Skip to main content
Topic: EU and the GDPR (Read 2004 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Re: EU and the GDPR

Reply #45
My hosting is from Singapore and the site is about a City in India. Not a business forum, but a general discussion forum.

Re: EU and the GDPR

Reply #46
In that case I don't think there should be any direct relevance to your situation.

Re: EU and the GDPR

Reply #47
For the record: after the "computer disaster", I started working again on this.
For the moment I set up a way to force the acceptance of the agreement, on "no accept" the user is directly sent to the "delete my account" (TBH I think an option to "accept the agreement" is missing at that point, something to work on), now I'm working on a parallel privacy policy that will work mostly the same (actually is almost exactly the same code, just with "privacy policy" instead of "agreement".
I still need to integrate the privacy policy in the registration process. I plan to re-use the settings of the agreement in terms of presentation, so if the agreement is presented as standalone page at registration, below it the privacy policy will be shown (for the moment I don't think I can go down the route of having two distinct checkboxes to accept both, it will be the normal button), or alternatively there will be the checkboxes (and both will be mandatory).
Spoiler (click to show/hide)

Any time the admin requires the members to accept an agreement/privacy policy, all the agreements/privacy policies (because of the possible multiple languages) are backed up with a unique id and the members are requested to accept the latest one.
It is responsibility of the admin ensure the various versions are kept aligned, there are very little tricks we can apply to ensure that.
Spoiler (click to show/hide)
Spoiler (click to show/hide)

I'm not yet sure if it is worth providing a default text for the privacy policy.
I'm thinking of adding a link to the privacy policy somewhere in the UI.

That said, I'm a bit behind my original schedule, anyway I want to have it out with 1.1.4, so I'll probably post a testing patch in the next few days.
Bugs creator.
Features destroyer.
Template killer.

Re: EU and the GDPR

Reply #48
I have created a settings Page .. Looks like the attach.
And I save the date (plus one day) in the members table .. so if I update the agreement, I can enter a new date so the updated version is shown again for all registered user on the next login, and must accepted.

And this: "Future improvement: show the members a list of the agreements accepted." is not the best idea ..  (I think)
With this you give other members proteted data (what a user have do) ..
Many are stubborn in relation to the path, a few in relation to the target.
Visit our new Forum Project on https://www.portamx.com

Re: EU and the GDPR

Reply #49
With this you give other members proteted data (what a user have do) ..

I don't think @emanuele wants to show user XYZ what an agreement user ABC has ever accepted.  ;)  I think he wants to show user XYC what himself has ever accepted. IMO the latest version should be enough, no need for a list with outdated agreements.

Re: EU and the GDPR

Reply #50
I have created a settings Page .. Looks like the attach.
Nothing so complicated: if you change the agreement a checkbox and done.

And I save the date (plus one day) in the members table .. so if I update the agreement, I can enter a new date so the updated version is shown again for all registered user on the next login, and must accepted.
And then you lose the history of what agreement the user accepted, that is against the GDPR.
Your implementation is broken.

And this: "Future improvement: show the members a list of the agreements accepted." is not the best idea ..  (I think)
With this you give other members proteted data (what a user have do) ..
I'm not sure what you are talking about.
I want to know when I agreed to a certain version of the agreement.
I don't care, of course, when *you* agreed to something.
But I need to know what I agreed on and when.

I don't think @emanuele wants to show user XYZ what an agreement user ABC has ever accepted.  ;)  I think he wants to show user XYC what himself has ever accepted. IMO the latest version should be enough, no need for a list with outdated agreements.
Actually, from my understanding, it's better if each user knows exactly what he agreed to and when, because technically, if you write in one agreement that you collect data for *something* and then you change the agreement, you can still *have* to use the old agreement for the data collected before.
Bugs creator.
Features destroyer.
Template killer.

Re: EU and the GDPR

Reply #51
Right, @emanuele, but you don't need to know what other users accepted in the past.


Re: EU and the GDPR

Reply #53
Another thought: we have an agreement that hast to be signed during registration. This agreemet holds information that is to some degree redundat to the contents of the DSGVO declaration. Formally this part pof the information needs to be mapped 1:1. It is mandatory that details of the DSGVO relevant info is identical. So why not merge those to files and maybe also add the imprint (AFAIK it is legal to merge Imprint and GDPR declarion in one file).  This would allow to maintain this info in one spot.

(I am going to do doing thisat least temporary because i want to go online with the upgraded forum this night.)

 

Re: EU and the GDPR

Reply #54
Why not make it part of the registration agreement, then if the Admin ever changes it, every user must choose to resign or inactivate their account? That's pretty much what the "big" sites do isn't it? Far simpler, every active user is always current, and no need storing a separate agreement for every user.  ;)

Re: EU and the GDPR

Reply #55
That's my suggestion.
But unfortunately the GDPR declaration must also be accessible from every page, like the imprint.

Re: EU and the GDPR

Reply #56
I am not sure, if we ever can do the the upgrade to ElkArte 1.1 and I have another forum, which is still SMF. ::)

Every registered member will get nearly "excluded" now. ( a special membergroup, which has only access to one board to write in there) They can agree or disagree in two or three topics in this board to our new rules and to our new DSGVO declaration.

If they disagree, their accounts will get deleted
or they will stay in this "special membergroup" until they have joined the forum and agreed.
If they agree, they will get the membergrop again, they had before.

In future we will use the "agree-button" on the registration page for the agreement to our DSGVO declaration and our community-rules.

If there anytime will be a member (I don't think so), which  want to  say that she disagrees now, she can send me a PM or write in forum about this.  Which means, that I will delete her account.

Quote
the GDPR declaration must also be accessible from every page, like the imprint

Yes...we have a link in the footer for this.

And I think, an additional  link to  our GDPR declaration during the registration and the button for agreement on the registration page will do it.

Re: EU and the GDPR

Reply #57
But unfortunately the GDPR declaration must also be accessible from every page, like the imprint.

A link to a page displaying said agreement should be super simple. Or a popup, or whatever is needed. That technicality exists regardless of method. 


Re: EU and the GDPR

Reply #59
it was announced for early in June.

For the time until the release it should be possible to add a link to the Impressum and Datenschutzerklärung in the footer.

And - if possible - to switch to SSL if possible. At least during the login procedure.

Unfortunately my browser moans heavily about "mixed mode", apparently somewhere in the QJuery stuff which results in layout not being displayed if SSL is on :-(

BTW: i went online last night with just a visible Datenschutzerklärung/Impressum and a copy of the Datenschutzerklärung in the terms of use document which new users need to agree to anyway.

That should be sufficient to protect You from cease and desist letters (Abmahnungen) by specialized lawyers. These people will have problems to act upon the DSGVO anyway, at  least on a private forum which is not in any economic competition. So in my view you should be pretty safe by providing these features.