Skip to main content
Topic: EU and the GDPR (Read 2860 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Re: EU and the GDPR

Reply #15
This is only need for EU user, not for user outside the EU .. So this also must check (in EU, outside EU .. can by done with the IP address and the GEOIP Service)
This is technically wrong.
Technically, it's for EU and anyone targeting EU citizens.
I don't believe much in geoip localization, and for the amount of work involved (for both the admin and the end user), I think it's easier to just have it enabled *if* the admin decides to enable it.
Bugs creator.
Features destroyer.
Template killer.

Re: EU and the GDPR

Reply #16
Well ..I'm not sure if your meaning the right..
I think it's the same as the EU Cookie Law .. this regular is only valid for EU User.
The GDPR is only Interested for Companys outside the EU if he store data from Users INSIDE the EU .. and these must have also the ECL functionally.
So if I check the users Location I can say "He must accept the GDPR" or not.
Same what I do with the ECL ... If the user inside the EU he must accept ECL, if he outside the EU he must not accept the ECL.
And this functionally the Admin can enable/disable ..
But .. this is only myself meanings ..
Many are stubborn in relation to the path, a few in relation to the target.
Visit our new Forum Project on https://www.portamx.com

Re: EU and the GDPR

Reply #17
What does it happen is a EU citizen is abroad when accessing the site?
He is still a citizen of the EU, but is visiting the USA (let's say). The forum doesn't show the agreement, but still the user should be presented with the information.
Bugs creator.
Features destroyer.
Template killer.

Re: EU and the GDPR

Reply #18
If this the FIRST login, then .. you are right.
My Plans ..
If a EU-User do a login and have NOT accepted the GDPR (as I say .. a column in the members table) he must accept the GDPR before he can continue the Login.
If he not Accept the GDPR, he get a Screen where he can request a "accout delete" and the Login is abort.

But .. that all is (at the moment theoretic) because the Hosting Company where you have the site hosted have also a Problem with the GDPR .. because he can run in Problems if he allow that I save GDPR Relevant user data on his server (Like IP Adress).
So ... I have today contacted my Hosting .. but at the moment he have no informations what comes ...

This ugly GDPR is a havy thing .. and nobody is sure what is need and what not ...
The savin of the IP is a thing what is (normaly) not need ... because Bans on the IP don't work correctly.
So also I think on the removing of IP storage for posts and any other ...

Feline
Many are stubborn in relation to the path, a few in relation to the target.
Visit our new Forum Project on https://www.portamx.com

Re: EU and the GDPR

Reply #19
This doesn't apply to me at all, & I am way green/inexperienced. BUT JUST A IDEA ....

couldn't delete all users passwords
force them do a lost password action

AND drop the EU cookie notice, into user agreement for future users, and on the password form, for existing users, append the EU cookie notice.
FOR SAY, A WEEK ... give everyone time to get their new pw, and see the notice.
Then can remove it - clean user base.

Or even just a required checkbox on the reg form
so won't have to FOREVER carry a extra DB class.

Perhaps in advance, send out a mass mail to all users, explaining, with a date planned to impliment it.


The deleima about the part relating to site storing info, like logs, per post, msg, etc.  is real interesting issue.
*IF* going to add something to the DB, then how about applying a double login, like admin, to the DB sections that hold personal identifiers?
Least gain extra security, for the extra DB load & resource usage.



Re: EU and the GDPR

Reply #20
And the funny thing is: the user is the one that the system has to protect, not the owner. xD
Bugs creator.
Features destroyer.
Template killer.

Re: EU and the GDPR

Reply #21
And the funny thing is: the user is the one that the system has to protect, not the owner. xD
 :(
Yes .. You must first accept the GDPR before you can login  :D
Many are stubborn in relation to the path, a few in relation to the target.
Visit our new Forum Project on https://www.portamx.com

 

Re: EU and the GDPR

Reply #23
So pretty far behind on this...is this something that will be handled by the ElkArte software (an update?) or does each forum have to do this on their own modifications to comply with this?

Re: EU and the GDPR

Reply #24
I want to do "something", to make the life easier to the admins.
I'm pretty sure it will be impossible to have a "fully-compliant" ElkArte any time soon (even only because the requirements are not exactly clear as you may see from this very topic, where different people have different understanding of the law and so different opinions on what is necessary and what is not).
I hope to provide some tools in the next update, I'm not sure which.

Here some are tracked:
https://github.com/elkarte/Elkarte/issues?q=is%3Aissue+is%3Aopen+label%3AGDPR
If it were for me, I would see two as the most "pressing":
1) the revision of the agreement,
2) an easy way to "anonymize" a user that requires his data to be deleted.

In general, I think 2 is easier to implement than 1, but probably 1 is more useful than 2 right now.
Bugs creator.
Features destroyer.
Template killer.

Re: EU and the GDPR

Reply #25
The more useful one should be started first, I think.


Re: EU and the GDPR

Reply #27
Another interesting aspect:
https://law.stackexchange.com/questions/24623/gdpr-git-history
comment to the first answer.
I feel this could be applied to forum content as well.
Since the content is not produced by the admin, he has the obligation to be able to tell who wrote something in case of any potential legal case would arise (copyright violations, defamation, etc.).
To think about it.
Bugs creator.
Features destroyer.
Template killer.

Re: EU and the GDPR

Reply #28
I did an addon for another forum software which did the following. I could see if I can port it if needed.
Allows member to export their data. Their profile and post information
On member deletion clears IP address and email from posts and assigns a new username to all old posts.
Includes a privacy policy page, adds link in the footer and adds a section for consent on registration
Stores the date/time that the privacy policy was changed and option to force to reagree
Stores the date/time that the registration agreement was changed and option to force to reagree

Re: EU and the GDPR

Reply #29
That's a great offer. It would be fantastic if you did that! :D
ElkArte version: 1.1.5 / Theme: BeSocial / PHP 7.2.7