GDPR discussion thread

I think GDPR won't change anything for most forum admins. Most even don't collect personal data from users (public posts are not "personal data") beside their email addresses. And those are deleted once the account is deleted.

Regarding newsletters, I don't think the new law requires to change anything. You should allow your users to unsubscribe if they don't like the newsletter. The interpretation of some lawyers that you have to allow unsubscribing without a login is very questionable. Professional admins will of course respect unsubscribe requests via email answer to the newsletter and make it generally very easy to unsubscribe.

I also don't think Xenforo has a dedicated "Newsletter" feature.
 
At the moment, XF1.5x does not offer a functionality to unsubscribe from the site mailings or the normal thread subscriptions without being forced to login.

I just tested this on an XF1 site with a thread reply email and the unsubscribe link worked perfect in an incognito window without having to log in?
EDIT: And XF2
 
I just tested this on an XF1 site with a thread reply email and the unsubscribe link worked perfect in an incognito window without having to log in?
EDIT: And XF2

The thread reply is a transactional email which has to follow other rules than marketing emails ("newsletters").
 
Most even don't collect personal data from users

Cookies are personal data. Email adresses, IP numbers too.

I also don't think Xenforo has a dedicated "Newsletter" feature.

A newsletter is just a name. You can call it daisy dug. As long as you send out emails regularly to more than a few users, it will be handled legally like a newsletter.

We are again at what person A or Person B "believes". I quoted lawyers. Make your own judgement whom you want to believe.

So far, nobody could link to a statement of a lawyer that the way how XF1.5 is handling this (no checkbox during registration, no link in the emails, no unsubscription without login) is in line with the new law.

Why XF is not taking a lawyer specialized in this and make him a statement here? This is a very important point and should not end up in wild guesses of non-lawyers.
 
I just tested this on an XF1 site with a thread reply email and the unsubscribe link worked perfect in an incognito window without having to log in?
EDIT: And XF2

The same is needed for the option "get site mailings by admin" in the userprofle
 
You quoted those German lawyers, maybe other lawyers have an other interpretation/view of this? It is not because you are German that the German lawyers are right or you could also be misinterpreting what they write.

So following the logic used, a lawyer should explicitlty say that the xenforo email system is the same as a newsletter and/or the method used for unsubscibring is not enough. Else you are also just guessing and not a lawyer.
 
Last edited:
So far, nobody could link to a statement of a lawyer that the way how XF1.5 is handling this (no checkbox during registration, no link in the emails, no unsubscription without login) is in line with the new law.

This is because Xenforo is not a newsletter software. Otherwise it would have a non-ticked box with a newsletter description during registration. As a Xenforo user you can opt-in to get transactional email notifications about certain actions. You also can opt-out of all those informational emails. This is fully inline with the new law.

If a Xenforo admin wants to send professional newsletters to it's users some customization in Xenforo would have to be made. Since -again- there is no "Newsletter" feature for marketing emails in Xenforo.

Also it is the job of lawyers to protect their customers, so they like to "over-interpret" new law to make absolutely sure nothing can happen. I don't think a regular Xenforo user will have a problem with the new law. And if you have a large community with newsletters and other things you will know how to comply with the law and be able to change what needs to be changed. But this is not Xenforo related. :)
 
Why XF is not taking a lawyer specialized in this and make him a statement here? This is a very important point and should not end up in wild guesses of non-lawyers.

That is an option to be sure. It is a very simple question.
 
This is because Xenforo is not a newsletter software. ...

we are going back and forth here but no step forward. I think we can be sure, hat no matter how a software is called, as soon as you are able (and do) send massmailings with it, it the law for mass emails have to be applied, no matter where the functionality is hidden.

We all use this feature, so we are all guilty and can not argue "but this is called differently" or "but this is just a minor feature of this software" ;)

I need more statements of lawyers here who are specialized in this subject.

You quoted those German lawyers, maybe other lawyers have an other interpretation/view of this?

Correct. Those are the only lawyers I found today online.

But this is actually a work/the duty of the developpers. They have to convince us that their software is in accordance with EU law ;)
 
But this is actually a work/the duty of the developpers. They have to convince us that their software is in accordance with EU law ;)

Wrong. They provide the software and describe its features. YOU as a site owner have to make sure you comply with the law applicable to your site. If you need a lawyer to find out what you need, you are free to hire a lawyer.

Also I think you tend to ignore the difference between transactional and marketing emails. There are different legal requirements.
 
I need more statements of lawyers here who are specialized in this subject.

Then consult a lawyer that you hire to tell you how he/she interpreted the law, no lawyer is going to make a blanket statement online to cover everyone. They simply will not because then you could come back to them should something happen.
 
Wrong. They provide the software and describe its features. YOU as a site owner have to make sure you comply with the law applicable to your site. If you need a lawyer to find out what you need, you are free to hire a lawyer.
You're right. If your point was incorrect, then the BitTorrent company would be liable for every single copyright infringing download users of their client software engage in.

Providers of network testing tools would be liable for every time someone uses the tool to test a network they do not have permission to test.

Knife manufacturers would be liable for every crime committed using their knives as a weapon.

Etc.

The notion that it's the duty of the XenForo developers to ensure the software complies with every single law in every single district in every single county (in every single state) in every single country is insane.


Fillip
 
@DragonByte Tech

Your logic is flawed, sorry to say.

BitTorrent is of course not liable for every single copyright infringing. Why? Because BitTorrent does not provide this. It only provides "downloading". What you download is up to you. Just like what you do with a "knife".

Now if you said that XF is not liable for every single owner who sends to users newsletters, you were right. XF's job is not to track down who sends who newsletters. XF only provides the mechanic of newsletter sending. Just like Bittorrent.

But that was out of the question. The new laws (if they are correctly interpreted from snoopy) doesn't talk about to who you send newsletters.
It talks in general about the mechanic of sending newsletters. Now in this case it makes XF liable. Because the algorithm/coding/mechanic is in the question, not what you do with it.

So your comparison/logic is flawed.

And if snoopy's interpretation is correct, it would make XF liable in this case.
 
Your logic is flawed, sorry to say.
Not half as flawed as yours, sorry to say.

The new laws (if they are correctly interpreted from snoopy) doesn't talk about to who you send newsletters.
It talks in general about the mechanic of sending newsletters. Now in this case it makes XF liable. Because the algorithm/coding/mechanic is in the question, not what you do with it.
That is 100% false.

Liability of a manufacturer of anything (be it software or physical goods like a gun or a knife) is determined by the intended purpose of the tool.

A knife manufacturer is not liable because the primary, intended purpose is not to stab someone.
Criminal activity (according to your local laws) is possible by using the tool in such a way that violates your local laws.

BitTorrent is not liable because the primary, intended purpose is not copyright infringement.
Copyright infringement (according to your local laws) is possible by using the tool in such a way that violates your local laws.

A network testing tool manufacturer is not liable because the primary, intended purpose is not to crash others' networks.
Criminal network disruption (according to your local laws) is possible by using the tool in such a way that violates your local laws.

XenForo is not liable because the primary, intended purpose of their forum software is not to send newsletters.
Illegal mass marketing (according to your local laws) is possible by using the tool in such a way that violates your local laws.

Copyright infringement is also possible via XenForo, by uploading and sharing content that you do not have the right to upload and share.
Is XenForo liable for this, because it allows you to upload attachments? The "algorithm/coding/mechanic" that allowed you to commit unlawful acts was put in the software by XenForo, so they should be liable, according to you.

If you believe that a manufacturer of any tool, be it physical or digital, that can be used completely within the realm of your local laws, but can also be used to commit unlawful acts, should be liable... If you believe the intended purpose of XenForo is to send marketing emails... Then I don't know what to tell you at this point.


Fillip
 
Liability of a manufacturer of anything (be it software or physical goods like a gun or a knife) is determined by the intended purpose of the tool.
That is absolutely not true. It varies from item to item, but this is such a nonsense.
So any car manufacturer can build cars without safety precautions? "Oh, hey, our intended purpose is only move you from point A to B, if you die along the way, it is not our problem."

Your rest talk is talking about something I didn't even talked about.

In general I agreed with you anyway, as I said ofcourse bittorent or knife manufacturers are not liable what you do with those items.
UNLESS there is a LAW which is NOT ABOUT THE USE of the items but ABOUT THE ITEMS THEMSELVES!

And sending newsletters make any software liable, if there are laws about sending newsletters. Doesn't matter if the intended purpose is something different, if it has this mechanic, you are bound to it.
 
Last edited:
That is absolutely not true. It varies from item to item, but this is such a nonsense.
So any car manufacturer can build cars without safety precautions? "Oh, hey, our intended purpose is only move you from point A to B, if you die along the way, it is not our problem."
Obviously the argument will look like nonsense when you submit a straw man argument like you have done here. I honestly didn't think I had to clarify that much...

But, since I apparently have to: My comment regarding liability is only true in relation to whether the manufacturer can be held liable for the usage of a tool to commit an unlawful act.

Manufacturers have. a lot of other liabilities that are in no way, shape or form related to liabilities pertaining to the use of the tool to commit an unlawful act.

Does that clarify my point for you?


Fillip
 
Does that clarify my point for you?
It did, you repeat the same again, for the third time now, without understanding that your point was never the problem in first place.
Yes, your point makes sense and is valid, BUT your point has nothing to do with what this is about.

My comment regarding liability is only true in relation to whether the manufacturer can be held liable for the usage of a tool to commit an unlawful act.
As nobody is talking about if XF is liable for its users who send newsletters. XF isn't. The problem here is not about the usage of the tool. The problem is about the tool itself, not the usage. If snoopy's interpretation is correct, then the tool "sending newsletters" has to have a standard EU-given form. That law is not talking about the usage, like how you use the newsletter, but about how the newsletter mechanic has to work.

This is my last time repeating this, if you don't get it, alright, but please don't talk about X when people talk about Y.

And I did not use a strawman btw.
 
Last edited:
The GDPR explicitly forces privacy and security by design of software. 'Data protection by design and by default'
https://gdpr-info.eu/art-25-gdpr/
GDPR said:
When developing, designing, selecting and using applications, services and products that are based on the processing of personal data or process personal data to fulfil their task, producers of the products, services and applications should be encouraged to take into account the right to data protection when developing and designing such products, services and applications and, with due regard to the state of the art, to make sure that controllers and processors are able to fulfil their data protection obligations.
https://gdpr-info.eu/recitals/no-78/
 
GDPR Quote: "....with due regard to the state of the art..."

Exactly this is not the case currently.

If 95% or more of newsletter-like software are offering unsubscribe links at the buttom of each email plus a login-free unsubscription plus the checkbox at the right place before/during the registration, we all can agree that this is the current "state of the art", the benchmark with which we have to compare Xenforo to be in accordance with the law.

It is technically really a minor thing to do for xenforo. So I wonder why there is such a reluctance to simply just do it and get it out of the way?
 
So I wonder why there is such a reluctance to simply just do it and get it out of the way?

Because XenForo 1 is no longer under active development, it hasn't been for some time. The only releases will be security ones. We aren't going to be backwards engineering fixes for every piece of new legislation the EU decides to churn out.

XenForo 2 supports what you ask, therefore should it ever become an issue (and lets be honest, people lost their minds over the cookie law thing and nothing ever came of it) we would simply say they just need to update to the latest version of XenForo. In a similar way that XenForo 1 Enhanced Search does not, and will not support SSL connections to ElasticSearch. It might sound a bit callous but our development is moving forwards on XenForo 2.x not on 1.x.

As with any legal matter you should hire your own legal council if you are worried, and not just rely on generic web articles.

Similarly, the right to be forgotten stirred up a lot of similar arguments that people would delete all the content off a site etc citing the GDPR. However when I spoke to the ICO (the UK body in charge of data protection) they said what I was suggesting all along of renaming and deleting the account (and specific posts if they contained personally identifiable information and was brought to the webmasters specific attention) was considered acceptable.

Unless the scale of abuse from a website was extraordinary, likewise you would not just be smacked with a fine on the spot, you would most likely be given plenty of warning to fix the problem before it ever got serious. Again, speaking to the ICO I was told these laws are being put in place to stop the wholesale abuse of transfer of data and negligent organisations (like people taking unencrypted laptops with thousands of patients data and losing it on the train) that has occurred in the past and hold prolific offenders to account. Not to target webmasters who may just need a point to change something.

Seems like this is being made a mountain out of a molehill, for an article which seems more focused on marketing mailing lists which have 1 button sign ups, and therefore need 1 button unsubscribes, than forum software which serves an entirely different purpose.

If it genuinely is something you are that concerned about, write an addon to do it, and stick it up for sale, if others share your opinion, you could certainly make a lot of money off it :)

FWIW, I have fired off the question to the ICO for a response.
 
Top Bottom