GDPR discussion thread

Chris D said:
But then it falls down to responsibility. Whose responsibility is it to anonymise that information? Ideally it would be down to Google to provide that functionality, and I think they do so we may be able to provide an option for that.
Click to expand...
Anonymizing the IP address for Google Analytics is easy:

analytics.js
Code: 
ga('set', 'anonymizeIp', true);

ga.js
Code: 
_gaq.push(['_gat._anonymizeIp']);

gtag.js
Code: 
gtag('config', '<GA_TRACKING_ID>', { 'anonymize_ip': true });


So if anonymizig IP is enough than all is fine, but the a/m coment stated that Google considers it to be a requirement to delete data from Analytics if a user account gets deleted on the forum - right now this does not seem possible as the admin does not have the necessary IDs to do so.
So the question remains as to how we would be able to comply with this requirement (apart from simply not using Analytics of course).
 
Last edited:
RobParker said:
Does it? There was an EU ruling last year that IP adresses are PII if there is a way for the person storting them to have legitimate access to a system that can link it to an individual (i.e. they work at an ISP).

Has GDPR superseded that?
Click to expand...
Yep, pretty sure it has. Which is just... well, stupid.
 
RobParker said:
Does it? There was an EU ruling last year that IP adresses are PII if there is a way for the person storting them to have legitimate access to a system that can link it to an individual (i.e. they work at an ISP).

Has GDPR superseded that?
Click to expand...

Chris D said:
Yep, pretty sure it has. Which is just... well, stupid.
Click to expand...

Inside the scope of XenForo, yes as we also have other information we can link to a user, its personal.

However, once passed to analytics and anonymised, no, not our problem.
 
Chris D said:
The ironic thing is that the sheer majority probably won’t care in the slightest and more likely view things like being forced to accept policies as being an unnecessary hindrance.
Click to expand...

This is mostly true, however after Cambridge and Facebook episode, people with little to no interrest in privacy has had an eye opener. And I sincerly think we have not seen the last of it.

People should care about privacy, and with the items in 2.0.6 makes our management lifes easier. Thanks!
 
That's great :)

Though, as already pointed out before it's also a requirement to provide (at least) an opt-out functionality - XenForo itself currenly does not provide that.

According to a statement made by the "Konferenz der unabhängigen Datenschutzbehörden des Bundes und der Länder (DSK)" on March 26, 2018 explicit constent, eg. Opt-in is required for tracking like Google Analytics:
https://www.datenschutzbeauftragter...oogle-analytics-datenschutzkonform-einsetzen/
 
Kirby said:
That's great :)

Though, as already pointed out before it's also a requirement to provide (at least) an opt-out functionality - XenForo itself currenly does not provide that.

According to a statement made by the "Konferenz der unabhängigen Datenschutzbehörden des Bundes und der Länder (DSK)" on March 26, 2018 explicit constent, eg. Opt-in is required for tracking like Google Analytics:
https://www.datenschutzbeauftragter...oogle-analytics-datenschutzkonform-einsetzen/
Click to expand...

As we have pointed out, our guidance comes from the ICO and analytics falls under exemptions according to them.
 
That might very well be. Right now nobody really knows for sure 100% how to intepret the new laws and german lawyers/courts always tend to be a little bit more strict with privacy than those of other countries.
Only time will tell which interpretations hold true.
 
So if someone contacts you and wants to erase their account, do you need to ask to confirm whether he is EU citizen?
 
Can someone please tell me if there is any GDPR issue with admin discussion of a member, presuming they are discussing that member's forum behaviour and mentioning btheor username. My thoughts are that this is a normal and important part of running a forum, dealing with members that troll or are generally a nuisance. Should such discussions need to be deleted, or is it OK to keep for reference. Do they need to be divulged to the member if requested?
 
Wouldn't those count as private conversations, where I would be free discuss with you any opinions on any public politician without forwarding such confidences on to him ?

There would be no point in anonymizing behaviour reports anyway, because no-one would know what is being talked about. At the very most these are history files as kept by H&R minions on employees in normal firms, which I would imagine are forbidden to be edited, tampered with or destroyed under Employment Legislation.

[ Difficult for an employee to claim discrimination if all relevant files are hurriedly destroyed. ]
 
You must log in or register to reply here.

Similar threads

M
  • Question Question
Integration of subdomain with Shopify website
Replies
4
Views
698
MadHatter
M
Dakis
Online course for forum owners
2
Replies
26
Views
2K
Dakis
Dakis
Top Bottom