New GDPR (General Data Protection Regulation) and phpBB

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Scam Warning
Affin
I've Been Banned!
Posts: 256
Joined: Fri May 25, 2018 9:52 pm

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by Affin » Thu Oct 25, 2018 6:33 pm

Is there any extension for this?

User avatar
Crizzo
Translations & International Support Teams Manager
Translations & International Support Teams Manager
Posts: 958
Joined: Thu Apr 23, 2009 1:20 pm
Location: Germany
Name: Christian
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by Crizzo » Thu Oct 25, 2018 6:35 pm

Affin wrote:
Thu Oct 25, 2018 6:33 pm
Is there any extension for this?
viewtopic.php?f=456&t=2464776 ;)
My extensions for phpBB: crizzo.de
German phpBB Support at www.phpbb.de

LaxSlash1993
Registered User
Posts: 182
Joined: Sat Sep 22, 2012 2:20 am

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by LaxSlash1993 » Wed Dec 12, 2018 2:18 am

Bumping a topic from a bit ago, but this came out recently in case anyone's interested:
https://www.dataprotectionreport.com/20 ... -the-gdpr/
What qualifies as offering goods and services?

The GDPR applies to entities that target data subjects in the EU with goods or services. Here, an entity only need an “intention” to offer goods and services to EU data subjects – there is no requirement that commerce or economic activity occurs. For example, if a company’s website displays languages or currencies commonly used in the EU, then that company would be targeting EU data subjects even if it never made a sale in the EU. One limited example is provided of where this intention is not manifest and that is when a US citizen uses a US news app while traveling in the EU.

The Guidelines also give a list of nine factors that can be taken into account in determining where an intention to offer goods and services exists, including: whether an EU member state is designated by name, advertising campaigns in the EU, the international nature of the activity, mention of addresses or phone numbers reachable from an EU country, use of a top level EU domain name, description of travel instructions from the EU to the services, mention of international clientele or customers in the EU, use of language or currency commonly used in the EU, and whether goods are delivered in EU countries.

What meets the threshold for monitoring EU Data Subjects?

The GDPR applies when entities monitor the behavior of EU data subjects when that behavior takes place in the EU. Per the EDPB, ‘monitoring’ implies that the Controller has a “specific purpose in mind for the collection and subsequent reuse of the relevant data about an individual’s behavior within the EU.” Examples of monitoring behavior include the use of common online tools such as cookies, geolocation tracking, and behavioral advertising but also offline monitoring such CCTV.
Bold-italics emphasis is mine. Done to point out things likely relating to forums. Is English considered a common language used in the EU? Also, are moderators considered as "employees" of a forum? Does that mean to fall out of the scope, any EU based moderator or admin would have to be demoted/dropped?

tl;dr for those not interested in reading the article, the EU's throwing a globalist temper tantrum and asserting that it has power that it doesn't have again. :roll: :lol:

User avatar
Lumpy Burgertushie
Registered User
Posts: 66812
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by Lumpy Burgertushie » Wed Dec 12, 2018 5:12 am

LaxSlash1993 wrote:
Wed Dec 12, 2018 2:18 am
monitoring’ implies that the Controller has a “specific purpose in mind for the collection and subsequent reuse of the relevant data about an individual’s behavior within the EU.
that says to me that unless you are collecting data(cookies etc.) for a specific purpose ( other than just simply because it is needed to be able to use the software ), then none of this stupid EU law even applies in the EU much less anywhere else.


robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.2 Styles by PlanetStyles.net

If a tree falls in the forest and nobody is there, does it make a sound?

timeforhelp1
Registered User
Posts: 212
Joined: Thu Feb 19, 2009 5:34 pm

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by timeforhelp1 » Fri Aug 02, 2019 4:03 pm

This thing is ridiculous, aren't we leaving the EU anyway!

There are sites that I go on in America that can not be viewed on an EU ip because of this crap (https://www.tribpub.com/gdpr/orlandosentinel.com/) and it's unbelievable that the foreign sites do not have an CMP (https://advertisingconsent.eu/cmp-list/) installed as they are surely losing money!

Anyway I've seen a big decrease in my advertising revenue because I did not have a CMP, so I used a free one from quantcast, just put it on today.
(https://www.quantcast.com/gdpr/quantcas ... elf-serve/)

It's not that hard and you're all done.

User avatar
david63
Registered User
Posts: 16663
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Name: David Wood
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by david63 » Fri Aug 02, 2019 4:57 pm

timeforhelp1 wrote:
Fri Aug 02, 2019 4:03 pm
This thing is ridiculous, aren't we leaving the EU anyway!
Maybe, possibly - but that is irrelevant because GDPR is in UK law and will stay.
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored

heinrich_k
Registered User
Posts: 202
Joined: Fri Jul 17, 2009 11:40 am

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by heinrich_k » Mon Sep 09, 2019 1:38 pm

Question
GDPR as a general best practice states, that no unnecessary information shall be stored and information shall be deleted if no longer necessary.

Also, IP addresses of users are somewhat personal information. Regardless of the ability to match the information to a person or internet identity anyone of us has.

So, the IP addresses of users' last login or any post or log entry or wherever the forum stores IP addresses are something that in my experience have now value or at least rapidly decreasing value. I mean, they are kind of useful for debugging bus besides that....

So, why store them ?
Why not mask them after a period of time set in the ACP, or delete them all together?

In the end they are kind of forensic circumstantial evidence, if someone claims a post that was made with his username wasn't made by him or so. But I for one wouldn't want anyone to dig up, 10 years from now, that this very post was made from an IP belonging to my employer's ISP, not my cell phone carrier's.

enter a valid email
Registered User
Posts: 286
Joined: Mon May 30, 2016 4:50 pm
Location: VIE
Contact:

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by enter a valid email » Mon Sep 09, 2019 1:55 pm

The problem some Information must be stored by Law for a long period of Time like offers and other who I could ne translate well.
Like a Bill who must be stored for 6 Years here. The include often Multiple Personal Data. :roll:

heinrich_k
Registered User
Posts: 202
Joined: Fri Jul 17, 2009 11:40 am

Re: New GDPR (General Data Protection Regulation) and phpBB

Post by heinrich_k » Mon Sep 09, 2019 2:18 pm

enter a valid email wrote:
Mon Sep 09, 2019 1:55 pm
The problem some Information must be stored by Law for a long period of Time like offers and other who I could ne translate well.
Like a Bill who must be stored for 6 Years here. The include often Multiple Personal Data. :roll:
True, the GDPR explicitly allows to be uverruled by any other law that requires a entity to store data. Tax and banking laws being the most prominent.

But there is no regulation that requires you to store IP addresses of users when they login, nor is there any reason to log their activity in the phpBBs logs for an indefinite amount of time. In any case, these information has to be machine readable, exportable, and deletable to comply with GDPR, so for full compliance these entries have to be anonymised, at least.
Same goes for web server logs.... if they aren't needed for debugging, there is no legitimate reason to keep them longer than necessary.

I don't know what "necessary" is, nobody does until there are the first court rulings, whoever my form tells me that on Thursday 27. Oct 2011, 15:40 user Hamisch from IP 130.83.xxx.xxx added the user "Turm" to group "Kust Lag".
I can see, that this information provides some information, but the IP really doesn't give any meaningful aspect any more. And if either Hamisch or Turm were to request of deletion of the personal information phpBB doesn't provide the means to anonymise their entries in the logs, or does it ?

Post Reply

Return to “phpBB Discussion”