New GDPR (General Data Protection Regulation) and phpBB

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Ideas Centre
User avatar
david63
Registered User
Posts: 20646
Joined: Thu Dec 19, 2002 8:08 am

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by david63 »

Affin wrote: Fri May 25, 2018 9:55 pm Facebook does not operate in the EU but needs to send out enlightenment
Since when? As far as I can see FB certainly operates in the EU
David
Remember: You only know what you know and - you don't know what you don't know!

I now no longer support any of my extensions but they will start to become available here
LaxSlash1993
Registered User
Posts: 182
Joined: Sat Sep 22, 2012 2:20 am

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by LaxSlash1993 »

Affin wrote: Fri May 25, 2018 9:55 pm Facebook does not operate in the EU but needs to send out enlightenment
They're not doing it because Facebook operates in the EU. They're doing it because Facebook has a headquarters in the EU. Ireland's lower tax rates are starting to bite these companies back. ANd to be honest, these companies want to ditch the states... they deserve whatever they get. I don't agree with that law, and would love to see a major company stand up to the EU about it, but hey. They get what they (don't) pay for, I guess. ;)
User avatar
Scanialady
Registered User
Posts: 421
Joined: Thu Jan 17, 2013 7:09 pm
Location: Germany
Name: Annette
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by Scanialady »

Those who force their registered users to agree to the Privacy Policy, because otherwise they can only delete their own user account, should observe these complaints. 8-)

The Guardian
My 2 cents: Whether an extension is in the CDB says nothing about its quality. It is more important to read the support topics for it. Better to avoid authors who do not answer support questions themselves, who do not update their stuff, and who do not fix bugs for years.
User avatar
Lumpy Burgertushie
Registered User
Posts: 69223
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by Lumpy Burgertushie »

ok, it is may 26. is everybody still there? did the net police swat team show up at all your doors this morning to arrest all you non compliers?

;) :P

robert
Premium phpBB 3.3 Styles by PlanetStyles.net

I am pleased to announce that I have completed the first item on my bucket list. I have the bucket.
Affin
I've Been Banned!
Posts: 254
Joined: Fri May 25, 2018 9:52 pm

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by Affin »

Maybe a little off topic, but now the EU has initiated a crime report against facebook and google . :lol:
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26502
Joined: Fri Aug 29, 2008 9:49 am

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by Mick »

Lumpy Burgertushie wrote: Sat May 26, 2018 6:20 pmdid the net police swat team show up at all your doors this morning to arrest all you non compliers?
There was a suspicious looking car with driver watching my block of flats for ages yesterday but it turns out it was a travelling salesman having his lunch :lol:
Affin wrote: Sat May 26, 2018 11:17 pmnow the EU has initiated a crime report against facebook and google
We know:
Scanialady wrote: The Guardian
  • "The more connected we get the more alone we become" - Kyle Broflovski©
  • "The good news is hell is just the product of a morbid human imagination.
    The bad news is, whatever humans can imagine, they can usually create.
    " - Harmony Cobel
LaxSlash1993
Registered User
Posts: 182
Joined: Sat Sep 22, 2012 2:20 am

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by LaxSlash1993 »

Had two GDPR requests, one for access and one for erasure. Denied them both with a link to the US Declaration of Independence.

Will keep you all posted.
User avatar
TheButcher2
Registered User
Posts: 1030
Joined: Tue May 13, 2014 11:38 pm
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by TheButcher2 »

okay this is one long arse topic so gfar, what is it you suggest we add to a phpbb forum to comply.
User avatar
GanstaZ
Registered User
Posts: 1187
Joined: Wed Oct 11, 2017 10:29 pm
Location: GZOverse

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by GanstaZ »

If you are too lazy to read, then jump in to extensions in development forum => Privacy Policy.
Usus est magister optimus! phpBB pre-Triton & latest php environment.
When answer lies in the question, question becomes redundant!
User avatar
david63
Registered User
Posts: 20646
Joined: Thu Dec 19, 2002 8:08 am

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by david63 »

TheButcher2 wrote: Sun May 27, 2018 8:27 pm okay this is one long arse topic so gfar, what is it you suggest we add to a phpbb forum to comply.
I am guessing that you have not read all of this topic (can't blame you there) but the point is that it is up to each individual board owner to make the necessary choices as to what needs to be done to comply not only with GDPR but all other relevant laws/regulations that are relevant in their own country.
David
Remember: You only know what you know and - you don't know what you don't know!

I now no longer support any of my extensions but they will start to become available here
User avatar
TheButcher2
Registered User
Posts: 1030
Joined: Tue May 13, 2014 11:38 pm
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by TheButcher2 »

GanstaZ wrote: Sun May 27, 2018 8:34 pm If you are too lazy to read, then jump in to extensions in development forum => Privacy Policy.
Not lazy I have a life and too busy to read 29 pages unlike certain individuals.
User avatar
TheButcher2
Registered User
Posts: 1030
Joined: Tue May 13, 2014 11:38 pm
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by TheButcher2 »

david63 wrote: Sun May 27, 2018 8:39 pm
TheButcher2 wrote: Sun May 27, 2018 8:27 pm okay this is one long arse topic so gfar, what is it you suggest we add to a phpbb forum to comply.
I am guessing that you have not read all of this topic (can't blame you there) but the point is that it is up to each individual board owner to make the necessary choices as to what needs to be done to comply not only with GDPR but all other relevant laws/regulations that are relevant in their own country.
cheers mate
User avatar
tojag
Registered User
Posts: 422
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by tojag »

hugomez wrote: Fri May 25, 2018 10:12 am ...
Should I also send an message to all the members of my forum about New Privacy statement?, Any recommendation of what to do? and the last things, Is there any template that can we all (phpbb forum administrators) use?
...
They send information because they changed their privacy policy. They changed their privacy policy because GDPR requires disclosure of certain information in it: who is the administrator, what data you collect, what you are doing with them, etc. In order to be compatible with GDPR, you should have this information in your statement. I have not found a requirement to inform about it now, but decency requires that we tell users when we change something. So if you change the content of the privacy policy, it would be nice to find out about it. That's why everyone sends it. Sometimes, however, it may be a change in the terms of the contract.
Regards
andrewilley
Registered User
Posts: 114
Joined: Fri Sep 12, 2008 7:28 pm
Location: Birmingham UK
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by andrewilley »

LaxSlash1993 wrote: Sun May 27, 2018 1:37 pm Had two GDPR requests, one for access and one for erasure. Denied them both with a link to the US Declaration of Independence.
I would love to hear the reaction (if any). That wouldn't work so well for me though, as although my site is hosted in the USA, and only about US subject matter, I happen to live in the UK.

So far, for any access requests I plan to point people to their UCP links, which shows them all of their own posts (which they can edit if they wish), plus all of their PMs and profile info (again, which they can freely adjust). So nothing is hidden or concealed there.

For account deletion, I've already provided an option for users to do it themselves via a UCP extension (however any existing posts are retained under a "Deleted User" name). My only concern there is that other users may already have quoted one of their posts, which would have embedded their old username in text form into the reply, and I can't see any way to automate fixing that. However people (including the Eurocrats) really do need to understand that once something is posted on the public internet, that content could have been copied anywhere without the original poster's consent. There are two separate references to this in my Privacy Policy:
  • Your invented username, along with any public forum messages and Profile information that you personally and freely choose to share, will immediately be made visible to all users and guests as that is the whole point of a public forum. Remember that any such publicly published content could be copied or quoted anywhere, by anyone, with or without your further consent.
  • If you subsequently decide you want to permanently remove your entire user account, and all your personal details, please use the [Delete My Account] facility. Any public content which you might have already posted in the forums will remain visible to other users for archival and continuity of thread purposes, however the posts will become anonymised and attributed to “Deleted User NNNN”. Note: After your account has been deleted you will no longer have any way to modify these now-anonymised posts, so please review and/or edit your existing posts via your [User Contro Panel] before deleting your account.
I have included part of that second point in the "Delete My Account" warning prompt too, so there's no way someone can whinge about it afterwards:
You can use this form to delete your user account, which will permanently remove your username, email address, password, profile information and private messages from our system.

Any public posts which you may have made in these forums will remain visible to other users for archival and continuity of thread purposes, but they will be anonymised and attributed to “Deleted User NNNN”. Please perform any desired edits or changes BEFORE continuing as it will not be possible for you to modify your old posts once they have been anonymised. (You can review all of your public posts using the Overview tab)
Andre
--- Admin of www.portorleans.org
User avatar
tojag
Registered User
Posts: 422
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by tojag »

andrewilley wrote: Mon May 28, 2018 10:47 am So far, for any access requests I plan to point people to their UCP links, which shows them all of their own posts (which they can edit if they wish), plus all of their PMs and profile info (again, which they can freely adjust). So nothing is hidden or concealed there.
Do you really allow editing? This can only change the public conversation :)
You can offend someone and get offended or insulted at any time in the old post.
You can delete all posts by typing vh8w4hhf9jf40j9 or whatever.
andrewilley wrote: Mon May 28, 2018 10:47 am My only concern there is that other users may already have quoted one of their posts, which would have embedded their old username in text form into the reply, and I can't see any way to automate fixing that.
You do not have to worry about that. GDPR does not limit fundamental rights, including freedom of expression. That is how it is written. If something is in the public domain or it was, it can be quoted with the right quote.
andrewilley wrote: Mon May 28, 2018 10:47 am Any public posts which you may have made in these forums will remain visible to other users for archival and continuity of thread purposes, but they will be anonymised and attributed to “Deleted User NNNN”.
But this is not anonymisation, it is an identifier that allows to separate all posts of that user. This is pseudonymisation. GDPR says that you can pseudonymize if it is impossible to separate data and create a personal profile from them. This is written in GDPR.
If there is a name in the content of a post, you will separate all posts and bring it to that name. And if there will be an address, name, email?
Anonymisation is "Deleted user" and not "Deleted user NNN".
Post Reply

Return to “phpBB Discussion”