Skip to main content
Topic: Urgent ! New European DSGVO (GDPR) law hits all Forum Admins hard into your Face (Read 252 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Urgent ! New European DSGVO (GDPR) law hits all Forum Admins hard into your Face

Hi,
did you already read about the new
DSGVO (GDPR) law ?

There are now very high new requirements regarding storing user datas and IP adresses and Cookies
and each users has the right to get all his stored data, etc, etc. etc....


How can the Elkarte forum Software meet all these requirements ?

Will we have a plugin or a new version until the end of the month, that will handle
all these HUGE requirements ??

User Feline just said, that she will close her PortaMX forum at the end of the month,
cause she will not have a working solution by then...

Look at this:
https://www.portamx.com/forum-news-and-updates/latest-updates/msg20978/#msg20978

This law is really a total BS....but we have to obey it, cause it is EU law now then...

I think I will close then also all my forums at the 25.5.2018.....
What do you think ?

Regards, Stefan.

Re: Urgent ! New European DSGVO (GDPR) law hits all Forum Admins hard into your Face

Reply #1
My interpretation of what the GDPR means is different to feline's, this document https://ico.org.uk/media/for-organisations/documents/1600/social-networking-and-online-forums-dpa-guidance.pdf

Is a good source and example of what is required and what isn't.

Initially showing the will to conform is important, after that if you are found to be non compiant then they will work with you, rather than fine you outright. At least that is my interpretation of it initially.

Re: Urgent ! New European DSGVO (GDPR) law hits all Forum Admins hard into your Face

Reply #2
The same as I thought about the cookie directive: EU is not gonna chase me for my tiny little forum. And even if they do, they can fine for 4% of my income (from the forum) that is about -70 euro/year (since I don't have ad, I don't have donations, I don't have anything and just take out the money from my pocket to have a VPS up and running).

Do you monetize your forum? If so, then you may start having to think about complying with it.
Are you having the forum "for fun"? Then you are fine.

I'm working on some changes to Elk to *start* having something, but honestly I'm personally not going to write several features from scratch just for the GDPR. :)
Bugs creator.
Features destroyer.
Template killer.

Re: Urgent ! New European DSGVO (GDPR) law hits all Forum Admins hard into your Face

Reply #3
Do you monetize your forum? If so, then you may start having to think about complying with it.
Are you having the forum "for fun"? Then you are fine.

Not true .. 
Read this:
Quote
When an organisation, or individual acting for non-domestic
purposes, posts personal data on a social networking site,
message board or blog, they will need to ensure that they have
complied with the DPA
Many are stubborn in relation to the path, a few in relation to the target.
Visit our new Forum Project on https://www.portamx.com

Re: Urgent ! New European DSGVO (GDPR) law hits all Forum Admins hard into your Face

Reply #4
Sad to hear about this though I don't really care about it that much. I guess freedom of association is no longer protected in EU. Good luck to those who choose to close their forum because of this GDPR.

 

Re: Urgent ! New European DSGVO (GDPR) law hits all Forum Admins hard into your Face

Reply #5
Then let's use the exceptions:
Article 6

Lawfulness of processing

1.   Processing shall be lawful only if and to the extent that at least one of the following applies:

(a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
...
(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
The registration to me can be assimilated to a contract, so forums fall under point b: forum need to store IP, email addresses and nick names in order to fulfil the contract.
The storage of IP, email address and nick names is needed in order to provide the service for which the user registered to.

I'm pretty sure you will argue there are more personal data than that, sure. But these are the most prominent and fundamental to the functioning of the software. anything else can be scraped and anyway the data subject has the possibility to amend to them.

Again, in my current interpretation of the GDPR, there are two things needed:
  • logging of the agreement (on which I'm working)
  • anonymization (on which I'll work one 1 is done)

Everything else are all things that can be improved, but are all already around in a way or another.
Do you need to fully anonymize? A few UPDATEs and it's done.
Do you need to extract the personal data? Few SELECTs and it can be done.
etc.
 Yes, I'm talking with my developer (well, mostly lol) mindset, of course, but with the developer mindset I can tell you that everything can be worked out and I don't see reasons to freak out and scare people with the 20 million euro fines.

To me, anyway, the most important aspect that nobody seems to have grasped are not the technical ways to deal with the requests, but is the informations given to the users. The point is to inform the data subject telling them how the data are used. Doing that is already 90% of the problem. Do that "right" is already a good part of dealing with GDPR.
That said, I'm not a lawyer, I can provide the technical details of how and why data are stored, but then write down a "nice" information is another thing.
Bugs creator.
Features destroyer.
Template killer.

Re: Urgent ! New European DSGVO (GDPR) law hits all Forum Admins hard into your Face

Reply #6
User Feline just said, that she will close her PortaMX forum at the end of the month,
cause she will not have a working solution by then...
Well .. we have today activated our GDPR functionallity  ;)
Works as designed .. so I think, we are on a good way.

Currently we have no data export, that comes later ...

Fel
Many are stubborn in relation to the path, a few in relation to the target.
Visit our new Forum Project on https://www.portamx.com

Re: Urgent ! New European DSGVO (GDPR) law hits all Forum Admins hard into your Face

Reply #7
The first cease-and-desist orders are already hitting websites in Germany,
so as Elkarte.net  itsself has no GDPR plugin enabled it is already vulnerable to these
ease-and-desist orders..
So please hurry up to release the new version and also implement it over here... Many thanks.

See:
https://www.youtube.com/watch?v=VIMAXEmpXOE


Re: Urgent ! New European DSGVO (GDPR) law hits all Forum Admins hard into your Face

Reply #8
Also I can not find any Impressum -  or About us page on Elkarte.net

Only the credits page:
https://www.elkarte.net/community/index.php?action=who;sa=credits
But this is not enough, as it must be stated who also owns the domain
and who is responsible for the domain and its content-..

So this is required by law...

So You better get movin... and add this to this domain..