Skip to main content
Topic: EU and the GDPR (Read 15237 times) previous topic - next topic
0 Members and 3 Guests are viewing this topic.

EU and the GDPR

What plans are on Elkarte for supporting the functionality required by GDPR after May 2018?
I think, that this is not simple to implement and I think it's a good option we make a consens of this, right?

Fel

Many are stubborn in relation to the path, a few in relation to the target.
Visit our new Forum Project on https://www.portamx.com


Re: EU and the GDPR

Reply #2

Just tell users about it in the agreement and via notification (email and others) that certain basic data are going to be shown publicly via their profile while using the forum unless they disable them (except from admin staff). They may also opt to publicly show more available details too.

Re: EU and the GDPR

Reply #3

Quote from: ahrasis – Just tell users about it in the agreement and via notification (email and others) that certain basic data are going to be shown publicly via their profile while using the forum unless they disable them (except from admin staff). They may also opt to publicly show more available details too.

That's... really not nearly enough.

Re: EU and the GDPR

Reply #4

Heheheh... I don't think anything can satisfy you @Arantor especially a simple approach or view like mine, above or others. ;)

Being a laws' abiding citizen is a good thing, but being paranoid of the laws is something else, at least that is what we are trying to educate our people in our own country.

Regarding data protection, I know the laws in my country and read some of EU's and the steps to be taken and to me there is nothing much to be worried about, but of course you can still consult your government or lawyers about it.

I am looking forward to see the "great" outcome of this GDPR in ElkArte and whatever softwares that are being developed and used in EU as this will definitely be fun. :)

Re: EU and the GDPR

Reply #5

Weeeeell quite a bit late, but I started reading the regulation.
I decided to go with tracking all the issues I think have to be addressed (or I'm not sure are to be addressed), so I created a label and started filing them:
https://github.com/elkarte/Elkarte/labels/GDPR
At this very moment I'm at Article 17. I'm pretty sure it will not be necessary to read all the 99 (actually I feel 17 is the last relevant and the most important), but let's see. :'(
Bugs creator.
Features destroyer.
Template killer.

Re: EU and the GDPR

Reply #6

The one I pointed out was at Article 18, I think. But if you want to add it as a feature / addon, it's ok to me.

Re: EU and the GDPR

Reply #7

hmm... Article 18 is "Right to restriction of processing":
Quote1.   The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

(a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;

(b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

(c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;

(d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
TBH I have no idea how these could be enforced in any reasonable way...
It would mean give each user the option to enable/disable the use of personal data "on-the-fly", this would be rather difficult, you would need to be able to have the forum work with or without any personal information at any point in time.
My current idea of implementation is "either you give permission or not", but if you have an idea feel free to propose it.
Bugs creator.
Features destroyer.
Template killer.


Re: EU and the GDPR

Reply #9

Ahhh okay, good point, worth investigating!
Bugs creator.
Features destroyer.
Template killer.

Re: EU and the GDPR

Reply #10

I could be wrong though especially when I think this does not relate to me or my country. So do carry on and have fun breaking legs... I mean codes...  :D

Re: EU and the GDPR

Reply #11

LOL
Bugs creator.
Features destroyer.
Template killer.

Re: EU and the GDPR

Reply #12

I was thinking of going so far as to disable IP address logging, and disable the anti-spam measures, as they currently send out the personally identifying user name and email address along with the IP address, and under this law, we should only be correlating by IP address.

And we should not be logging any more information than is necessary to grant bare minimum access to the services, so keeping any unnecessary records should be straight out. That probably also includes server access logs, but that's outside the bounds of this forum script.

Re: EU and the GDPR

Reply #13

Well, IMO that's a bit of an extreme position.

The point is not outright stop any tracking or limiting the tracking to the bare minimum.
The point is inform the user there is a tracking activity. There is a certain reason for this tracking. And, in case of requests "deal with them" (I'm not even sure (yet) that the removal is the only option, if we need an IP address to identify potentially offensive or unwanted behaviours, then it's "our" right as admins to use this information).
Bugs creator.
Features destroyer.
Template killer.

Re: EU and the GDPR

Reply #14

I think, that all is not TO complexe ..
For new User you can add a "GDPR" Part in the Register Aproval text.
So If a user acceccpt this, he accept the user-data saving (ip and other)

More complexe for exist user .. these MUST accept the GDPR on first login after this functionallity is enabled.
So we need a additional column in the membes table (gdpr_accepted) I think.
AND ..
This is only need for EU user, not for user outside the EU .. So this also must check (in EU, outside EU .. can by done with the IP address and the GEOIP Service)

This is, what we think to implement until end of Mai ...

Feline
Many are stubborn in relation to the path, a few in relation to the target.
Visit our new Forum Project on https://www.portamx.com