rajpb wrote: ↑Tue May 08, 2018 5:22 am
CHItA wrote: ↑Sun May 06, 2018 7:32 pm
Yeah, and nobody will comply with GDPR that doesn't do business in the EU and the EU cannot do anything about it (just apply the same logic if the US would try to force a speeding ticket on you because you drove 130 in Poland on the highway or 200 in Germany). Probably that is why.
Well, EU can't force You to apply GDPR in phpbb. But it can force EU citizens to not use programs which have no GDPR applications. So if You don't apply GDPR it is possible that all phpbb forums in EU will be closed.
What you quoted was in relation to phpbb.com as the original question was about that if I understood correctly.
On another note, it seems to me that many of you take offense whenever someone points out that GDPR is somewhat stupid or non-applicable in some cases. It is completely fine and I agree that it is important that our users can comply with legal requirements, however, it seems to me that many of you also believe that this regulation is for bullying everyone which is just ridiculous.
Lastly, on the topic of deleting or not deleting posts: GDPR 9/2/e) allows processing of any personal data of the super sensitive type if it was explicitly made public by the data subject. So along with the fact that you and or a third party might have legitimate interest in keeping the posts (6/1/f), you can keep usernames as well.
And now, let
ICO explain it even better:
You may prefer to consider legitimate interests as your lawful basis if you wish to keep control over the processing and take responsibility for demonstrating that it is in line with people’s reasonable expectations and wouldn’t have an unwarranted impact on them. On the other hand, if you prefer to give individuals full control over and responsibility for their data (including the ability to change their mind as to whether it can continue to be processed), you may want to consider relying on individuals’ consent.
Now, probably this is about as reasonable as any of the previous analysis of GDPR before. I'm not a lawyer, you're not lawyers, so let's chill out a bit. The functionality proposed in the extensions is more then enough on the technical side of things for anyone to comply with GDPR. In my personal opinion you can keep usernames if you remove all other data, as after that nobody can ever prove that the CHItA on your african snail forum is me or not thus it is not a personal identifier in anyways anymore.