Re: EU and the GDPR
Reply #16 –
Well ..I'm not sure if your meaning the right..
I think it's the same as the EU Cookie Law .. this regular is only valid for EU User.
The GDPR is only Interested for Companys outside the EU if he store data from Users INSIDE the EU .. and these must have also the ECL functionally.
So if I check the users Location I can say "He must accept the GDPR" or not.
Same what I do with the ECL ... If the user inside the EU he must accept ECL, if he outside the EU he must not accept the ECL.
And this functionally the Admin can enable/disable ..
But .. this is only myself meanings ..
Re: EU and the GDPR
Reply #17 –
What does it happen is a EU citizen is abroad when accessing the site?
He is still a citizen of the EU, but is visiting the USA (let's say). The forum doesn't show the agreement, but still the user should be presented with the information.
Re: EU and the GDPR
Reply #18 –
If this the FIRST login, then .. you are right.
My Plans ..
If a EU-User do a login and have NOT accepted the GDPR (as I say .. a column in the members table) he must accept the GDPR before he can continue the Login.
If he not Accept the GDPR, he get a Screen where he can request a "accout delete" and the Login is abort.
But .. that all is (at the moment theoretic) because the Hosting Company where you have the site hosted have also a Problem with the GDPR .. because he can run in Problems if he allow that I save GDPR Relevant user data on his server (Like IP Adress).
So ... I have today contacted my Hosting .. but at the moment he have no informations what comes ...
This ugly GDPR is a havy thing .. and nobody is sure what is need and what not ...
The savin of the IP is a thing what is (normaly) not need ... because Bans on the IP don't work correctly.
So also I think on the removing of IP storage for posts and any other ...
Feline
Re: EU and the GDPR
Reply #19 –
This doesn't apply to me at all, & I am way green/inexperienced. BUT JUST A IDEA ....
couldn't delete all users passwords
force them do a lost password action
AND drop the EU cookie notice, into user agreement for future users, and on the password form, for existing users, append the EU cookie notice.
FOR SAY, A WEEK ... give everyone time to get their new pw, and see the notice.
Then can remove it - clean user base.
Or even just a required checkbox on the reg form
so won't have to FOREVER carry a extra DB class.
Perhaps in advance, send out a mass mail to all users, explaining, with a date planned to impliment it.
The deleima about the part relating to site storing info, like logs, per post, msg, etc. is real interesting issue.
IF going to add something to the DB, then how about applying a double login, like admin, to the DB sections that hold personal identifiers?
Least gain extra security, for the extra DB load & resource usage.
Re: EU and the GDPR
Reply #20 –
And the funny thing is: the user is the one that the system has to protect, not the owner. xD
Re: EU and the GDPR
Reply #23 –
So pretty far behind on this...is this something that will be handled by the ElkArte software (an update?) or does each forum have to do this on their own modifications to comply with this?
Re: EU and the GDPR
Reply #25 –
The more useful one should be started first, I think.
Re: EU and the GDPR
Reply #28 –
I did an addon for another forum software which did the following. I could see if I can port it if needed.
Allows member to export their data. Their profile and post information
On member deletion clears IP address and email from posts and assigns a new username to all old posts.
Includes a privacy policy page, adds link in the footer and adds a section for consent on registration
Stores the date/time that the privacy policy was changed and option to force to reagree
Stores the date/time that the registration agreement was changed and option to force to reagree