CHItA wrote: ↑
Sun May 20, 2018 2:44 pm
Also, please try to keep this a civilized discussion.
it doesn't matter, I expected that kind of response.
I will just complete what you said because this will be useful for those who consider my arguments valid because they are issued by an authority:
CHItA wrote: ↑
Sun May 20, 2018 2:44 pm
This was also already answered. Don't process them based on consent and then you don't have to (except on a case by case basis if the author requests it and the request is reasonable). If you process them based on consent then you probably have to remove the personal data from the posts and probably from quotes, replies, whatever else.
If you live in the European Union, I invite you to consult your equivalents to the French CNIL which corresponds to the data protection authority of your country (European DPA
Put yourself in the place of an Internet user who wants to delete personal data on a site and look what are your rights and how to implement them. You will discover that you must make the request to delete your personal data in writing and have a valid reason
to make this request. ^^
On the site of the CNIL, there is a section "Courier" which allows to recover the model of this Courier
here is the translated document issued by the French data protection authority:
Information about me is currently posted on your website on the following pages:
[ Url ]
Also, in accordance with article 38 of the law "Informatique et Libertés" of January 6, 1978 modified, thank you for removing the following information:
[ info_to_remove ].
I wish this information to be deleted because:
[ reason_of_deletion ]
I thank you for doing the necessary to ensure that these pages are no longer referenced by search engines.
I remind you that you have a maximum of two months following receipt of this letter to respond to my request (Article 94 of the Decree of 20 October 2005 for the application of the law of 6 January 1978 as amended).
Please accept, Madam and Sir, the expression of my best regards.
so you can see that it is up to the user to specify the pages in which he wishes to delete his personal data. Moreover, you will find that he must also indicate a valid reason for his request.
If, despite requests to the site, the user does not obtain satisfaction, then he will have to make a complaint to his local data protection authority.
I put myself in the place of a user wishing to fill up and I carried out the process on this link
And surprise ...
You want to delete or anonymize personal data or contributions
Address your request to the blog / forum where the information is posted. His answer may be the anonymisation of your contributions.
To know: if you use a pseudonym you will be able to exercise your rights "computer science and freedoms" only if you can demonstrate that it identifies you indirectly.
It doesn't matter, I go on to say that "The response of the blog/forum is not satisfactory"
If the blog/forum has anonymized your contributions, the CNIL considers this answer sufficient for the protection of your data.
In other cases, send a complaint to the CNIL.
Documents to provide in support of your approach: a copy of your initial request and, if it answered, a copy of its answer.
These elements are essential to the investigation of your complaint.
Whouaaa, it's Christmas before the time. ^^
After that, if you persist, you must fill out a very nice form.
There, I say, it really takes time and a very good reason to want to delete personal data.
To conclude this long message, here is "another point of view"
regarding the GDPR :
The original text can be found here
In this text you can find 4 points :
European Data Protection Regulation: what do you need to know?
1. Where to find the text?
2. When will the European Regulation be applicable?
3. What are the changes made by the European Regulation for professionals?
4. What are the changes made by the European Regulation for citizens?
In the second point, you can read :
It applies to all companies (including their works councils), administrations and associations that process personal data.
So if you have a community and non-commercial forum or you are not a part of an association, you are not concerned.
but having said that, you're still responsible for data security that is a part of the GDPR.
Somes interesting links that you can read in your natural language (you can change with the link at left of the Search box) :
https://ec.europa.eu/info/law/law-topic ... /reform_en
https://ec.europa.eu/info/law/law-topic ... al-data_en
(note that it speaks only of business and not private use).
https://ec.europa.eu/info/law/law-topic ... w-apply_en
(note that it speaks only of business or entity and not private use).
https://ec.europa.eu/info/law/law-topic ... ly-smes_en
(same as above).
after all this, I maintain that the administrator of a non-commercial phpBB forum can sleep soundly.
Now, nothing prevents you from doing the minimum by adding a security policy where you explain as do most large companies, that if the user continues to use your service, he agrees to the collection of personal information necessary to functioning of the forum as well as the acceptance of operating cookies.
Sorry for the length of this message.
Sorry to have delayed writing it, but as the weather was nice, I went gardening.
Edit : Link Update for Courier