Lack of interest Opt-In Cookies, Tracking, Receive saved Data - GDPR, DSGVO - European Law.

This suggestion has been closed automatically because it did not receive enough votes over an extended period of time. If you wish to see this, please search for an open suggestion and, if you don't find any, post a new one.

hibiskus

Active member
1.
I want to alarm the community, because i got a mail where one guy wanted to receive all his saved data, because now it is his right.
And he tried that for simple reason to see if he can sue me, because he literally said in the 2nd mail that he gives me another 48 the response or he will sue me.

I had before phpBB and the last 14 years it is lead by germans, and updated before few days before the law would come into effect, to be law compliant in front.
One of the changes was, that every user can Download all his saved Data all his Posts he ever did with a simple click from the profile panel.

201653

So now I switched to Xenforo2 and i have to do it manually? and every time i fly to holidays i have to fear now that i can't answer a data request soon enough and get sued?

Please you have to implement that too, Facebook has also a Button for that, in phpBB it is Out-Of-The-Box because they are very strict when it is about laws, there are many trolls who will wait for it.

This is the Article 15 of GDPR - Right of access by the data subject - https://gdpr-info.eu/art-15-gdpr/


2.
Opt-In for cookies, where you have to accept cookies and analytics should be also out of the box, technically you are selling EU law non compliant software.
As specially when you have google analytics integrated, still everybody free to use, but out of the box i can't use it with EU law compliant.
And is very very simple i guess to implement that, you are using it on your Page to? Am I missing the Settings for that, or is this custom?
Also one where you can accept and not accepting doesn't have a effect is also not compliant with the law, but better then nothing.
But one example how it should be done and is more then 100% GDPR compliant can be find at - https://forums.macrumors.com
When you press on "Show Purpose" you get a full selection where you can tick off everything normal cookie, tracking cookies, analytic ..

201651

This is the Recital No 32 of GDPR - https://gdpr-info.eu/recitals/no-32/

Those 2 things are essential because out of the box XenForo2 is not GDPR compliant, not anymore at least, as specially in strict Germany&Austria.
Since XenForo wants money for debranding which i understand but it makes it easy for troll lawyer or hacker to find a sue able or exploitable target.
 
Upvote 2
This suggestion has been closed. Votes are no longer accepted.
Keep calm... :rolleyes:
To many dump people are screaming, and are heard, let one sane one scream for sanity!
I may have to sorry may behaviour, but when important things are not heard and undermined i can get mad..
I am a guy who changes things by fundament, instead of sedating the symptoms or ignoring them.
 
To many dump people are screaming, and are heard, let one sane one scream for sanity!
I may have to sorry may behaviour, but when important things are not heard and undermined i can get mad..
I am a guy who changes things by fundament, instead of sedating the symptoms or ignoring them.
Yes well targeting other forum members here with insults and posting extreme (and inaccurate) statements like "Xenforo is selling illegal software" is generally not the way to get help. You've just essentially alienated most of this community.

Good luck figuring things out on your own now.
 
Yes well targeting other forum members here with insults and posting extreme (and inaccurate) statements like "Xenforo is selling illegal software" is generally not the way to get help. You've just essentially alienated most of this community.

Good luck figuring things out on your own now.
As soon as i use google ads function included out of the box, i am breaking the law, since no opt-out is given for the user.
And not using that function is not solving the problem. I may have used wrong constellated words, but there is still a legal thread.
This legal threat, concerns every single forum which is accessible over europe.. and the main entity who is letting in to this threat remain are those who are selling GDPR incompliant software. Technically i am not allowed to use their software here, without implementing something additional on my own, otherwise i am practicing crime.
Like a moped driving to fast unnerved is illegal in many countries, and if you are selling them on mass it is also illegal.
I am sure I have spoken a lot more with people which have much more legal experience, then anyone else here..

You are right, i over reacted. But this problem is undermined. And i feel not taken serious.
 
Anything to do with third party compliance needs to be managed with the third parties. Those are not Xenforo issues. As a starting point, your privacy page needs to list third party additions like AdSense with links to the privacy policies of those third parties, which usually should include instructions for opting out of cookies, etc. Using AdSense as an example (and by the way, you incorrectly stated above that Xenforo ships with AdSense which is untrue - it just includes a basic ad management feature for whatever ads you want to run), there are plenty of resources out there to bring your site into GDPR or CCPA requirements (this also applies to Google Analytics):



To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.












 
Anything to do with third party compliance needs to be managed with the third parties. Those are not Xenforo issues.
I do agree with the first, but I disagree with the second.

Let's take a YouTube embed as an example.

XenForo simply uses an IFrame here which does load YouTube wich in turn does set cookies.
It is impossible for 3rd party (JavaScript) Consent Management solutions to prevent this in a waterproof way - they can't prevent it at all if the user is (partly) blocking JS.

While it is possible to implement blocking with custom code deeply integrated into XenForo, it is a major PITA to do so.

I don't expect XenForo to offer a full, integrated consent management solution - but it should be a lot easier to integrate consent managers.

Ideally, XenForo should have a framework that would allow consent management solutions to easily hook in whenever 3rd party content or services are used (Embeds, Captcha, Spam-Checkers, Gravatar, Giphy, Push, ...)

Right now, there even isn't a complete, official list of all cookies/storage objects :(
 
Top Bottom