Re: EU and the GDPR Reply #15 – April 03, 2018, 06:26:59 pm Quote from: Feline – April 03, 2018, 02:47:10 pmThis is only need for EU user, not for user outside the EU .. So this also must check (in EU, outside EU .. can by done with the IP address and the GEOIP Service)This is technically wrong.Technically, it's for EU and anyone targeting EU citizens.I don't believe much in geoip localization, and for the amount of work involved (for both the admin and the end user), I think it's easier to just have it enabled if the admin decides to enable it.
Re: EU and the GDPR Reply #16 – April 04, 2018, 11:25:30 am Well ..I'm not sure if your meaning the right..I think it's the same as the EU Cookie Law .. this regular is only valid for EU User.The GDPR is only Interested for Companys outside the EU if he store data from Users INSIDE the EU .. and these must have also the ECL functionally.So if I check the users Location I can say "He must accept the GDPR" or not.Same what I do with the ECL ... If the user inside the EU he must accept ECL, if he outside the EU he must not accept the ECL.And this functionally the Admin can enable/disable ..But .. this is only myself meanings ..
Re: EU and the GDPR Reply #17 – April 04, 2018, 03:33:57 pm What does it happen is a EU citizen is abroad when accessing the site?He is still a citizen of the EU, but is visiting the USA (let's say). The forum doesn't show the agreement, but still the user should be presented with the information.
Re: EU and the GDPR Reply #18 – April 04, 2018, 08:14:54 pm If this the FIRST login, then .. you are right.My Plans .. If a EU-User do a login and have NOT accepted the GDPR (as I say .. a column in the members table) he must accept the GDPR before he can continue the Login.If he not Accept the GDPR, he get a Screen where he can request a "accout delete" and the Login is abort.But .. that all is (at the moment theoretic) because the Hosting Company where you have the site hosted have also a Problem with the GDPR .. because he can run in Problems if he allow that I save GDPR Relevant user data on his server (Like IP Adress).So ... I have today contacted my Hosting .. but at the moment he have no informations what comes ...This ugly GDPR is a havy thing .. and nobody is sure what is need and what not ...The savin of the IP is a thing what is (normaly) not need ... because Bans on the IP don't work correctly.So also I think on the removing of IP storage for posts and any other ...Feline
Re: EU and the GDPR Reply #19 – April 05, 2018, 10:10:09 pm This doesn't apply to me at all, & I am way green/inexperienced. BUT JUST A IDEA ....couldn't delete all users passwordsforce them do a lost password actionAND drop the EU cookie notice, into user agreement for future users, and on the password form, for existing users, append the EU cookie notice.FOR SAY, A WEEK ... give everyone time to get their new pw, and see the notice.Then can remove it - clean user base.Or even just a required checkbox on the reg formso won't have to FOREVER carry a extra DB class.Perhaps in advance, send out a mass mail to all users, explaining, with a date planned to impliment it.The deleima about the part relating to site storing info, like logs, per post, msg, etc. is real interesting issue.IF going to add something to the DB, then how about applying a double login, like admin, to the DB sections that hold personal identifiers?Least gain extra security, for the extra DB load & resource usage.
Re: EU and the GDPR Reply #20 – April 06, 2018, 05:20:56 am And the funny thing is: the user is the one that the system has to protect, not the owner. xD
Re: EU and the GDPR Reply #21 – April 06, 2018, 07:16:28 am Quote from: emanuele – April 06, 2018, 05:20:56 amAnd the funny thing is: the user is the one that the system has to protect, not the owner. xD Yes .. You must first accept the GDPR before you can login
Re: EU and the GDPR Reply #22 – April 11, 2018, 02:44:53 pm This might help you all;https://ico.org.uk/media/for-organisations/documents/1600/social-networking-and-online-forums-dpa-guidance.pdf
Re: EU and the GDPR Reply #23 – April 28, 2018, 11:52:58 am So pretty far behind on this...is this something that will be handled by the ElkArte software (an update?) or does each forum have to do this on their own modifications to comply with this?
Re: EU and the GDPR Reply #24 – April 28, 2018, 02:46:05 pm I want to do "something", to make the life easier to the admins.I'm pretty sure it will be impossible to have a "fully-compliant" ElkArte any time soon (even only because the requirements are not exactly clear as you may see from this very topic, where different people have different understanding of the law and so different opinions on what is necessary and what is not).I hope to provide some tools in the next update, I'm not sure which.Here some are tracked:https://github.com/elkarte/Elkarte/issues?q=is%3Aissue+is%3Aopen+label%3AGDPRIf it were for me, I would see two as the most "pressing":1) the revision of the agreement,2) an easy way to "anonymize" a user that requires his data to be deleted.In general, I think 2 is easier to implement than 1, but probably 1 is more useful than 2 right now.
Re: EU and the GDPR Reply #25 – April 28, 2018, 09:58:15 pm The more useful one should be started first, I think.
Re: EU and the GDPR Reply #26 – May 12, 2018, 10:29:34 am Interesting reading:https://www.whitecase.com/publications/alert/court-confirms-ip-addresses-are-personal-data-some-cases
Re: EU and the GDPR Reply #27 – May 12, 2018, 02:54:09 pm Another interesting aspect:https://law.stackexchange.com/questions/24623/gdpr-git-historycomment to the first answer.I feel this could be applied to forum content as well.Since the content is not produced by the admin, he has the obligation to be able to tell who wrote something in case of any potential legal case would arise (copyright violations, defamation, etc.).To think about it.
Re: EU and the GDPR Reply #28 – May 12, 2018, 03:42:52 pm I did an addon for another forum software which did the following. I could see if I can port it if needed.Allows member to export their data. Their profile and post informationOn member deletion clears IP address and email from posts and assigns a new username to all old posts.Includes a privacy policy page, adds link in the footer and adds a section for consent on registrationStores the date/time that the privacy policy was changed and option to force to reagreeStores the date/time that the registration agreement was changed and option to force to reagree
Re: EU and the GDPR Reply #29 – May 13, 2018, 02:49:43 am That's a great offer. It would be fantastic if you did that!