GPDR Compliance

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Ideas Centre
Post Reply
alumnoxxi
Registered User
Posts: 116
Joined: Mon Jul 13, 2020 11:01 pm

GPDR Compliance

Post by alumnoxxi »

I understand that by RGPD saving ips in the 'long term' either in apache / nginx logs or at the level of the phpbb database is illegal?

If this is the case and it is illegal to save these long-term ips (I understand that because of attacks and maybe you can save them x days to trace this) what is the best solution to address this? Install any of the extensions offered here to anonymize the phpbb database or is it a better idea since I currently use cloudflare, remove the apache mod that converts to the real ip instead of the virtual ip cloudflare? In this way we would clean both the server and bd logs.

I don't know if this is the right subforum to address it, sorry
User avatar
david63
Registered User
Posts: 20646
Joined: Thu Dec 19, 2002 8:08 am

Re: GPDR Compliance

Post by david63 »

I am not sure that we need to discuss again. If you were to search this board every aspect of GDPR has been discussed at length.
David
Remember: You only know what you know and - you don't know what you don't know!

I now no longer support any of my extensions but they will start to become available here
User avatar
AmigoJack
Registered User
Posts: 6108
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: GPDR Compliance

Post by AmigoJack »

  • "The problem is probably not my English but you do not want to understand correctly. ... We will not come anybody anyway, nevertheless, it's best to shit this." Affin, 2018-11-20
  • "But this shit is not here for you. You can follow with your. Maybe the question, instead, was for you, who know, so you shoved us how you are." axe70, 2020-10-10
  • "My reaction is not to everyone, especially to you." Raptiye, 2021-02-28
alumnoxxi
Registered User
Posts: 116
Joined: Mon Jul 13, 2020 11:01 pm

Re: GPDR Compliance

Post by alumnoxxi »

david63 wrote: Sat Mar 27, 2021 9:31 pm I am not sure that we need to discuss again. If you were to search this board every aspect of GDPR has been discussed at length.
I do not want to start a discussion, I just want you to clarify two points, since I have been seeing your answers in other threads and more people and I see contradictory things.
Correct me if i'm wrong

- Vanilla phpbb is claimed to be GPDR compliant
-It is claimed that installing style or extension can break GPDR, therefore you have to check one by one

Now come my 2 doubts:

-It is stated that phpbb vanilla complies with gpdr, but phpbb vanilla stores the ips of users in the database when posting comments, is that not contrary to GPDR?

-If vanilla phpbb complies with GPDR, what problem does your Privacy Policy extension particularly solve?

As I told you, I read all the threads that I found about GPDR but I still have these doubts, since in most threads it finally ends up wandering
User avatar
david63
Registered User
Posts: 20646
Joined: Thu Dec 19, 2002 8:08 am

Re: GPDR Compliance

Post by david63 »

alumnoxxi wrote: Mon Mar 29, 2021 1:27 am Vanilla phpbb is claimed to be GPDR compliant
Correct
alumnoxxi wrote: Mon Mar 29, 2021 1:27 am It is claimed that installing style or extension can break GPDR, therefore you have to check one by one
Again correct
alumnoxxi wrote: Mon Mar 29, 2021 1:27 am but phpbb vanilla stores the ips of users in the database when posting comments, is that not contrary to GPDR?
No because GDPR allows the storage of personal data for the "normal operation of a site". There is some contention around whether an IP address is personal data anyway. Personal data is anything that can identify somebody - with IPv4 that, generally, is not possible and even IPv6 does not give away anything more.

My current IP address is 2a00:23c7:47a3:7201:e161:5d66:93e1:6553 so you are free to tell me what personal data that has about me - it's reported location is miles away from where I am.
alumnoxxi wrote: Mon Mar 29, 2021 1:27 am If vanilla phpbb complies with GPDR, what problem does your Privacy Policy extension particularly solve?
My Privacy Policy extension adds another layer of protection which allows Admins to add anything else to their board without having to check whether it complies with GDPR - things such as Adsense
David
Remember: You only know what you know and - you don't know what you don't know!

I now no longer support any of my extensions but they will start to become available here
User avatar
WelshPaul
Registered User
Posts: 420
Joined: Tue Aug 19, 2014 2:09 pm

Re: GPDR Compliance

Post by WelshPaul »

As a forum owner you're more likely to get sued for slander or breach of copyright than a breach GDPR. Every forum is different and there is never going to be one solution fits all solution. It's up to you as the owner of your board to ensure it meets whatever requirements it needs to meet and if you don't know how to do that, pay someone that does to do it for you.
User avatar
DarkBeing
Registered User
Posts: 128
Joined: Wed Mar 28, 2007 5:31 pm
Location: atm Estonia
Name: Sven

Re: GPDR Compliance

Post by DarkBeing »

david63 wrote: Mon Mar 29, 2021 7:35 am
alumnoxxi wrote: Mon Mar 29, 2021 1:27 am but phpbb vanilla stores the ips of users in the database when posting comments, is that not contrary to GPDR?
No because GDPR allows the storage of personal data for the "normal operation of a site". There is some contention around whether an IP address is personal data anyway. Personal data is anything that can identify somebody - with IPv4 that, generally, is not possible and even IPv6 does not give away anything more.

My current IP address is 2a00:23c7:47a3:7201:e161:5d66:93e1:6553 so you are free to tell me what personal data that has about me - it's reported location is miles away from where I am.
I think the problem or uncertainty comes from this ruling:
The Court of Justice of the European Union has held that IP addresses are "personal data" in certain circumstances. This decision is significant because it means that the collection and further processing of IP addresses may be subject to EU data protection law, creating potential compliance difficulties for businesses.
See —> https://www.whitecase.com/publications/ ... some-cases

Granted the text is a bit dusty (from 2016) but I think it is still valid. Not that I agree with this ruling...
alumnoxxi
Registered User
Posts: 116
Joined: Mon Jul 13, 2020 11:01 pm

Re: GPDR Compliance

Post by alumnoxxi »

david63 wrote: Mon Mar 29, 2021 7:35 am
My Privacy Policy extension adds another layer of protection which allows Admins to add anything else to their board without having to check whether it complies with GDPR - things such as Adsense
Thanks for the information @david63. One last doubt, then it is legitimate and legal to delete the ips of the users, I understand right? If so, let's take the example that someone reports a post for defamation, you can never provide the information they are asking for, or is there something I'm missing here?

-Regarding its 'privacy policy' extension, I have been testing it locally and I get some errors

With this configuration:

1- Enable the Privacy policy: yes
2-Enable the Cookie policy: no
3-Show privacy / cookie policy: yes

I do not see the privacy policy of cookies neither in the navbar nor in test.com/app.php/privacypolicy/policy, here I only see the privacy policy only, if I activate enable cookie policy then it does appear in test.com/app. php / privacypolicy / policy

Another error that arises is that if I activate:
Enable the Cookie policy: yes

At the time of clicking accept in the pop-up window, the message never goes away, it always appears, I understand that this although I am testing it locally, it should go, with the cookie message that phpbb has from the acp it works perfect for me.

Finally when it comes to anonymizing the ips, I am able to select a user -> ban -> exclude ip and I see his ip instead of 127.0.0.1. Could it be that it only anonymizes the ips of the new users and not the old ones?

Version3.1.0-RC2
php 7.4.15
phpbb 3.3.3
prosilver style

I did not find any error log associated with what I told you

edit: maybe the info about its extension should not be here and if in viewtopic.php?t=2464776

If you consider it, let me know and I'll change it
Post Reply

Return to “phpBB Discussion”