EU and the GDPR
What plans are on Elkarte for supporting the functionality required by GDPR after May 2018?
I think, that this is not simple to implement and I think it's a good option we make a consens of this, right?
Fel
Re: EU and the GDPR
Reply #2 –
Just tell users about it in the agreement and via notification (email and others) that certain basic data are going to be shown publicly via their profile while using the forum unless they disable them (except from admin staff). They may also opt to publicly show more available details too.
Re: EU and the GDPR
Reply #6 –
The one I pointed out was at Article 18, I think. But if you want to add it as a feature / addon, it's ok to me.
Re: EU and the GDPR
Reply #9 –
Ahhh okay, good point, worth investigating!
Re: EU and the GDPR
Reply #12 –
I was thinking of going so far as to disable IP address logging, and disable the anti-spam measures, as they currently send out the personally identifying user name and email address along with the IP address, and under this law, we should only be correlating by IP address.
And we should not be logging any more information than is necessary to grant bare minimum access to the services, so keeping any unnecessary records should be straight out. That probably also includes server access logs, but that's outside the bounds of this forum script.
Re: EU and the GDPR
Reply #13 –
Well, IMO that's a bit of an extreme position.
The point is not outright stop any tracking or limiting the tracking to the bare minimum.
The point is inform the user there is a tracking activity. There is a certain reason for this tracking. And, in case of requests "deal with them" (I'm not even sure (yet) that the removal is the only option, if we need an IP address to identify potentially offensive or unwanted behaviours, then it's "our" right as admins to use this information).
Re: EU and the GDPR
Reply #14 –
I think, that all is not TO complexe ..
For new User you can add a "GDPR" Part in the Register Aproval text.
So If a user acceccpt this, he accept the user-data saving (ip and other)
More complexe for exist user .. these MUST accept the GDPR on first login after this functionallity is enabled.
So we need a additional column in the membes table (gdpr_accepted) I think.
AND ..
This is only need for EU user, not for user outside the EU .. So this also must check (in EU, outside EU .. can by done with the IP address and the GEOIP Service)
This is, what we think to implement until end of Mai ...
Feline