GDPR Terms and Conditions

H

HBOB

Member
Has anyone set up a lawfully based terms and conditions for their forum?
Reason I’m asking is a member has asked for all his data and posts to be deleted. I agreed to deleting his all his personal or identifiable data such as email, username, IP.
I wanted the posts to stay so the flow of the forum is not interrupted. None of the posts have any information that could be linked to an individual.
I spoke to the ICO, two different employees.
One said because the member gave consent when joining, they have the right to request everything to be deleted. The ICO guy suggested I have terms that are lawfully based. He said, I’m powerless to stop someone rejoining with another account, saying whatever they wish and then requesting it all deleted.

Second employee said that if all personal data is gone and the posts do not identify the person in any way, then I can keep them. I explained it’s necessary to have IP matches to deter fake accounts which could turn into legal issues. As an example, a competitor attacking one of my sponsors. She agreed with this in principle.

Anyone else had something similar?
Any advice welcome.
 
The default terms should cover you

You are granting us with a non-exclusive, permanent, irrevocable, unlimited license to use, publish, or re-publish your Content in connection with the Service.

I’m not sure about it addresses, however if it is just a list and not linked to a person I would ha thought that is ok. But I’m not a lawyer.
 
Posts are not personally identifiable information unless they contain PII (e.g. a user's location) etc. Therefore there's typically no reason to remove them. Renaming then deleting the account should be sufficient in most cases.

(Obligatory I'm not a lawyer)
 
StarArmy said:
Posts are not personally identifiable information unless they contain PII (e.g. a user's location) etc.
Click to expand...
this is true but without the t&c granting you the non exclusive right, then they could argue to remove them based on copyright, irrespective of privacy or gdpr
 
Yes, nothing in the posts could identify anyone or be linked to a person.
It`s like me saying, I went to KFC for some chicken last Friday, just generic conversation.
But, it’s this consent thing. I said, what if they join with a made up username which most do, a disposable email and a VPN. First ICO person said it does matter. I said that leaves me open to abuse etc. This is when he just start to mention lawfully and sending me to their advice page which when reading can be interpreted differently as it’s not crystal clear.
 
You must log in or register to reply here.

Similar threads

MattW
Vultr new terms and conditions
2
Replies
24
Views
1K
RobinHood
RobinHood
M
  • Question Question
XF 2.0 How to add Terms and Conditions to the registration page?
Replies
5
Views
834
Muchacha
M
A
Agree to Terms and Condition when upgrade?
Replies
1
Views
492
Andy.N
A
F
  • Question Question
XF 2.1 Registration Form "Terms and Conditions"
Replies
1
Views
329
Masetrix
Masetrix
shala
  • Question Question
Terms and Conditions/Privacy policy
Replies
1
Views
602
Chris D
Chris D
Back
Top Bottom