New GDPR (General Data Protection Regulation) and phpBB

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Scam Warning
User avatar
david63
Registered User
Posts: 18584
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by david63 »

andrewilley wrote:
Thu Apr 12, 2018 8:26 am
Could someone point me towards a plain-English site that tells me in a few minutes if I need to do anything for this seemingly over-bureaucratic EU nonsense regulation that appears to be aimed at businesses?
When we find one we will - some of us have been looking for such information for weeks. Sorry it is not the answer that you want, but is probably about the best you will get!
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored
User avatar
AmigoJack
Registered User
Posts: 5795
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by AmigoJack »

andrewilley wrote:
Thu Apr 12, 2018 8:26 am
a plain-English site that tells me in a few minutes
This can be associated with any topic/issue that comes to your mind. However, when things are complex you can't cheat out. And I suppose you don't want to hear "don't use GA, don't use Ads, don't run a BBS".
  • The worst thing about censorship is ███████████
  • "The problem is probably not my English but you do not want to understand correctly. ... We will not come anybody anyway, nevertheless, it's best to shit this." Affin, 2018-11-20
  • "But this shit is not here for you. You can follow with your. Maybe the question, instead, was for you, who know, so you shoved us how you are." axe70, 2020-10-10
User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 5027
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by HiFiKabin »

david63 wrote:
Thu Apr 12, 2018 8:53 am
andrewilley wrote:
Thu Apr 12, 2018 8:26 am
Could someone point me towards a plain-English site that tells me in a few minutes if I need to do anything for this seemingly over-bureaucratic EU nonsense regulation that appears to be aimed at businesses?
When we find one we will - some of us have been looking for such information for weeks. Sorry it is not the answer that you want, but is probably about the best you will get!
Strike weeks and replace that with months. I asked the ICO that very same direct question last year and did not receive a direct answer (just a link to all their docs)
User avatar
Acorn
Registered User
Posts: 398
Joined: Tue Sep 26, 2006 8:11 am
Location: UK
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by Acorn »

Yes, the ICO are very good at doing that. No simple answers, just the suggestion that you go and read their documents - the main documentation for the GDPR is 153 pages, and there are many links to other documents in it. The GDPR itself is 68 pages long.

Oh, and they have updated their documentation 14 times since the beginning of last year, so don't rely on what you read 2 months ago.

You could almost believe that they either don't understand it themselves, or are scared of interpreting it in case they get it wrong.

What chance do we stand? All we can do is try hard to abide by the principles and believe that if we can demonstrate that we have tried, we will at least be treated leniently if we fail.
Getting braver all the time. :D
User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 5027
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by HiFiKabin »

As I have said elsewhere, the ICO's boss was on the TV the other morning and I caught the end of it . She was pretty useless. No real answer to anything "Yes I use Faceache but have my Privacy Settings tightly set" sort of content. OK, its only morning telly but you expect the content to be slightly useful (well, not really but one lives in hope)
andrewilley
Registered User
Posts: 114
Joined: Fri Sep 12, 2008 7:28 pm
Location: Birmingham UK
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by andrewilley »

AmigoJack wrote:
Thu Apr 12, 2018 9:00 am
However, when things are complex you can't cheat out. And I suppose you don't want to hear "don't use GA, don't use Ads, don't run a BBS".
However those sort of things are all absolutely standard on anything from a tiny home-built website like mine with a few thousand visitors a week to a multi-national corporation. Basically pretty-much the whole internet in fact.

It would be madness to say that everyone needs legal advice, or to understand hundreds of pages of meaningless Euro-babble, just to run a piddling little website - but no doubt that's what the faceless Eurocrats want everyone to do, as they have no understanding of the real world, nor do they care. :(

Andre
--- Admin of www.portorleans.org
User avatar
Mick
Support Team Member
Support Team Member
Posts: 22919
Joined: Fri Aug 29, 2008 9:49 am
Location: Watching cricket probably.

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by Mick »

Maybe we should lobby our local MP's and get them to have this thing squashed on May 26th?
"The more connected we get the more alone we become" - Kyle Broflovski©
User avatar
david63
Registered User
Posts: 18584
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by david63 »

Mick wrote:
Thu Apr 12, 2018 1:12 pm
Maybe we should lobby our local MP's and get them to have this thing squashed on May 26th?
We could have a referendum :lol:
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored
User avatar
canonknipser
Registered User
Posts: 2096
Joined: Thu Sep 08, 2011 4:16 am
Location: Germany
Name: Frank Jakobs
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by canonknipser »

david63 wrote:
Thu Apr 12, 2018 1:49 pm
We could have a referendum
Be sure everybody in the UK knows what he/she has to vote for this time :D
Greetings, Frank
phpbb.de support team member
English is not my native language - no support via PM or mail
New arrival - Extensions and scripts for phpBB
User avatar
tojag
Registered User
Posts: 409
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by tojag »

Do not you understand that personal data has been treated as the most valuable good? Therefore, they want the accountability of these data just like with the money you have. Do you work in a factory, do you have a small business or you have sold something? You have to pay tax. Can you say "I will not pay tax because I do not know the law"? You can not! You can take a lawyer or advisor but you have to pay! Can you say "let's do a referendum! We will not pay!" You can not! They arrest you for hate speech or for something else. There is no chance of winning.
At the moment we should not wonder how to avoid it but how to do it in the simplest way.
User avatar
GanstaZ
Registered User
Posts: 804
Joined: Wed Oct 11, 2017 10:29 pm
Location: Zverse

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by GanstaZ »

If you don't sell data, have the correct points on your privacy page, security is as high as possible and you are responsible owner (only owner should have access to data, when it's needed) then over 80% is covered. There's no right to be 100% forgotten, at least 20% will remain & it can not be a problem. Only thing that may be little problematic is account delete option & export data to some file, so one may move out, but it can be solved.
"When answer lies in the question,.. question becomes redundant!"
User avatar
AmigoJack
Registered User
Posts: 5795
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by AmigoJack »

andrewilley wrote:
Thu Apr 12, 2018 10:27 am
those sort of things are all absolutely standard on anything from a tiny home-built website
Third party analytics? Before 2000 sure, but afterwards it was easy to do/host that yourself. Ads? Everybody does this voluntarily and it's also your choice, not your need. You should have killed both things decades ago - just because those are comfortable to you it doesn't mean they become okay automatically. Even phpbb.com is using Google Analytics which never was, is, and will be okay.
  • The worst thing about censorship is ███████████
  • "The problem is probably not my English but you do not want to understand correctly. ... We will not come anybody anyway, nevertheless, it's best to shit this." Affin, 2018-11-20
  • "But this shit is not here for you. You can follow with your. Maybe the question, instead, was for you, who know, so you shoved us how you are." axe70, 2020-10-10
User avatar
tojag
Registered User
Posts: 409
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by tojag »

andrewilley wrote:
Thu Apr 12, 2018 8:26 am
I run a very small phpBB forum at [removed link], with probably just a few posts a week for users to ask questions that aren't covered by the rest of the information on the site, and to post comments. It is a non-commercial site and has no e-commerce or other data gathering tools. I do use Google Analytics for usage reports, Google Ads to try to cover the server running costs/etc, and AddThis for social media shares/follows.

The site is not SSL encrypted, although that might be something I'd consider if it can be done without any financial costs and if it doesn't involve complicated procedures or code rewrites.
If You use Googla Analytics, Ads, social media plugins, you relay data to third party.
You have to inform your users about it. The standard phpBB registration rules does not contains info about it but most people keep it without change. This is not good. You should adapt it to your site specify.
You have to add info about cookies too, if you have not.
For SSL You can try to use "Let's encrypt". It is free. Personally, I pay for fixed ip and ssl to my forum but I also use "Let's encrypt" on other sites.
We all have to keep a record of the activities and categories of data processing. The GDPR requires it and there are penalties for not having it.
All of this is no cost.
But that still does not exhaust all the requirements of GDPR about which we wrote in this and other topics.

I think that small websites, forums based on obsolete scripts, some unauthorized extensions, etc. are a bigger source of problems than websites, large, decent companies. I think about data leakage problems. That is why it is very good that these regulations are. What is missing is specifics. But here you can rely on standards and good procedures known for years (eg password rules, access levels, connection encryption). There are often national rules on this subject and compliance can be demonstrated with respect to GDPR.
Personally, it's hard for me to trust a small forum that has just been created, does not use ssl when sign up/logging in, even requires a lot of data, often the name and surname, and the owner does not even introduce himself, there are no rules, no policy, nothing. I always read the rules when I register somewhere. Most people do not read, and then they are surprised that FB knows too much about them. I have 12k users on my forum. I think the majority did not read the rules of the forum, but there are also people who very carefully ask me about it. In recent months, their number has increased, probably due to the FB affair and a lot of information about the upcoming GDPR.

Of course, the small side has little chance of attack from the hackers because there is little data to extract, and the websites of large companies are attacked often. But sometimes it's enough to make a mistake in the script so that, for example, the data is displayed to everyone on the page.
I once had such a case in the online store. I bought something, paid, and accidentally clicked 'back' and the page displayed transaction data of another client that has just ended. Each 'back' click showed the exact details of other transactions. An error in the scripts may be out of date but the leak has occurred. I reported it to them but a dishonest person could in this way extract a lot of data about transactions. Fortunately, it was bookshops and not sexshop :lol:
User avatar
AmigoJack
Registered User
Posts: 5795
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by AmigoJack »

tojag wrote:
Fri Apr 13, 2018 9:44 am
accidentally clicked 'back'
For decades whenever that happens to me or the website itself tells me to not use the browser's navigation buttons I said to myself: one of us did not understand HTTP.


What GDPR essentially wants is easy to grasp: security by design (not by approval, not by promise). Technically this is challenging, but then again most never thought about this throughly and now they're shocked. What GDPR will never be able to give you: a bullitproof HOWTO. If you can't trust the software, don't use it (again: this stems from using computers since forever).
  • The worst thing about censorship is ███████████
  • "The problem is probably not my English but you do not want to understand correctly. ... We will not come anybody anyway, nevertheless, it's best to shit this." Affin, 2018-11-20
  • "But this shit is not here for you. You can follow with your. Maybe the question, instead, was for you, who know, so you shoved us how you are." axe70, 2020-10-10
LaxSlash1993
Registered User
Posts: 182
Joined: Sat Sep 22, 2012 2:20 am

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by LaxSlash1993 »

Got away from this as I've been busy lately with work.

I did find something out, though. This is how the EU plans on enforcing it in the US:
http://www.uniformlaws.org/ActSummary.a ... tion%20Act

I'm once again torn if I want to believe any of the bs going around, or if I just want to geoblock the EU before the enforcement date, retain all of the data for people to come back if case law eases lawyers minds about it, and then go from there.
Post Reply

Return to “phpBB Discussion”