New GDPR (General Data Protection Regulation) and phpBB

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Ideas Centre
User avatar
AmigoJack
Registered User
Posts: 5266
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by AmigoJack » Tue May 29, 2018 8:27 am

andrewilley wrote:
Mon May 28, 2018 10:47 am
My only concern there is that other users may already have quoted one of their posts, which would have embedded their old username in text form into the reply, and I can't see any way to automate fixing that.
Usernames. Based on the board settings users can change their username, or it can be changed thru administrators. In such a case be prepared to find all variants, not only one.
The worst thing about censorship is ███████████

andrewilley
Registered User
Posts: 105
Joined: Fri Sep 12, 2008 7:28 pm
Location: Birmingham UK
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by andrewilley » Tue May 29, 2018 9:05 am

tojag wrote:
Mon May 28, 2018 12:35 pm
Do you really allow editing? This can only change the public conversation :)
You can offend someone and get offended or insulted at any time in the old post.
You can delete all posts by typing vh8w4hhf9jf40j9 or whatever.

....

But this is not anonymisation, it is an identifier that allows to separate all posts of that user. This is pseudonymisation. GDPR says that you can pseudonymize if it is impossible to separate data and create a personal profile from them. This is written in GDPR.
If there is a name in the content of a post, you will separate all posts and bring it to that name. And if there will be an address, name, email?
Anonymisation is "Deleted user" and not "Deleted user NNN".
Yes, I allow users to edit posts. Personally I'd never post anything where that wasn't allowed as I always seem to spot typos or rethink how something should be phrased long after I press the Submit button. This post has just been edited twice for example. :)

Not sure how phpBB reacts to potentially more than one set of comments having the exact same username ("Deleted User") attributed in the database, but which were created by unrelated accounts? Are there any database field linking issues with that? Also, in any retained discussion thread, it is important to see that it was the same person who made a series of comments, even if you no longer know who that person actually was. Otherwise you cannot follow a conversation.

AmigoJack wrote:
Tue May 29, 2018 8:27 am
Usernames. Based on the board settings users can change their username, or it can be changed thru administrators. In such a case be prepared to find all variants, not only one.
If a username has been been changed, I really can't think of any reasonable or practical way to find any potential historical quotes of the old name, unless the user can provide it. I don't currently allow users to change their own usernames, and I can only think of one occasion where I've had a user request me to do it (a USA user, who I know personally, and not applicable under GDPR anyway).

Andre
--- Admin of www.portorleans.org

User avatar
Mick
Support Team Member
Support Team Member
Posts: 19733
Joined: Fri Aug 29, 2008 9:49 am
Location: Watching cricket probably . . .

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by Mick » Tue May 29, 2018 12:25 pm

Ref: viewtopic.php?f=556&t=2473666

I was under the impression it was against GDPR rules to force anything on anyone?
"The more connected we get the more alone we become" - Kyle Broflovski

There are no ‘threads’ in phpBB, they are topics.

User avatar
tojag
Registered User
Posts: 333
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by tojag » Tue May 29, 2018 3:53 pm

phpbb enforces from the first registration form:
- accept for tos,
- email,
- password :)
and others fields with attribute 'required'.
David63's privacy policy extension is also for enforcing acceptance privacy policy and / or cookies.
I would like to see a forum without such enforcing. Maybe only for guests. :) Although it will probably be forcing you to read the rules to send a post as a guest.

The fact is that GDPR enforces the collection of consents so we have to do it if we want to process data.

LaxSlash1993
Registered User
Posts: 178
Joined: Sat Sep 22, 2012 2:20 am

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by LaxSlash1993 » Tue May 29, 2018 10:15 pm

We allow our users one username change evey 30 days. All previous usernames are permanently logged and stored.

We also allow the most recent post to be edited within 1 week of being posted.

User avatar
Ger
Recognised Extension Developer
Posts: 1595
Joined: Wed Jan 02, 2008 7:35 pm
Location: 192.168.1.100
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by Ger » Wed May 30, 2018 1:39 pm

Just to drop this here: I'm related to a board with > 1M posts where many users have registered with a linked Facebook account, thus using their real life names.
We get account removal requests quite often, but removing a user keeps quotes with their username intact. In the past we just left those and/or edited those posts to anonymise them when we stumbled on them.
With the GDPR (or AVG in Dutch) in effect, we need to take active action to anonymise those quotes. First step I've taken is to write the Quoted Where extension. It enables us to quickly find where a user was quoted. Since this is just a first version it justs searches and leaves the editing to a board admin, but if this works solid, I intend to make it possible to remove the usernames from those quotes as well.

I appreciate if some users are willing to try out this extension to improve it ASAP.
My extensions: Simple CMS, Feed post bot, Avatar Resize, Modbreak, Magic OGP, Live topic update and Modern Quote
Newest: Quoted Where + anonymize

Like my work? Buy me a coffee to keep it coming. :ugeek:
-Available for custom work-

User avatar
david63
Jr. Extension Validator
Posts: 14575
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Name: David Wood
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by david63 » Wed May 30, 2018 2:25 pm

Ger wrote:
Wed May 30, 2018 1:39 pm
linked Facebook account, thus using their real life names.
You mean people actually use their "real" names on Facebook :o :shock: :o :shock:
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored

User avatar
Ger
Recognised Extension Developer
Posts: 1595
Joined: Wed Jan 02, 2008 7:35 pm
Location: 192.168.1.100
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by Ger » Wed May 30, 2018 2:41 pm

Seems so
My extensions: Simple CMS, Feed post bot, Avatar Resize, Modbreak, Magic OGP, Live topic update and Modern Quote
Newest: Quoted Where + anonymize

Like my work? Buy me a coffee to keep it coming. :ugeek:
-Available for custom work-

User avatar
david63
Jr. Extension Validator
Posts: 14575
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Name: David Wood
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by david63 » Wed May 30, 2018 2:45 pm

More fool them, I say
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored

User avatar
Ger
Recognised Extension Developer
Posts: 1595
Joined: Wed Jan 02, 2008 7:35 pm
Location: 192.168.1.100
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by Ger » Fri Jun 01, 2018 11:52 am

Ger wrote:
Wed May 30, 2018 1:39 pm
I intend to make it possible to remove the usernames from those quotes as well.
And that's working now as well :)
My extensions: Simple CMS, Feed post bot, Avatar Resize, Modbreak, Magic OGP, Live topic update and Modern Quote
Newest: Quoted Where + anonymize

Like my work? Buy me a coffee to keep it coming. :ugeek:
-Available for custom work-

User avatar
noth
Registered User
Posts: 2451
Joined: Fri Jan 07, 2005 7:10 pm
Location: North Surrey
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by noth » Wed Jul 25, 2018 10:52 am

Who can use Facebook
When people stand behind their opinions and actions, our community is safer and more accountable. For this reason, you must:
Use the same name that you use in everyday life.
are you suggesting that you join a website and simply break their terms and conditions from Day 1?

that is your advice?

User avatar
Mick
Support Team Member
Support Team Member
Posts: 19733
Joined: Fri Aug 29, 2008 9:49 am
Location: Watching cricket probably . . .

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by Mick » Wed Jul 25, 2018 11:17 am

Use the same name that you use in everyday life
:lol: seriously?

How is that policed?
"The more connected we get the more alone we become" - Kyle Broflovski

There are no ‘threads’ in phpBB, they are topics.

User avatar
noth
Registered User
Posts: 2451
Joined: Fri Jan 07, 2005 7:10 pm
Location: North Surrey
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by noth » Wed Jul 25, 2018 11:21 am

am I to take it that unless a terms and condition can be "policed" ....... we just ignore it?

User avatar
Mick
Support Team Member
Support Team Member
Posts: 19733
Joined: Fri Aug 29, 2008 9:49 am
Location: Watching cricket probably . . .

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by Mick » Wed Jul 25, 2018 11:26 am

No, I’m just saying how do you know if the name a user is using is his everyday name any more than anybody filling out the COPPA agreement is over thirteen?
"The more connected we get the more alone we become" - Kyle Broflovski

There are no ‘threads’ in phpBB, they are topics.

User avatar
noth
Registered User
Posts: 2451
Joined: Fri Jan 07, 2005 7:10 pm
Location: North Surrey
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by noth » Wed Jul 25, 2018 11:57 am

david63 wrote:
Wed May 30, 2018 2:45 pm
More fool them, I say
yes quite

and more fool anybody who puts their real name too eh? do you agree with that?

Post Reply

Return to “phpBB Discussion”

Who is online

Users browsing this forum: No registered users and 30 guests