy has changed.

The contact admin form needs a checkbox. This checkbox must not be "pre-marked" and have to refer to the privacy policy of the forum. Something like [_] By ckecking this box I accept the pp [Link].

User avatar
AmigoJack
Registered User
Posts: 5263
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by AmigoJack » Mon Apr 09, 2018 2:18 pm

tojag wrote:
Mon Apr 09, 2018 12:19 pm
if I change the username, all of these occurrences change to new ones?
No, login attempts and disallowed entries aren't modified, based on their nature. Likewise you could falsely entries there you're about to erase (i.e. trying to log in as "Albert" can be totally unrelated to an account that coincidentally has the same username).
The worst thing about censorship is ███████████

User avatar
GanstaZ
Registered User
Posts: 372
Joined: Wed Oct 11, 2017 10:29 pm
Location: Zverse

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by GanstaZ » Mon Apr 09, 2018 3:25 pm

An option to re-request a click? It is not needed. It can be solved the other way. If policy have been updated and all members are informed & if they do not agree/accept, they need to deactivate account. Phpbb is a bb and not a portal platform. Pages add-on is optional and can be integrated by anyone to any system that is based on phpbb. One can simply solve it, by using pages or by making a new controller with factory pattern or any other method & insert, update, remove, modify and so on any new privacy point with it (notification/e-mail will inform all members about changes).
"When answer lies in the question,.. question becomes redundant!"

User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 49332
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by stevemaury » Mon Apr 09, 2018 3:32 pm

zorni wrote:
Mon Apr 09, 2018 1:51 pm
Mick wrote:
Mon Apr 09, 2018 1:31 pm
zorni wrote:
Mon Apr 09, 2018 1:27 pm
We stopped embeding third party content and login with social media and social buttons etc
At least some good is coming from all this then :)
True story :)

Issues that should be solved by phpBB (imho) are:

A note that the privacy policy provided by phpBB is more or less a placeholder and not a legally valid privacy policy. Each forum has to intervene individually and formulate a privacy policy according to its own features.

Any new (or updated) extension must indicate that an addition to the privacy policy may be necessary.

An option to deactivate all (not some) external services, like emoji etc, which are delivered with phpBB.

The possibility to edit the privacy policy in the backend, not in the lang files. (Best case: integrate pages to the core i.e.)

A required option for new registrations. They have to check a box "I accept the priv. policy" etc. The same is needed for existing users. Additional there should be an option to re-request this consent, if the priv. policy has changed.

The contact admin form needs a checkbox. This checkbox must not be "pre-marked" and have to refer to the privacy policy of the forum. Something like [_] By ckecking this box I accept the pp [Link].
Are you talking about implementing these on this board (phpbb.com/community) or are you talking about incorporating these in the distributed phpbb code?
For REALLY good and VERY inexpensive hosting CLICK HERE

I can stop all your spam. PM or email me.

All unsolicited PMs will be ignored.

User avatar
Ibedejo
Registered User
Posts: 242
Joined: Tue Feb 21, 2012 12:12 am

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by Ibedejo » Mon Apr 09, 2018 5:16 pm

As phpBB Limited resides in the UK ... :mrgreen:

User avatar
david63
Jr. Extension Validator
Posts: 14564
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Name: David Wood
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by david63 » Mon Apr 09, 2018 5:45 pm

Ibedejo wrote:
Mon Apr 09, 2018 5:16 pm
As phpBB Limited resides in the UK ... :mrgreen:
Not 100% true. phpBB Ltd is registered in the UK but is a USA company and also phpBB Ltd only operates this board out of the USA - it does not have a "significant" presence in the EU.
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored

User avatar
Ibedejo
Registered User
Posts: 242
Joined: Tue Feb 21, 2012 12:12 am

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by Ibedejo » Mon Apr 09, 2018 6:34 pm

david63 wrote:
Mon Apr 09, 2018 5:45 pm
Not 100% true. phpBB Ltd is registered in the UK but is a USA company and also phpBB Ltd only operates this board out of the USA - it does not have a "significant" presence in the EU.
And exactly this line of argument is irrelevant for the issues we are talking about ;)

User avatar
Scanialady
Registered User
Posts: 191
Joined: Thu Jan 17, 2013 7:09 pm
Location: Germany
Name: Annette
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by Scanialady » Tue Apr 10, 2018 9:08 am

zorni wrote:
Mon Apr 09, 2018 1:51 pm
...

Issues that should be solved by phpBB (imho) are:

A note that the privacy policy provided by phpBB is more or less a placeholder and not a legally valid privacy policy. Each forum has to intervene individually and formulate a privacy policy according to its own features.

Any new (or updated) extension must indicate that an addition to the privacy policy may be necessary.

An option to deactivate all (not some) external services, like emoji etc, which are delivered with phpBB.

The possibility to edit the privacy policy in the backend, not in the lang files. (Best case: integrate pages to the core i.e.)

A required option for new registrations. They have to check a box "I accept the priv. policy" etc. The same is needed for existing users. Additional there should be an option to re-request this consent, if the priv. policy has changed.

The contact admin form needs a checkbox. This checkbox must not be "pre-marked" and have to refer to the privacy policy of the forum. Something like [_] By ckecking this box I accept the pp [Link].
Don't forget to save the old one and the new one (pdf?), and it has to be possible to remove your accept.

I think there are some extensions for parts of functions phpBB could take over in core and rebuild for this. Pages may be one of it. Delete my account another. Support template. Cookie consent. Coppa. There is no need to create all the functions completely new - they are there.
Webseite, Blog, Wiki
JV-Arcade / phpBB-Arcade / dmzx-Extensions Übersetzungsteam, andere deutsche Übersetzungen - german language files

User avatar
tojag
Registered User
Posts: 333
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by tojag » Tue Apr 10, 2018 12:36 pm

I agree. I have already written that we can do it in small steps, realizing each of the necessary functions. For us using phpBB to run our own forums, an example of correct solutions should come from the owner and administrator of this forum. Because it offers services for the EU and it has to comply with EU law itself.
I believe that this is the most important thing to do now, even at the cost of bug fixes or other improvements.

User avatar
tojag
Registered User
Posts: 333
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by tojag » Wed Apr 11, 2018 9:48 pm

Due to the FB case, it can be expected that regulations similar to the European ones will soon appear in the USA. Today, during Zuck's interrogations, congressmen spoke about such a need. So we can not pretend that the problem is not there or that this is only an EU matter.

User avatar
3Di
Registered User
Posts: 12756
Joined: Mon Apr 04, 2005 11:09 pm
Location: Milan (IT) Frankfurt (DE)
Name: Marco
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by 3Di » Wed Apr 11, 2018 11:44 pm

Got this right now:
Dear Google Analytics Administrator,
Over the past year we've shared how we are preparing to meet the requirements of the GDPR, the new data protection law coming into force on May 25, 2018. Today we are sharing more about important product changes that may impact your Google Analytics data, and other updates in preparation for the GDPR. This e-mail requires your attention and action even if your users are not based in the European Economic Area (EEA).
Product Updates

Today we introduced granular data retention controls that allow you to manage how long your user and event data is held on our servers. Starting May 25, 2018, user and event data will be retained according to these settings; Google Analytics will automatically delete user and event data that is older than the retention period you select. Note that these settings will not affect reports based on aggregated data.

Action: Please review these data retention settings and modify as needed.

Before May 25, we will also introduce a new user deletion tool that allows you to manage the deletion of all data associated with an individual user (e.g. site visitor) from your Google Analytics and/or Analytics 360 properties. This new automated tool will work based on any of the common identifiers sent to Analytics Client ID (i.e. standard Google Analytics first party cookie), User ID (if enabled), or App Instance ID (if using Google Analytics for Firebase). Details will be available on our Developers site shortly.

As always, we remain committed to providing ways to safeguard your data. Google Analytics and Analytics 360 will continue to offer a number of other features and policies around data collection, use, and retention to assist you in safeguarding your data. For example, features for customizable cookie settings, privacy controls, data sharing settings, data deletion on account termination, and IP anonymization may prove useful as you evaluate the impact of the GDPR for your company’s unique situation and Analytics implementation.

Contract And User Consent Related Updates

Contract changes

Google has been rolling out updates to our contractual terms for many products since last August, reflecting Google’s status as either data processor or data controller under the new law (see full classification of our Ads products). The new GDPR terms will supplement your current contract with Google and will come into force on May 25, 2018.

In both Google Analytics and Analytics 360, Google operates as a processor of personal data that is handled in the service.

For Google Analytics clients based outside the EEA and all Analytics 360 customers, updated data processing terms are available for your review/acceptance in your accounts (Admin ➝ Account Settings).

For Google Analytics clients based in the EEA, updated data processing terms have already been included in your terms.
If you don’t contract with Google for your use of our measurement products, you should seek advice from the parties with whom you contract.

Updated EU User Consent Policy
Per our advertising features policy, both Google Analytics and Analytics 360 customers using advertising features must comply with Google’s EU User Consent Policy. Google's EU User Consent Policy is being updated to reflect new legal requirements of the GDPR. It sets out your responsibilities for making disclosures to, and obtaining consent from, end users of your sites and apps in the EEA.

Action: Even if you are not based in the EEA, please consider together with your legal department or advisors, whether your business will be in scope of the GDPR when using Google Analytics and Analytics 360 and review/accept the updated data processing terms as well as define your path for compliance with the EU User Consent Policy.

Find Out More
You can refer to privacy.google.com/businesses to learn more about Google’s data privacy policies and approach, as well as view our data processing terms.

We will continue to share further information on our plans in the coming weeks and will update relevant developer and help center documentation where necessary.

Thanks,

The Google Analytics Team
Want to compensate me for my interest? Donate
Please PM me only to request paid works. Thx.
Extensions, Scripts, MOD porting, Update/Upgrades
My development's activity º PhpStorm's proud user

andrewilley
Registered User
Posts: 105
Joined: Fri Sep 12, 2008 7:28 pm
Location: Birmingham UK
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by andrewilley » Thu Apr 12, 2018 8:26 am

I run a very small phpBB forum at [removed link], with probably just a few posts a week for users to ask questions that aren't covered by the rest of the information on the site, and to post comments. It is a non-commercial site and has no e-commerce or other data gathering tools. I do use Google Analytics for usage reports, Google Ads to try to cover the server running costs/etc, and AddThis for social media shares/follows.

The site is not SSL encrypted, although that might be something I'd consider if it can be done without any financial costs and if it doesn't involve complicated procedures or code rewrites.

Could someone point me towards a plain-English site that tells me in a few minutes if I need to do anything for this seemingly over-bureaucratic EU nonsense regulation that appears to be aimed at businesses? Google keeps emailing talking about commerce, legal advisers, data handling policies, privacy policies, etc; I have none of that, and don't plan to start - it's just a little spare-time information site.

Andre
Last edited by kinerity on Thu Apr 12, 2018 12:04 pm, edited 2 times in total.
Reason: Removed unnecessary link.
--- Admin of www.portorleans.org

Post Reply

Return to “phpBB Discussion”

Who is online

Users browsing this forum: Lumpy Burgertushie and 32 guests