As the founder of this topic, I want to say that for 2-3 years nothing has changed in the phpBB group's approach to the GPDR directive. It doesn't matter if someone is in the EU or not, it's right when you read it to look coherent and pro consumer, pro human. Currently, even non-EU countries and, as I read, individual US states are implementing similar legal solutions.
Competing CMS or forums software implement solutions enabling compliance with GDPR but phpBB not. Why not?
GDPR is a broad concept. It requires looking at the whole concept of managed business.
We know widely described cases of data leaks and high penalties imposed by regulatory authorities, but as you can see, this does not translate into changes in the phpbb approach of these matters. Detriment
When will we be a consistent approach to protecting personal data in phpBB?
What is needed in my opinion:
- built-in mechanisms for informing about data processing;
- anonymization of unnecessary data (after a set time), technical ways of securing access (e.g. 2FA);
- initial settings in accordance with gdpr requirements;
Of course, this can be an extension, but it should be distributed with phpbb as an integral part.
All in all, I don't understand why nobody worries about it. These are very important issues, which are completely overlooked by the phpBB group. From what I see, only some programmers think about it. Thanks David, thanks Paul.