New GDPR (General Data Protection Regulation) and phpBB

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Suggested Hosts
User avatar
KaileyT
Community Team Member
Community Team Member
Posts: 2860
Joined: Mon Sep 01, 2014 1:00 am
Location: sudo rm -rf /
Name: Kailey Truscott
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by KaileyT »

maxrpg wrote:
Sat Apr 07, 2018 4:44 pm
phpBB should have an option in ACP where when we go to remove/delete a users account and retain their posts, to also change those posts username to anonymous, scramble the IP logs for those posts etc.

We should be covered legally if we kept a users posts in that way as they no longer contain any personal/identifiable information?
I actually like this idea (not because of GDPR). The only question I have would how would you handle posts where another user quoted the first user?
Kailey Truscott - Community Team
User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 5032
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by HiFiKabin »

kinerity wrote:
Sat Apr 07, 2018 9:41 pm
maxrpg wrote:
Sat Apr 07, 2018 4:44 pm
phpBB should have an option in ACP where when we go to remove/delete a users account and retain their posts, to also change those posts username to anonymous, scramble the IP logs for those posts etc.

We should be covered legally if we kept a users posts in that way as they no longer contain any personal/identifiable information?
I actually like this idea (not because of GDPR). The only question I have would how would you handle posts where another user quoted the first user?
And therein lies the biggest problem with GDPR and its 'privacy' Once a post is posted it exists, the same as once a book is published it also exists. People can read it, quote it, archive it. It can not 'not exist' any more.

As I have said many many times, if someone posts 'personal identifiable information' that is their decision based on the fact that all of the previous applies (ie quote and archive) Any information that the FORUM collects about you is a different matter. Your post was not collected by the forum, but willingly placed in the public arena.
User avatar
Scanialady
Registered User
Posts: 360
Joined: Thu Jan 17, 2013 7:09 pm
Location: Germany
Name: Annette
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by Scanialady »

HiFiKabin wrote:
Sun Apr 08, 2018 9:42 am

And therein lies the biggest problem with GDPR and its 'privacy' Once a post is posted it exists, the same as once a book is published it also exists. People can read it, quote it, archive it. It can not 'not exist' any more.

As I have said many many times, if someone posts 'personal identifiable information' that is their decision based on the fact that all of the previous applies (ie quote and archive) Any information that the FORUM collects about you is a different matter. Your post was not collected by the forum, but willingly placed in the public arena.
That does not stop you from demanding "to be forgotten". Even on Google and Facebook. And it works. If I google myself I see not 1% of data I have seen some years before.

https://gdpr-info.eu/art-17-gdpr/
https://en.wikipedia.org/wiki/Right_to_be_forgotten
Webseite, Blog, Wiki Deutsche Übersetzungen - german language files
My 2 cents: Whether an extension is in the CDB says nothing about its quality. It is more important to read the support topics for it. Better to avoid authors who do not answer support questions themselves, who do not update their stuff, and who do not fix bugs for years.
User avatar
Crizzo
Translations & International Support Teams Manager
Translations & International Support Teams Manager
Posts: 1309
Joined: Thu Apr 23, 2009 1:20 pm
Location: Stuttgart, Germany
Name: Christian
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by Crizzo »

What is with the VigLink thingy? :?
My extensions for phpBB: crizzo.de
German phpBB Support at www.phpbb.de
User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 5032
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by HiFiKabin »

Scanialady wrote:
Sun Apr 08, 2018 11:56 am
HiFiKabin wrote:
Sun Apr 08, 2018 9:42 am

And therein lies the biggest problem with GDPR and its 'privacy' Once a post is posted it exists, the same as once a book is published it also exists. People can read it, quote it, archive it. It can not 'not exist' any more.

As I have said many many times, if someone posts 'personal identifiable information' that is their decision based on the fact that all of the previous applies (ie quote and archive) Any information that the FORUM collects about you is a different matter. Your post was not collected by the forum, but willingly placed in the public arena.
That does not stop you from demanding "to be forgotten". Even on Google and Facebook. And it works. If I google myself I see not 1% of data I have seen some years before.

https://gdpr-info.eu/art-17-gdpr/
https://en.wikipedia.org/wiki/Right_to_be_forgotten
You also have a 'right to archive' which obviously includes forum discussions that will cease to make sense shoud certain post(s) be removed.
User avatar
GanstaZ
Registered User
Posts: 804
Joined: Wed Oct 11, 2017 10:29 pm
Location: Zverse

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by GanstaZ »

The moment someone wishes to be forgotten, one can not succeed it fully, memory (human) remains! How will you erase that? FB this, FB that, what is with this FB? As written in privacy module on FB, they can't delete everything related to the user. I see it like this, if one wants to deactivate his/her account, then fine, move that username to a robots group or something like that, no link no data just like anonymous. Let's look at wikipedia or at any dictionary, do you really think they worry about posts? They contribute to humanity, it's not personal, nothing to do with gdpr. Seems people don't understand new points in gdpr. Search for a human friendly lawyer answers about gdpr and maybe you can relax better, or re-read it as many times, as needed.
"When answer lies in the question,.. question becomes redundant!"
User avatar
tojag
Registered User
Posts: 409
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by tojag »

AmigoJack wrote:
Fri May 12, 2017 8:50 am
tojag wrote:
Fri May 12, 2017 8:21 am
change the authors of such posts to "Anonymous"
That's not yet possible - you could delete an account and retain the posts, which means the posts will only have a textual username and no author ID anymore - afterwards you'd have to do i.e. this:

Code: Select all

UPDATE phpbb_posts 
   SET post_username= '' 
 WHERE post_username='name of deleted account';
I had >32k posts of deleted users. I did it like that

Code: Select all

UPDATE `phpbb_posts`
SET `post_username`='Anonymous'
WHERE `poster_id`=1
And I did it this because on forum and topic list remains original username

Code: Select all

UPDATE `phpbb_topics`
SET `topic_last_poster_name`='Anonymous'
WHERE `topic_last_poster_id`=1

UPDATE `phpbb_topics`
SET `topic_first_poster_name`='Anonymous'
WHERE `topic_poster`=1
Maybe somewhere else?

At now, when I delete user account, first I rename his name to Anonymous and next delete it.
User avatar
3Di
Former Team Member
Posts: 16053
Joined: Mon Apr 04, 2005 11:09 pm
Location: Milano 🇮🇹 - Frankfurt 🇩🇪
Name: Marco
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by 3Di »

Crizzo wrote:
Sun Apr 08, 2018 12:08 pm
What is with the VigLink thingy? :?
That's a very good Q.
🆓 Free support for our extensions also provided here: phpBB Studio
🚀 Looking for a specific feature or alternative option? We will rock you!
Please PM me only to request paid works. Thx. Want to compensate me for my interest? Donate
My development's activity º PhpStorm's proud user º Extensions, Scripts, MOD porting, Update/Upgrades
zorni
Registered User
Posts: 119
Joined: Mon Mar 23, 2009 10:29 pm
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by zorni »

At least it must have a place in the privacy policy of the forum. It must be described what these links do. A link to the privacy policy of the provider is also recommended.
The same applies to the emojis integrated externally by phpBB.

Another thing is that forms in the GPDR must have a checkbox. This checkbox must not be "pre-marked" and have to refer to the privacy policy of the forum. At least the contact admin form would be affected here.

An example for embedded youtube videos would be like:
Data protection provisions about the application and use of YouTube
On this website, the controller has integrated components of YouTube. YouTube is an Internet video portal that enables video publishers to set video clips and other users free of charge, which also provides free viewing, review and commenting on them. YouTube allows you to publish all kinds of videos, so you can access both full movies and TV broadcasts, as well as music videos, trailers, and videos made by users via the Internet portal.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, UNITED STATES. The YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, UNITED STATES.

With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a YouTube component (YouTube video) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding YouTube component. Further information about YouTube may be obtained under https://www.youtube.com/yt/about/en/. During the course of this technical procedure, YouTube and Google gain knowledge of what specific sub-page of our website was visited by the data subject.

If the data subject is logged in on YouTube, YouTube recognizes with each call-up to a sub-page that contains a YouTube video, which specific sub-page of our Internet site was visited by the data subject. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.

YouTube and Google will receive information through the YouTube component that the data subject has visited our website, if the data subject at the time of the call to our website is logged in on YouTube; this occurs regardless of whether the person clicks on a YouTube video or not. If such a transmission of this information to YouTube and Google is not desirable for the data subject, the delivery may be prevented if the data subject logs off from their own YouTube account before a call-up to our website is made.

YouTube’s data protection provisions, available at https://www.google.com/intl/en/policies/privacy/, provide information about the collection, processing and use of personal data by YouTube and Google.
User avatar
AmigoJack
Registered User
Posts: 5799
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by AmigoJack »

tojag wrote:
Mon Apr 09, 2018 10:12 am
Maybe somewhere else?
Yes: if you go by database table column names like this (MySQL dialect)

Code: Select all

SELECT c.table_schema, c.table_name, c.column_name 
  FROM information_schema.columns c 
 WHERE c.column_name LIKE '%username%' 
    OR c.column_name LIKE '%poster_name%';
you'll also find these ones you have to take care of:
  • phpbb_disallow.disallow_username
  • phpbb_login_attempts.username
  • phpbb_login_attempts.username_clean
  • phpbb_moderator_cache.username
  • phpbb_topics.topic_first_poster_name
  • The worst thing about censorship is ███████████
  • "The problem is probably not my English but you do not want to understand correctly. ... We will not come anybody anyway, nevertheless, it's best to shit this." Affin, 2018-11-20
  • "But this shit is not here for you. You can follow with your. Maybe the question, instead, was for you, who know, so you shoved us how you are." axe70, 2020-10-10
User avatar
tojag
Registered User
Posts: 409
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by tojag »

Thanks AmigoJack. I need to clean all traces after deleted users.
And can you tell me that if I change the username, all of these occurrences change to new ones?

Zorni, I agree that it is required by GDPR to inform users who, what for, and where grab and stored data about users.
Is this text recommended or required by YT ?
I saw on many pages with comments by FB something simmilar to this.
zorni
Registered User
Posts: 119
Joined: Mon Mar 23, 2009 10:29 pm
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by zorni »

tojag wrote:
Mon Apr 09, 2018 12:19 pm
Zorni, I agree that it is required by GDPR to inform users who, what for, and where grab and stored data about users.
Is this text recommended or required by YT ?
I saw on many pages with comments by FB something simmilar to this.
It's a basic textblock as the most GDPR generators recommend it. Each "thing" which communicates with external providers/modules should have a block like this, which makes Exts like this: https://www.phpbb.com/customise/db/exte ... ediaembed/ really tricky. We deactivated it at the moment.
User avatar
tojag
Registered User
Posts: 409
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by tojag »

You have a pretty good privacy policy on Your forum. If you add information about data transferred to third parties (eg YT) it will be great.
What is missing is a specific entity that collects and processes personal data - an administrator. In this case, it is probably a hobby forum, but it does not exempt from the obligation to indicate a specific entity and its address. According to GDPR, information about the right to object should also be added and where you can file complaints about the action of the administrator - that is, the national data protection authority.

I also like the fact that you have a slightly wider than standard text of consent (but only in German) in the registration form. There is also information about the warranty. Is this a requirement of German law?

I am waiting when phpBB will solve these issues on this forum.
Last edited by tojag on Mon Apr 09, 2018 1:26 pm, edited 1 time in total.
User avatar
Mick
Support Team Member
Support Team Member
Posts: 22919
Joined: Fri Aug 29, 2008 9:49 am
Location: Watching cricket probably.

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by Mick »

tojag wrote:
Mon Apr 09, 2018 1:12 pm
I am waiting when phpBB will solve these issues on this forum
You should write an idea, you can link back to this topic. At least you will get a feel if people want this added to the core or not.

(This is assuming it’s not been done already of course)
"The more connected we get the more alone we become" - Kyle Broflovski©
zorni
Registered User
Posts: 119
Joined: Mon Mar 23, 2009 10:29 pm
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by zorni »

German data protection laws are harder than in most other countrys, and in the past we already had trouble with a state data protection officer. This officer told me, that the basic privacy policy delivered by phpBB is invalid by german law (before GDPR). That's why we made those hard changes. I gave all infos to phpBB(de), to make sure that they know, that the current privacy policy could be a problem - but they didn't care.

The only external things atm are those hardcoded Emoji thing from phpBB itself see: viewtopic.php?f=496&t=2467271 and Open Street Maps API. I'll work for special blocks for both issues. We stopped embeding third party content and login with social media and social buttons etc.

I wrote a little guide how to apply all those changes for your own board for those who are interested (in german): https://www.phpbb.de/community/viewtopi ... 6#p1380666

Finally tas (ex-phpbb.de) is working on a privacy protection ext. Just write yout inputs as an issue on his git: https://github.com/tas2580/privacyprotection
Last edited by zorni on Mon Apr 09, 2018 1:32 pm, edited 1 time in total.
Post Reply

Return to “phpBB Discussion”