GDPR discussion thread

No, but for existing users, if you are sending a newsletter they didn't opt in to, then presumably before GDPR takes effect you need to send a mail saying they need to opt in to continue getting the newsletter.

I've dropped my newsletter because of GDPR. Not sure if that was necessary, but this is just a hobby for me, and I am trying to keep it simple.
 
So hopefully the XenForo developers will pay attention to what other platforms offer in response to the GDPR, why those other platforms show those responses, and how the courts handle the application of the GDPR. If the XenForo developers watch the developments, keep an open mind, and do the right thing, I've no doubt that we will see some additional tools in the core to help us navigate the new regulations. If not, then their competitors will have an advantage.

There is nothing for the XF developers to do:

XF is already compliant by default and there currently isn’t any further action planned.
 
I believe that you and some others are looking for a scape goat, it is up to you as the owner of your website that it is GDPR compliant regardless of the software or what it may or may not do.
 
I believe that you and some others are looking for a scape goat, it is up to you as the owner of your website that it is GDPR compliant regardless of the software or what it may or may not do.

And I believe that you too are mistaken. Time will tell. I don't think companies like Instagram are offering expansive data portability options out of the goodness of their hearts.

By the way, even if XenForo doesn't need anything added to be GDPR compliant, there is a lot more XenForo can do to help us to be GDPR compliant.

Just like there is a default Terms and a default Cookie Info, there could be a default Privacy Policy with most of the elements there to get us started. There could be a number of configurable Opt-In settings during registration for those of us who want to offer opt-in personalized ads, affiliate linking, etc.

Yes, those are not needs for someone running stock XenForo. But neither are ad placements, yet XenForo gives us ad placements. That's just one of many examples where XenForo goes beyond needs to give us wants.

Ultimately, XenForo has competition, and a lot of stuff that XenForo doesn't have to include is going to be included by their competition.

Lastly, I have put in the work so that my sites are GDPR compliant. So I have no need of a scapegoat.
 
What internet lawyer advised you of this? Or are you just pulling stuff out of the wild blue yonder?

I'm not going to go back and forth with you, Ozzy. I've done my research and have executed what is needed for my sites to be ready for May 25. From now until May 25th and beyond, I will continue to study any further guidance issued by regulatory bodies and key stakeholders as well as any pivotal court cases that transpire. And as always, I'll be looking at how XenForo measures up to the competition. So far, it has done so very well, and I expect that to continue to be the case.
 
If you have done all you have said, then you would know XF out of the box is ready for GDPR compliance. All you seem to be looking for his someone to blame if you fail to comply with the regulations. You can not blame the software if you do not comply, it takes on you as the website owner alone.
 
If you have done all you have said, then you would know XF out of the box is ready for GDPR compliance. All you seem to be looking for his someone to blame if you fail to comply with the regulations. You can not blame the software if you do not comply, it takes on you as the website owner alone.

As I said, I am not going to go back and forth with you. Feel free to keep insulting me, I'm just a customer.

I am done with this thread. Good luck, everyone.
 
I'm not going to go back and forth with you, Ozzy. I've done my research and have executed what is needed for my sites to be ready for May 25. From now until May 25th and beyond, I will continue to study any further guidance issued by regulatory bodies and key stakeholders as well as any pivotal court cases that transpire. And as always, I'll be looking at how XenForo measures up to the competition. So far, it has done so very well, and I expect that to continue to be the case.

You are making this out to be more then what it is, and the EU does not care about your forum, so unless you are one worlds largest data/transaction providers such as Google, Facebook, Amazon, Paypal, credit card providers, and any other number of tech giants that the EU would go after. You are going to the extreme of taking this into deep space, and according to Financial Times, the top companies are expecting to spend millions on something no one seems to know much anything about, and so I am glad you have figured all of this out, not only that, are you making so much money that your fine would not exceed 4% of your annual income. Do you make so much money that your fine would only max out at 20m euro? If so, then you must be running a global scale company that may rival Amazon, google, eBay, etc, can I have a job? ROFL.

https://www.ft.com/content/0d47ffe4-ccb6-11e7-b781-794ce08b24dc

Do you really think you are that important?

Become a global leader first, then worry about GDPR, gee.
 
I have someone looking further in to what is required specifically, but I understand that everyone with an advert serving platform like AdSense, DFP or AdExchange will need to present opt-in options for data collection on first visit. One example I saw had a modal window containing something like 8 tabs (pages) of 10 or so options. These options then need to be applied to the way the ad serving software operates. It will require an addon.
Also, and I believe this will require Xenforo core changes, there may be a requirement to present opt-in options for Google Analytics, which also must be applied.
I think Google will have to specify how these options are applied to their services and will use JavaScript variables set browser side. But I’m just guessing, now.
Since the options all have to be opt-in, everyone is going to click ‘close’ with the options OFF. Hence Adsense & AdExchange may generate less revenue because websites won’t be telling the ad networks information about each user and so can’t target ads to those users’ interests.
So ad marketers placing ad campaigns using AdSence etc. who can currently target our websites automatically by specifying that they want to target users with an interest in whatever our website is about, won’t find that works any more.
On the up side, websites who have direct sales should be able to capitalise on the situation. Advertisers wanting to target our audience specifically will have to come to us rather than the ad networks like AdSense. Or target our site specifically through the ad networks for which we set the price.
 
And this happens regulary, even with formerly friendly and engaged users you thought there never would be a problem. I even feel these cases increased over the last years. So, one (me) has to expect it's definetly going to happen. Maybe one or few users wait already to complain on the first day of GDPR, maybe it takes very few weeks, but it will happen for sure.
 
How can I, via Xenforo, be ready to give a user all his data if its being requested by him or her?

Within 1 month (maximum) I am actually required by law to present all the data belonging to that specific user, and send it to him or her. How will you make sure thats possible?

Does Xenforo devs thinks this is up to its customers to fix them selves via 3rd party?

I would actually expect that this was part of Xenforo core, a button named "download all user content", either in ACP from admin point of view or in the users own control panel to do as he or her like, just like Facebook is doing now.
And it should basically contain the same items as they give out.
 
Some quotes from a couple of emails I received (about five years ago) from someone after requestiong an account and data deletion. I responded very politely that our policy was not to delete accounts but to "anonymise" them and remove personal data. A couple of emails explaining this were returned undeliverable

His subsequent email:
Given your refusal to respond on the below, I shall place this matter in the hands of the Office of the Data Commissioner


My reply:
We have responded to every email you sent. They were all returned undeliverable.

If you have any ongoing worries about your personal data, then we would agree that consulting the Office of the Data Commissioner is your best course of action.


His next two emails:
How strange that they, and only they did not get through.

Given your disgusting attitude, I shall now make a formal complaint to the Commissioner.

You really are idiots.

Given your refusal to respond on the below, I shall place this matter in the hands of the Office of the Data Commissioner.

That's the last I heard of course.
 
Last edited:
Does Xenforo devs thinks this is up to its customers to fix them selves via 3rd party?

I agree with this completely, the software needs some 'extra' bits added to ensure that we can comply with all of the GDPR recommendations AND requirements. Some additional tools are needed (such as in Salvik's addon) for peace of mind if nothing else. If I have to pay for some functionality that should be stock, then I may have to reconsider my use of XF if there is ANY chance of falling foul of the law.

My concern here is that if other forum software can do it then what's stopping the XF team from adding a few little extras to help us out? An example would be adding something that forces users to accept any changes made to your T&C or Privacy Policy and recording the acceptance on their next login; that would be one box ticked on the wish list. Go further and do the full opt-in requirements especially for cookies dropped by third parties through the XF system, for advertising as an example.

It shouldn't be that difficult to implement and it would be seen as positive move by the development team in helping their customers stay safe when this law comes into effect.

There are many who are voicing the opinion that 'little forum owners' are not on the ICO (or whatever establishment enforces the law in different countries) radar, but all it takes it one serious complaint and the whole forum universe could come under the scrutiny spotlight and any gaping holes will quickly be spotted; what the outcome will be is unknown and unknowns are always unnerving.

;)
 
My concern here is that if other forum software can do it (IPS) then what's stopping the XF team from adding a few little extras to help us out?
Most of the features IPS added recently to comply with GDPR, XF has had for several years.
 
Top Bottom