New GDPR (General Data Protection Regulation) and phpBB

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Anti-Spam Guide
User avatar
tojag
Registered User
Posts: 422
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by tojag »

Tlem You are wrong and very much. You as a forum owner provide you with a service. You are responsible for fulfilling the GDPR requirements. For forum users, writing on it can be a hobby, for you it is an activity subject to GDPR.
I see that you do not understand GDPR completely. You are extracting fragments detached from the whole. At any place, GDPR does not treat IP, for example, differently from other data described in the definition. At any place, GDPR does not treat private and public personal data. In both cases, these are personal data and are protected by law.
GDPR requires the right to be forgotten, this also applies to the archives of databases. It is currently one of the biggest technical problems - archives may require older versions of systems. Read what troubles big companies have in this area.
GDPR does not require anything from the person whose data it processes, it requires everything from you. You must show relevant information, collect consent, provide rights, etc. The user does not have to either remember their posts or browse them and look for what was in them. GDPR transfers this to the administrator. Admin is responsible for providing information to the user if he is in charge and asks what data he has. Admin must delete or anonymize this data. Not a user.
The only thing I'm hoping for is that really run out of resources and time to check everyone.
Good night :)
User avatar
tlem
Registered User
Posts: 166
Joined: Sun Jan 24, 2016 4:47 pm
Location: Bordeaux (France)
Name: Thierry
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by tlem »

This is your point of view.
Mine and that of many others is different and obviously you will not change your mind.

Personally, everything on my forums is voluntary, without ads and I do not sell or transmit any information to anyone. The only income is donations made by some members once or twice a year and to be quite honest Article 6 and 7 of the GDPR allows me to sleep soundly. :roll:

So wait and see.
User avatar
Lumpy Burgertushie
Registered User
Posts: 69223
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by Lumpy Burgertushie »

tojag wrote: Sat May 19, 2018 9:57 pm Tlem You are wrong and very much. You as a forum owner provide you with a service. You are responsible for fulfilling the GDPR requirements. For forum users, writing on it can be a hobby, for you it is an activity subject to GDPR.
I see that you do not understand GDPR completely. You are extracting fragments detached from the whole. At any place, GDPR does not treat IP, for example, differently from other data described in the definition. At any place, GDPR does not treat private and public personal data. In both cases, these are personal data and are protected by law.
GDPR requires the right to be forgotten, this also applies to the archives of databases. It is currently one of the biggest technical problems - archives may require older versions of systems. Read what troubles big companies have in this area.
GDPR does not require anything from the person whose data it processes, it requires everything from you. You must show relevant information, collect consent, provide rights, etc. The user does not have to either remember their posts or browse them and look for what was in them. GDPR transfers this to the administrator. Admin is responsible for providing information to the user if he is in charge and asks what data he has. Admin must delete or anonymize this data. Not a user.
The only thing I'm hoping for is that really run out of resources and time to check everyone.
Good night :)
why is your opinion about what the DGPR requires any more likely to be the truth that any of the other people who have posted in this topic?

I would bet that even the people who wrote this pile of crap don't really know exactly what it all means.

remember, whatever you think it all means is just your opinion based on your understanding of it. that is also true of everyone else here.

it is all opinions because there is nothing absolutely clear about any part of it that I have read here in this topic.

robert
Premium phpBB 3.3 Styles by PlanetStyles.net

I am pleased to announce that I have completed the first item on my bucket list. I have the bucket.
User avatar
Lumpy Burgertushie
Registered User
Posts: 69223
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: GDPR - non-profit club website

Post by Lumpy Burgertushie »

Angoid wrote: Sat May 19, 2018 9:24 pmAlthough we charge for club membership, we are not a profit-making organisation
If the UK is no longer a part of the EU then I doubt that it applies to them any more than it would to the US or any other country.

however, it will certainly all be fought out in court eventually. probably by finding the new law unlawful to begin with.

just go on about your life with your board and don't worry about it so much.
"they" are not going to come along and take away your birthday because you are in some minor infraction of a law that nobody really understands anyway.


robert
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26456
Joined: Fri Aug 29, 2008 9:49 am

Re: GDPR - non-profit club website

Post by Mick »

Angoid wrote: Sat May 19, 2018 9:24 pmAlthough we charge for club membership, we are not a profit-making organisation
If you go to the ICO website there’s a simple survey you can follow.
  • "The more connected we get the more alone we become" - Kyle Broflovski©
  • "The good news is hell is just the product of a morbid human imagination.
    The bad news is, whatever humans can imagine, they can usually create.
    " - Harmony Cobel
User avatar
david63
Registered User
Posts: 20646
Joined: Thu Dec 19, 2002 8:08 am

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by david63 »

Lumpy Burgertushie wrote: Sun May 20, 2018 12:25 am If the UK is no longer a part of the EU then I doubt that it applies to them any more than it would to the US or any other country.
The UK is still in the EU and even when we leave all EU law will be made into UK law so GDPR will still apply.
David
Remember: You only know what you know and - you don't know what you don't know!

I now no longer support any of my extensions but they will start to become available here
User avatar
tojag
Registered User
Posts: 422
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by tojag »

Lumpy Burgertushie wrote: Sun May 20, 2018 12:20 am why is your opinion about what the DGPR requires any more likely to be the truth that any of the other people who have posted in this topic?
A few years ago when I wrote here that IP and email are personal data, everyone here had a different opinion because they probably did not read the regulations.
Now no one denies it.
I would like to read here from some people "I'm sorry, you were right" :lol: :lol: :lol:
I really would like to be wrong, unfortunately my interpretations of the law are usually correct.
That's why I will stay with anonymisation. Maybe it will protect me in the case of control.
User avatar
david63
Registered User
Posts: 20646
Joined: Thu Dec 19, 2002 8:08 am

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by david63 »

I would still contend that currently for the majority of users an IP address is not personal data, but I do accept that it is defined as such in the regulations.
  • How can an IP address be personal when I can have it one day, somebody else tomorrow and somebody else the day after?
  • How can an IP address be personal when everyone in the house uses the same IP address?
  • How can an IP address be personal when it is used from, say, an office where there are possibly hundreds of users?
  • How can an IP address be personal when it is accessed via a mobile gateway?
This part of the regulation is aimed at static IP addresses and until such time as IPv6 is rolled out (if ever!) then the vast mojority of users worldwide are using dynamic IP address.
David
Remember: You only know what you know and - you don't know what you don't know!

I now no longer support any of my extensions but they will start to become available here
User avatar
tojag
Registered User
Posts: 422
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by tojag »

David, but it does not matter our perception of this. With many laws, people do not agree, but they must respect them. In particular, specialists in a given field see this field differently than other ordinary people. GDPR has been created to protect people who do not necessarily know what is happening with their personal data. I think that the intention was to deal with large companies and institutions, but it also came in small and we have to submit to it :(
CHItA
Development Team Member
Development Team Member
Posts: 166
Joined: Sat Dec 06, 2008 10:27 pm
Location: London, UK

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by CHItA »

tojag wrote: Sun May 20, 2018 8:36 am David, but it does not matter our perception of this. With many laws, people do not agree, but they must respect them. In particular, specialists in a given field see this field differently than other ordinary people. GDPR has been created to protect people who do not necessarily know what is happening with their personal data. I think that the intention was to deal with large companies and institutions, but it also came in small and we have to submit to it :(
GDPR doesn't differentiate between personal data that is made public or handled invisibly to the user (except in some minor ways like if a user puts his "sensitive" personal data in a post, so makes it explicitly public then you can "process" it, which otherwise would be forbidden). And GDPR considers everything personal data that could be used as a part of the puzzle to identify you. So while IP addresses don't really identify anyone, it could be the case that if you have other data, you could use that with the IP address to identify someone. Is this dumb? Maybe, but that is what is in the regulation.
tojag wrote: Sun May 20, 2018 7:52 am I really would like to be wrong, unfortunately my interpretations of the law are usually correct.
Your interpretation is correct to the extent that what you seem to want to do would comply with GDPR. However, you definitely do not need consent for all personal to be collected/processed (which you seem to think) as that is just one of many lawful basis for collecting and processing personal data.
User avatar
tlem
Registered User
Posts: 166
Joined: Sun Jan 24, 2016 4:47 pm
Location: Bordeaux (France)
Name: Thierry
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by tlem »

Hi tojag, I have some questions to ask you?

- Is your forum a professional, political, or associative forum?
- Do you collect information other than that collected by your phpBB forum?
- Do you market the information collected by your forum such as email addresses, IP addresses, personal information indicated by your members, etc ...
- Do you know the CNIL (National Commission of Computing and Freedoms), and do you credit what is issued by it?
- Can you read French documents?
User avatar
tojag
Registered User
Posts: 422
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by tojag »

CHItA wrote: Sun May 20, 2018 9:01 am GDPR doesn't differentiate between personal data that is made public or handled invisibly to the user (except in some minor ways like if a user puts his "sensitive" personal data in a post, so makes it explicitly public then you can "process" it, which otherwise would be forbidden). And GDPR considers everything personal data that could be used as a part of the puzzle to identify you. So while IP addresses don't really identify anyone, it could be the case that if you have other data, you could use that with the IP address to identify someone. Is this dumb? Maybe, but that is what is in the regulation.
That's what I constantly say :) Thanks for understanding this too. This is the definition of personal data in GDPR but probably not everyone understands it. Public or private it is no difference.
tlem wrote: Sun May 20, 2018 2:03 pm Hi tojag, I have some questions to ask you?

- Is your forum a professional, political, or associative forum?
- Do you collect information other than that collected by your phpBB forum?
- Do you market the information collected by your forum such as email addresses, IP addresses, personal information indicated by your members, etc ...
- Do you know the CNIL (National Commission of Computing and Freedoms), and do you credit what is issued by it?
- Can you read French documents?
No, I've read the GDPR in the original.
I created this topic to ask a few key questions. Read the first post. Most have been resolved, but question 3 remained: "Will it be able to keep posts after the user opt out of the forum?"
You seem to have forgotten what I was asking for, or completely going in another direction. My question remains open.
Your questions does not make sense in this context because we are all subject to this law.
Remember also that the existing law 95/46/EU applies for a week. The network is full of documents relating to the current (old) law. There are also many of them on the websites of the national supervisory authorities. Check if what you read concerns GDPR or current (old) law because now the interpretations are different.
CHItA
Development Team Member
Development Team Member
Posts: 166
Joined: Sat Dec 06, 2008 10:27 pm
Location: London, UK

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by CHItA »

tojag wrote: Sun May 20, 2018 2:35 pm "Will it be able to keep posts after the user opt out of the forum?"
This was also already answered. Don't process them based on consent and then you don't have to (except on a case by case basis if the author requests it and the request is reasonable). If you process them based on consent then you probably have to remove the personal data from the posts and probably from quotes, replies, whatever else.

Also, please try to keep this a civilized discussion.
User avatar
tojag
Registered User
Posts: 422
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by tojag »

OK. In that case, my issues have been resolved.
Thank you all for participating in the discussion.

Since the set of questions from the first post has been exhausted, please close the thread.
User avatar
Kailey
Community Team Leader
Community Team Leader
Posts: 3726
Joined: Mon Sep 01, 2014 1:00 am
Location: sudo rm -rf /
Name: Kailey Snay
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by Kailey »

We don't close topics just because it was requested. Everyone is welcome to share their thoughts/ideas on the new law. As long as the discussion remains civilized, there's no need to put a lock on it. ;)
Kailey Snay - Community Team Leader
Knowledge Base | Documentation | Community rules

If you have any questions about the rules/customs of this website, feel free to send me a PM.
Post Reply

Return to “phpBB Discussion”