GDPR discussion thread

How do I know if those details are passed to them only by using their service? For example SparkPost.
 
I feel it will be very useful if there were a GDPR section in the FAQ/Help area which is common amongst Xenforo forums. It would save time when people start firing in the same questions and (invalid) deletion requests. Is this something anyone is interested in working on together to write?
 
Anyone running Google Adsense, DFP, AdX, Analytics and many other Google products on their site(s) will have to comply with Google's new GDPR related policy changes. This is according to an email I received from Google.
 
ozzy47 said:
What was the contents of the email? Did they provide a link to their GDPR policy changes?
Click to expand...

Dear Partner,
Over the past year we've shared how we are preparing to meet the requirements of the GDPR, the new data protection law coming into force on May 25, 2018. The GDPR affects European and non-European businesses using online advertising and measurement solutions when their sites and apps are accessed by users in the European Economic Area (EEA).
Today we are sharing more about our preparations for the GDPR, including our updated EU User Consent Policy, changes to our contract terms, and changes to our products, to help both you and Google meet the new requirements.
Updated EU User Consent Policy
Google's EU User Consent Policy is being updated to reflect the new legal requirements of the GDPR. It sets out your responsibilities for making disclosures to, and obtaining consents from, end users of your sites and apps in the EEA. The policy is incorporated into the contracts for most Google ads and measurement products globally.
Contract changes
We have been rolling out updates to our contractual terms for many products since last August, reflecting Google’s status as either data processor or data controller under the new law (see full classification of our Ads products). The new GDPR terms will supplement your current contract with Google and will come into force on May 25, 2018.
In the cases of DoubleClick for Publishers (DFP), DoubleClick Ad Exchange (AdX), AdMob, and AdSense, Google and its customers operate as independent controllers of personal data that is handled in these services. These new terms provide clarity over our respective responsibilities when handling that data and give both you and Google protections around that controller status. We are committing through these terms to comply with our obligations under GDPR when we use any personal data in connection with these services, and the terms require you to make the same commitment.
Shortly, we will introduce controller-controller terms for DFP and AdX for customers who have online terms.
By May 25, 2018 we will also introduce new terms for AdSense and AdMob for customers who have online terms.
If you use Google Analytics (GA), Attribution, Optimize, Tag Manager or Data Studio, whether the free or paid versions, Google operates as a processor of personal data that is handled in the service. Data processing terms for these products are already available for your acceptance (Admin → Account Settings pages). If you are an EEA client of Google Analytics, data processing will be included in your terms shortly. GA customers based outside the EEA and all GA 360 customers may accept the terms from within GA.
Product changes
To comply, and support your compliance with GDPR, we are:
Launching a solution to support publishers that want to show only non-personalized ads.
Launching new controls for DFP/AdX programmatic transactions, AdSense for Content, AdSense for Games, and AdMob to allow you to control which third parties measure and serve ads for EEA users on your sites and apps. We’ll send you more information about these tools in the coming weeks.
Taking steps to limit the processing of personal information for children under the GDPR Age of Consent in individual member states.
Launching new controls for Google Analytics customers to manage the retention and deletion of their data.
Exploring consent solutions for publishers, including working with industry groups like IAB Europe.
Find out more
You can refer to privacy.google.com/businesses to learn more about Google’s data privacy policies and approach, as well as view our data processing terms and data controller terms.
If you have any questions about this update, please don't hesitate to reach out to your account team or contact us through the Help Center. We will continue to share further information on our plans in the coming weeks.
Thanks,
The Google Team
Click to expand...

More here https://privacy.google.com/businesses/
 
Dear Partner,

Over the past year we've shared how we are preparing to meet the requirements of the GDPR, the new data protection law coming into force on May 25, 2018. The GDPR affects European and non-European businesses using online advertising and measurement solutions when their sites and apps are accessed by users in the European Economic Area (EEA).

Today we are sharing more about our preparations for the GDPR, including our updated EU User Consent Policy, changes to our contract terms, and changes to our products, to help both you and Google meet the new requirements.

Updated EU User Consent Policy
Google's EU User Consent Policy is being updated to reflect the new legal requirements of the GDPR. It sets out your responsibilities for making disclosures to, and obtaining consents from, end users of your sites and apps in the EEA. The policy is incorporated into the contracts for most

Google ads and measurement products globally.

Contract changes
We have been rolling out updates to our contractual terms for many products since last August, reflecting Google’s status as either data processor or data controller under the new law (see full classification of our Ads products). The new GDPR terms will supplement your current contract with Google and will come into force on May 25, 2018.

In the cases of DoubleClick for Publishers (DFP), DoubleClick Ad Exchange (AdX), AdMob, and AdSense, Google and its customers operate as independent controllers of personal data that is handled in these services. These new terms provide clarity over our respective responsibilities when handling that data and give both you and Google protections around that controller status. We are committing through these terms to comply with our obligations under GDPR when we use any personal data in connection with these services, and the terms require you to make the same commitment.
  • Shortly, we will introduce controller-controller terms for DFP and AdX for customers who have online terms.
  • By May 25, 2018 we will also introduce new terms for AdSense and AdMob for customers who have online terms.
If you use Google Analytics (GA), Attribution, Optimize, Tag Manager or Data Studio, whether the free or paid versions, Google operates as a processor of personal data that is handled in the service. Data processing terms for these products are already available for your acceptance (Admin → Account Settings pages). If you are an EEA client of Google Analytics, data processing will be included in your terms shortly. GA customers based outside the EEA and all GA 360 customers may accept the terms from within GA.

Product changes

To comply, and support your compliance with GDPR, we are:
  • Launching a solution to support publishers that want to show only non-personalized ads.
  • Launching new controls for DFP/AdX programmatic transactions, AdSense for Content, AdSense for Games, and AdMob to allow you to control which third parties measure and serve ads for EEA users on your sites and apps. We’ll send you more information about these tools in the coming weeks.
  • Taking steps to limit the processing of personal information for children under the GDPR Age of Consent in individual member states.
  • Launching new controls for Google Analytics customers to manage the retention and deletion of their data.
  • Exploring consent solutions for publishers, including working with industry groups like IAB Europe.
Find out more

You can refer to privacy.google.com/businesses to learn more about Google’s data privacy policies and approach, as well as view our data processing terms and data controller terms.

If you have any questions about this update, please don't hesitate to reach out to your account team or contact us through the Help Center. We will continue to share further information on our plans in the coming weeks.

Thanks,
The Google Team
 
ozzy47 said:
What was the contents of the email? Did they provide a link to their GDPR policy changes?
Click to expand...

Not sure if they're referring to the same email, but this is what I got:

Dear Partner,Over the past year we've shared how we are preparing to meet the requirements of the GDPR, the new data protection law coming into force on May 25, 2018. The GDPR affects European and non-European businesses using online advertising and measurement solutions when their sites and apps are accessed by users in the European Economic Area (EEA).Today we are sharing more about our preparations for the GDPR, including our updated EU User Consent Policy, changes to our contract terms, and changes to our products, to help both you and Google meet the new requirements.Updated EU User Consent PolicyGoogle's EU User Consent Policy is being updated to reflect the new legal requirements of the GDPR. It sets out your responsibilities for making disclosures to, and obtaining consents from, end users of your sites and apps in the EEA. The policy is incorporated into the contracts for most Google ads and measurement products globally.Contract changesWe have been rolling out updates to our contractual terms for many products since last August, reflecting Google’s status as either data processor or data controller under the new law (see full classification of our Ads products). The new GDPR terms will supplement your current contract with Google and will come into force on May 25, 2018.In the cases of DoubleClick for Publishers (DFP), DoubleClick Ad Exchange (AdX), AdMob, and AdSense, Google and its customers operate as independent controllers of personal data that is handled in these services. These new terms provide clarity over our respective responsibilities when handling that data and give both you and Google protections around that controller status. We are committing through these terms to comply with our obligations under GDPR when we use any personal data in connection with these services, and the terms require you to make the same commitment.
  • Shortly, we will introduce controller-controller terms for DFP and AdX for customers who have online terms.
  • By May 25, 2018 we will also introduce new terms for AdSense and AdMob for customers who have online terms.
If you use Google Analytics (GA), Attribution, Optimize, Tag Manager or Data Studio,whether the free or paid versions, Google operates as a processor of personal data that is handled in the service. Data processing terms for these products are already available for your acceptance (Admin → Account Settings pages). If you are an EEA client of Google Analytics,data processing will be included in your terms shortly. GA customers based outside the EEA and all GA 360 customers may accept the terms from within GA.Product changesTo comply, and support your compliance with GDPR, we are:
  • Launching a solution to support publishers that want to show only non-personalized ads.
  • Launching new controls for DFP/AdX programmatic transactions, AdSense for Content, AdSense for Games, and AdMob to allow you to control which third parties measure and serve ads for EEA users on your sites and apps. We’ll send you more information about these tools in the coming weeks.
  • Taking steps to limit the processing of personal information for children under the GDPRAge of Consent in individual member states.
  • Launching new controls for Google Analytics customers to manage the retention and deletion of their data.
  • Exploring consent solutions for publishers, including working with industry groups like IAB Europe.
Find out moreYou can refer to privacy.google.com/businesses to learn more about Google’s data privacy policies and approach, as well as view our data processing terms and data controller terms.If you have any questions about this update, please don't hesitate to reach out to your account team or contact us through the Help Center. We will continue to share further information on our plans in the coming weeks.Thanks,
The Google Team
Click to expand...

Edit: And double ninjaed again :P
 
Since we use DFP, Google Ad Exchange (AdEx - pro version of Adsense) and Google Analytics, we need to comply with all the above and I don't have a clue what I have to do.
 
thumped said:
It's not a comparison. There are actions required if you use Google's products on a forum.
Click to expand...

Quite right, the start of it is exactly the same as a different email where google just says heres what we are doing so assumed it was the same.
 
Stuart Wright said:
Since we use DFP, Google Ad Exchange (AdEx - pro version of Adsense) and Google Analytics, we need to comply with all the above and I don't have a clue what I have to do.
Click to expand...

Google Analytics is all i'm using, and I too would really appreciate it if someone would just say "oh, ok - then you need to do A,B,C"
 
thumped said:
Google Analytics is all i'm using, and I too would really appreciate it if someone would just say "oh, ok - then you need to do A,B,C"
Click to expand...

If the visitor is from a GDPR covered nation, you need to put up a cookie notice, and have full disclosure and privacy policy as outlined by the links provided in that email posted.

I use a GEO IP module on my web server, and am currently in the process of writing code to put up the notice only when it's a European IP address.
 
Hi all

I've come here for some GDPR help as well as I'm not sure what I need to do as someone who runs a forum.

I use Google analytics and I also export the email address of people who sign up to use the site through to SendInBlue so that I can send them a newsletter (which gives them the chance to unsubscribe as well)

Any help would be appreciated!
 
More I read about GDPR more confused I am what it means for forums.

I've read this: https://techblog.bozho.net/gdpr-developers-presentation/

And specially this: https://techblog.bozho.net/gdpr-practical-guide-developers/

I'm not sure if it's really that innocent. "I agree with terms of use" will not be enough any more? Possibility to export user's data at an time? etc.

What about forums that are using ads like AdSense? AdSense script automatically add tracking cookies and forum owner is responsible for that?

And so many other questions...Really wondering how are you guys getting ready for GDPR.
 
Last edited:
You must log in or register to reply here.

Similar threads

⭐ Alex ⭐
Why exactly do we need a cookie notice for third party cookies?
Replies
1
Views
544
⭐ Alex ⭐
⭐ Alex ⭐
Apt Irrelevance
  • Question Question
XF 1.5 Upgrading large forum from XF1.5 to XF2
Replies
10
Views
735
TheLaw
TheLaw
K
Emoji list doesn't support diversity
Replies
3
Views
223
Suzanne O
Suzanne O
Ryan Kent
Best Add-ons for XF Forum
Replies
11
Views
1K
KensonPlays
KensonPlays
Paul B
  • Sticky
XF3 General Information & Discussion
Replies
14
Views
2K
Chris D
Chris D
Top Bottom