New GDPR (General Data Protection Regulation) and phpBB

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Get Involved
User avatar
tojag
Registered User
Posts: 336
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by tojag » Sat May 19, 2018 9:57 pm

Tlem You are wrong and very much. You as a forum owner provide you with a service. You are responsible for fulfilling the GDPR requirements. For forum users, writing on it can be a hobby, for you it is an activity subject to GDPR.
I see that you do not understand GDPR completely. You are extracting fragments detached from the whole. At any place, GDPR does not treat IP, for example, differently from other data described in the definition. At any place, GDPR does not treat private and public personal data. In both cases, these are personal data and are protected by law.
GDPR requires the right to be forgotten, this also applies to the archives of databases. It is currently one of the biggest technical problems - archives may require older versions of systems. Read what troubles big companies have in this area.
GDPR does not require anything from the person whose data it processes, it requires everything from you. You must show relevant information, collect consent, provide rights, etc. The user does not have to either remember their posts or browse them and look for what was in them. GDPR transfers this to the administrator. Admin is responsible for providing information to the user if he is in charge and asks what data he has. Admin must delete or anonymize this data. Not a user.
The only thing I'm hoping for is that really run out of resources and time to check everyone.
Good night :)

User avatar
tlem
Registered User
Posts: 74
Joined: Sun Jan 24, 2016 4:47 pm
Location: France
Name: Thierry
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by tlem » Sun May 20, 2018 12:05 am

This is your point of view.
Mine and that of many others is different and obviously you will not change your mind.

Personally, everything on my forums is voluntary, without ads and I do not sell or transmit any information to anyone. The only income is donations made by some members once or twice a year and to be quite honest Article 6 and 7 of the GDPR allows me to sleep soundly. :roll:

So wait and see.

User avatar
Lumpy Burgertushie
Registered User
Posts: 65031
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by Lumpy Burgertushie » Sun May 20, 2018 12:20 am

tojag wrote:
Sat May 19, 2018 9:57 pm
Tlem You are wrong and very much. You as a forum owner provide you with a service. You are responsible for fulfilling the GDPR requirements. For forum users, writing on it can be a hobby, for you it is an activity subject to GDPR.
I see that you do not understand GDPR completely. You are extracting fragments detached from the whole. At any place, GDPR does not treat IP, for example, differently from other data described in the definition. At any place, GDPR does not treat private and public personal data. In both cases, these are personal data and are protected by law.
GDPR requires the right to be forgotten, this also applies to the archives of databases. It is currently one of the biggest technical problems - archives may require older versions of systems. Read what troubles big companies have in this area.
GDPR does not require anything from the person whose data it processes, it requires everything from you. You must show relevant information, collect consent, provide rights, etc. The user does not have to either remember their posts or browse them and look for what was in them. GDPR transfers this to the administrator. Admin is responsible for providing information to the user if he is in charge and asks what data he has. Admin must delete or anonymize this data. Not a user.
The only thing I'm hoping for is that really run out of resources and time to check everyone.
Good night :)
why is your opinion about what the DGPR requires any more likely to be the truth that any of the other people who have posted in this topic?

I would bet that even the people who wrote this pile of crap don't really know exactly what it all means.

remember, whatever you think it all means is just your opinion based on your understanding of it. that is also true of everyone else here.

it is all opinions because there is nothing absolutely clear about any part of it that I have read here in this topic.

robert
I am available for custom work on a donation basis. Please send me a PM with your needs.

Premium phpBB 3.2 Styles by PlanetStyles.net

OK, so what's the speed of dark?

User avatar
Lumpy Burgertushie
Registered User
Posts: 65031
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: GDPR - non-profit club website

Post by Lumpy Burgertushie » Sun May 20, 2018 12:25 am

Angoid wrote:
Sat May 19, 2018 9:24 pm
Although we charge for club membership, we are not a profit-making organisation
If the UK is no longer a part of the EU then I doubt that it applies to them any more than it would to the US or any other country.

however, it will certainly all be fought out in court eventually. probably by finding the new law unlawful to begin with.

just go on about your life with your board and don't worry about it so much.
"they" are not going to come along and take away your birthday because you are in some minor infraction of a law that nobody really understands anyway.


robert

User avatar
Mick
Support Team Member
Support Team Member
Posts: 20121
Joined: Fri Aug 29, 2008 9:49 am
Location: Cardiff

Re: GDPR - non-profit club website

Post by Mick » Sun May 20, 2018 7:20 am

Angoid wrote:
Sat May 19, 2018 9:24 pm
Although we charge for club membership, we are not a profit-making organisation
If you go to the ICO website there’s a simple survey you can follow.
"The more connected we get the more alone we become" - Kyle Broflovski

There are no ‘threads’ in phpBB, they are topics.

User avatar
david63
Jr. Extension Validator
Posts: 14729
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Name: David Wood
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by david63 » Sun May 20, 2018 7:35 am

Lumpy Burgertushie wrote:
Sun May 20, 2018 12:25 am
If the UK is no longer a part of the EU then I doubt that it applies to them any more than it would to the US or any other country.
The UK is still in the EU and even when we leave all EU law will be made into UK law so GDPR will still apply.
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored

User avatar
tojag
Registered User
Posts: 336
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by tojag » Sun May 20, 2018 7:52 am

Lumpy Burgertushie wrote:
Sun May 20, 2018 12:20 am
why is your opinion about what the DGPR requires any more likely to be the truth that any of the other people who have posted in this topic?
A few years ago when I wrote here that IP and email are personal data, everyone here had a different opinion because they probably did not read the regulations.
Now no one denies it.
I would like to read here from some people "I'm sorry, you were right" :lol: :lol: :lol:
I really would like to be wrong, unfortunately my interpretations of the law are usually correct.
That's why I will stay with anonymisation. Maybe it will protect me in the case of control.

User avatar
david63
Jr. Extension Validator
Posts: 14729
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Name: David Wood
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by david63 » Sun May 20, 2018 8:21 am

I would still contend that currently for the majority of users an IP address is not personal data, but I do accept that it is defined as such in the regulations.
  • How can an IP address be personal when I can have it one day, somebody else tomorrow and somebody else the day after?
  • How can an IP address be personal when everyone in the house uses the same IP address?
  • How can an IP address be personal when it is used from, say, an office where there are possibly hundreds of users?
  • How can an IP address be personal when it is accessed via a mobile gateway?
This part of the regulation is aimed at static IP addresses and until such time as IPv6 is rolled out (if ever!) then the vast mojority of users worldwide are using dynamic IP address.
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored

User avatar
tojag
Registered User
Posts: 336
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by tojag » Sun May 20, 2018 8:36 am

David, but it does not matter our perception of this. With many laws, people do not agree, but they must respect them. In particular, specialists in a given field see this field differently than other ordinary people. GDPR has been created to protect people who do not necessarily know what is happening with their personal data. I think that the intention was to deal with large companies and institutions, but it also came in small and we have to submit to it :(

CHItA
Development Team Member
Development Team Member
Posts: 146
Joined: Sat Dec 06, 2008 10:27 pm
Location: Budapest, Hungary

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by CHItA » Sun May 20, 2018 9:01 am

tojag wrote:
Sun May 20, 2018 8:36 am
David, but it does not matter our perception of this. With many laws, people do not agree, but they must respect them. In particular, specialists in a given field see this field differently than other ordinary people. GDPR has been created to protect people who do not necessarily know what is happening with their personal data. I think that the intention was to deal with large companies and institutions, but it also came in small and we have to submit to it :(
GDPR doesn't differentiate between personal data that is made public or handled invisibly to the user (except in some minor ways like if a user puts his "sensitive" personal data in a post, so makes it explicitly public then you can "process" it, which otherwise would be forbidden). And GDPR considers everything personal data that could be used as a part of the puzzle to identify you. So while IP addresses don't really identify anyone, it could be the case that if you have other data, you could use that with the IP address to identify someone. Is this dumb? Maybe, but that is what is in the regulation.
tojag wrote:
Sun May 20, 2018 7:52 am
I really would like to be wrong, unfortunately my interpretations of the law are usually correct.
Your interpretation is correct to the extent that what you seem to want to do would comply with GDPR. However, you definitely do not need consent for all personal to be collected/processed (which you seem to think) as that is just one of many lawful basis for collecting and processing personal data.

User avatar
tlem
Registered User
Posts: 74
Joined: Sun Jan 24, 2016 4:47 pm
Location: France
Name: Thierry
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by tlem » Sun May 20, 2018 2:03 pm

Hi tojag, I have some questions to ask you?

- Is your forum a professional, political, or associative forum?
- Do you collect information other than that collected by your phpBB forum?
- Do you market the information collected by your forum such as email addresses, IP addresses, personal information indicated by your members, etc ...
- Do you know the CNIL (National Commission of Computing and Freedoms), and do you credit what is issued by it?
- Can you read French documents?

User avatar
tojag
Registered User
Posts: 336
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by tojag » Sun May 20, 2018 2:35 pm

CHItA wrote:
Sun May 20, 2018 9:01 am
GDPR doesn't differentiate between personal data that is made public or handled invisibly to the user (except in some minor ways like if a user puts his "sensitive" personal data in a post, so makes it explicitly public then you can "process" it, which otherwise would be forbidden). And GDPR considers everything personal data that could be used as a part of the puzzle to identify you. So while IP addresses don't really identify anyone, it could be the case that if you have other data, you could use that with the IP address to identify someone. Is this dumb? Maybe, but that is what is in the regulation.
That's what I constantly say :) Thanks for understanding this too. This is the definition of personal data in GDPR but probably not everyone understands it. Public or private it is no difference.
tlem wrote:
Sun May 20, 2018 2:03 pm
Hi tojag, I have some questions to ask you?

- Is your forum a professional, political, or associative forum?
- Do you collect information other than that collected by your phpBB forum?
- Do you market the information collected by your forum such as email addresses, IP addresses, personal information indicated by your members, etc ...
- Do you know the CNIL (National Commission of Computing and Freedoms), and do you credit what is issued by it?
- Can you read French documents?
No, I've read the GDPR in the original.
I created this topic to ask a few key questions. Read the first post. Most have been resolved, but question 3 remained: "Will it be able to keep posts after the user opt out of the forum?"
You seem to have forgotten what I was asking for, or completely going in another direction. My question remains open.
Your questions does not make sense in this context because we are all subject to this law.
Remember also that the existing law 95/46/EU applies for a week. The network is full of documents relating to the current (old) law. There are also many of them on the websites of the national supervisory authorities. Check if what you read concerns GDPR or current (old) law because now the interpretations are different.

CHItA
Development Team Member
Development Team Member
Posts: 146
Joined: Sat Dec 06, 2008 10:27 pm
Location: Budapest, Hungary

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by CHItA » Sun May 20, 2018 2:44 pm

tojag wrote:
Sun May 20, 2018 2:35 pm
"Will it be able to keep posts after the user opt out of the forum?"
This was also already answered. Don't process them based on consent and then you don't have to (except on a case by case basis if the author requests it and the request is reasonable). If you process them based on consent then you probably have to remove the personal data from the posts and probably from quotes, replies, whatever else.

Also, please try to keep this a civilized discussion.

User avatar
tojag
Registered User
Posts: 336
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by tojag » Sun May 20, 2018 3:59 pm

OK. In that case, my issues have been resolved.
Thank you all for participating in the discussion.

Since the set of questions from the first post has been exhausted, please close the thread.

User avatar
kinerity
Community Team Member
Community Team Member
Posts: 1888
Joined: Mon Sep 01, 2014 1:00 am
Location: sudo rm -rf /
Name: Kailey Truscott
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by kinerity » Sun May 20, 2018 4:02 pm

We don't close topics just because it was requested. Everyone is welcome to share their thoughts/ideas on the new law. As long as the discussion remains civilized, there's no need to put a lock on it. ;)
Kailey Truscott - Community Team

Post Reply

Return to “phpBB Discussion”

Who is online

Users browsing this forum: Google [Bot], rocky1983 and 30 guests