Lack of interest Opt-In Cookies, Tracking, Receive saved Data - GDPR, DSGVO - European Law.

This suggestion has been closed automatically because it did not receive enough votes over an extended period of time. If you wish to see this, please search for an open suggestion and, if you don't find any, post a new one.
hibiskus

hibiskus

Active member
1.
I want to alarm the community, because i got a mail where one guy wanted to receive all his saved data, because now it is his right.
And he tried that for simple reason to see if he can sue me, because he literally said in the 2nd mail that he gives me another 48 the response or he will sue me.

I had before phpBB and the last 14 years it is lead by germans, and updated before few days before the law would come into effect, to be law compliant in front.
One of the changes was, that every user can Download all his saved Data all his Posts he ever did with a simple click from the profile panel.

201653

So now I switched to Xenforo2 and i have to do it manually? and every time i fly to holidays i have to fear now that i can't answer a data request soon enough and get sued?

Please you have to implement that too, Facebook has also a Button for that, in phpBB it is Out-Of-The-Box because they are very strict when it is about laws, there are many trolls who will wait for it.

This is the Article 15 of GDPR - Right of access by the data subject - https://gdpr-info.eu/art-15-gdpr/


2.
Opt-In for cookies, where you have to accept cookies and analytics should be also out of the box, technically you are selling EU law non compliant software.
As specially when you have google analytics integrated, still everybody free to use, but out of the box i can't use it with EU law compliant.
And is very very simple i guess to implement that, you are using it on your Page to? Am I missing the Settings for that, or is this custom?
Also one where you can accept and not accepting doesn't have a effect is also not compliant with the law, but better then nothing.
But one example how it should be done and is more then 100% GDPR compliant can be find at - https://forums.macrumors.com
When you press on "Show Purpose" you get a full selection where you can tick off everything normal cookie, tracking cookies, analytic ..

201651

This is the Recital No 32 of GDPR - https://gdpr-info.eu/recitals/no-32/

Those 2 things are essential because out of the box XenForo2 is not GDPR compliant, not anymore at least, as specially in strict Germany&Austria.
Since XenForo wants money for debranding which i understand but it makes it easy for troll lawyer or hacker to find a sue able or exploitable target.
 
Upvote 2
This suggestion has been closed. Votes are no longer accepted.
There are several providers helping you with implementing any cookie consent solution down to any detail you would like.

For example:
www.iubenda.com

For EU Cookie Law & GDPR Compliance | iubenda Cookie Solution

Our Google certified consent management platform (CMP) is easy to use, & helps you comply with laws like the GDPR, ePrivacy, CCPA+CPRA in minutes.
www.iubenda.com www.iubenda.com
getadmiral.com

Privacy and Consent Management Platform | Admiral

Manage consent to achieve GDPR and CCPA compliance. Protect visitor privacy, and integrate seamlessly with the company's existing revenue recovery.
getadmiral.com getadmiral.com
and countless others....

Also keep in mind that you do not have to ask for consent to set any cookies needed for your website to be able to work (means no cookie set by default XF needs consent).

hibiskus said:
XenForo is officially in my opiniun selling illegal software.
Click to expand...

This is simply wrong and ridiculous. No wonder you don't get any official response to this thread.
 
Kevin said:
Even if it was "ineffective" it doesn't mean it is not meeting the requirements legally.


That stock XF cookie notice? That is a pretty big & clear statement which indicates the context in which a user is or is not accepting the terms.
Click to expand...

You have only now proved that you cannot interpret any legal texts correctly or at least cannot assign relevant topics. In school you would now get an F- from me for a complete misdemeanor.

You have differentiate between indicating just something or getting a real acceptance.
If I accept a 20 million deal, it won't just be because I read that I accepted it. I have to make a clear indicating signature under the contract.
 
hibiskus said:
You have only now proved that you cannot interpret any legal texts correctly or at least cannot assign relevant topics. In school you would now get an F- from me for a complete misdemeanor.

You have differentiate between indicating just something or getting a real acceptance.
If I accept a 20 million deal, it won't just be because I read that I accepted it. I have to make a clear indicating signature under the contract.
Click to expand...
And you have proved that you are unable to understand the very thing you have posted yourself, are unable to show how legally XF is not complying with the requirements, and, apparently, refuse to accept that maybe, just maybe, the XF guys have already gone down this path in the past to see what they needed to do to comply.
 
HWS said:
There are several providers helping you with implementing any cookie consent solution down to any detail you would like.

For example:
www.iubenda.com

For EU Cookie Law & GDPR Compliance | iubenda Cookie Solution

Our Google certified consent management platform (CMP) is easy to use, & helps you comply with laws like the GDPR, ePrivacy, CCPA+CPRA in minutes.
www.iubenda.com www.iubenda.com
getadmiral.com

Privacy and Consent Management Platform | Admiral

Manage consent to achieve GDPR and CCPA compliance. Protect visitor privacy, and integrate seamlessly with the company's existing revenue recovery.
getadmiral.com getadmiral.com
and countless others....

Also keep in mind that you do not have to ask for consent to set any cookies needed for your website to be able to work (means no cookie set by default XF needs consent).



This is simply wrong and ridiculous. No wonder you don't get any official response to this thread.
Click to expand...

There's someone else who's proven he can't read carefully. Did you even pay attention to the whole thread?

This may be true, you don't need to ask for consent for cookies that are associated with basic functions.
But I use Google Adsense you 9 times smart, are those fundamental functions? I don't think so or wait I know it, ITS NOT, it's a difference to believe.

No what simply is true, is that you don't have any clue, you are just a sheep an look what others do.

I asked a 2 **cking laywers, what do you want more?
 
Kevin said:
And you have proved that you are unable to understand the very thing you have posted yourself, are unable to show how legally XF is not complying with the requirements, and, apparently, refuse to accept that maybe, just maybe, the XF guys have already gone down this path in the past to see what they needed to do to comply.
Click to expand...

Again you didn't read carefully, but i can understand if its gone down.
You know that XF is shipped with Google Analytics or even Ads?
If I set this to on, out of the box, i am doing a crime in legal manner.

Maybe you got it now?
 
HWS said:
Missing your manners....

Good luck.
Click to expand...

True, but sometime you have to scream and spitt, burn few cars. To get heared..
The Christian had also no manners keeping the truth locked that the earth is round.
Maybe if there had screamed a few more people, we would have already self flying electric "cars" and cancer would be cured.

Everytime those people, hey let everything like it is,... like old people who can't figured out to call 991 for a hear attack from smartphone.

Edit:
Thanks for the luck :) very kind of you! :*
 
Slavik said:
Specifically what part of GDPR? A site is well within their remit to delete data they control and refuse access to anyone they please for any reason.
Click to expand...
Nope :) There have been several court decisions in Germany that board owners can't just ban users as they like.

Kerpen, AG, Virtuelles Hausrecht in einem Internetforum - JurPC-Web-Dok. 0081/2017

www.jurpc.de www.jurpc.de

As far as XF cookies are concerned:
Some of them (like xf_session and xf_csrf) do not require consent as they are technically required, others (like from_search could be problematic.

Google Analytics could be problematic as well if you want the base legal data processing on GDPR 6.1 literal a, in which case consent is required - the default XF cookie notice (which can just be ignored and in fact many users just do exactly that while continuing to browse the site).
If you want to processe data based on GDPR 6.1 literal f, which Google Analytics might (not necessarily must, especially not if user IDs are being used or multi-device tracking) also fall under, consent is not required.

However, an Opt-Out is always required and out of the box XF does not offer a solution here.

And there are way more GDPR pitfalls (do not use Gravatar, do not use StopForumSpam/Project Honeypot/Akismet, do not allow to use [img], do not enable URL unfurling, do not use social embeds, limit storing of IP adresses, limit storing of user change logs, do not give staff/moderators access to PII (email, IP, etc.), do not use Add-ons like Login as User or Multi-Account detector, etc.)
 
Last edited:
Yes :)

The forum had terms similar to those used for XenForo community forums:
We may remove or modify any Content submitted at any time, with or without cause, with or without notice. Requests for Content to be removed or modified will be undertaken only at our discretion. We may terminate your access to all or any part of the Service at any time, with or without cause, with or without notice.
[...]
These terms may be changed at any time without notice.
Click to expand...

According to the court decision, these terms are invalid (paragraph 61-66) and therefore cannot be enforced.

As the forum, just like XenForo community forums and probably most online forums, did not define a cancellation period in their terms of usage, the law default (6 months) is to be applied.
So the board owner could not just ban the user and immediately terminate his account, they have to keep the account open and allow the user to post for another 6 month if they file a proper notice of termination now.
After this time the account is properly terminated and must be deleted, it cannot be banned as in this case the usage contract would still be active.
 
hibiskus said:
Opt-In for cookies, where you have to accept cookies and analytics should be also out of the box, technically you are selling EU law non compliant software.
Click to expand...
Opt-in is only required if cookies are not necessary for operation.
If advertising or analytics by google is integrated Xenforo is not responsible for integrating the cookie option.

hibiskus said:
Facebook does it to
Click to expand...
And you really think Facebook is GPDR compliant?

hibiskus said:
It is EU law, ypu must be able to Opt-Out!
Click to expand...
What "must be able" to opt-out?

I have a feeling you're throwing some information all over the place.

hibiskus said:
But I use Google Adsense
Click to expand...
This is only your problem and not XenForo's.

hibiskus said:
You know that XF is shipped with Google Analytics or even Ads?
Click to expand...
So I deal a lot with avoiding google and have nowhere found an integration of these two. The only thing I don't like is the Google Captcha because there should be a local version as default.

hibiskus said:
True, but sometime you have to scream and spitt, burn few cars.
Click to expand...
Why can I really imagine that you would bring such mindless actions?

Kirby said:
Nope :) There have been several court decisions in Germany that board owners can't just ban users as they like.
Click to expand...
In your forum you have house authority and can exclude who you like. As long as you do not violate the AGG.

Kirby said:
Google Analytics
Click to expand...
Third party providers have already been announced as disproportionate:
203850
 
Last edited:

GDPR watchdog’s investigation finds that tracking and consent pop-ups used by Google and other major websites and apps are unlawful.​


www.iccl.ie

GDPR watchdog’s investigation finds that tracking and consent pop-ups used by Google and other major websites and apps are unlawful.

The Belgian Data Protection Authority (APD-GBA) has found serious GDPR infringements in the system Google and others use to legitimise online tracking. The system behind nearly all of the consent messages that pop up on screens in Europe has been found to infringe the GDPR. The APD-GBA is the...
www.iccl.ie www.iccl.ie
 
That may be so but it is the law. So you have to deal with it.

Most of us are "lucky" to own a small website (compared to Facebook/Google/etc). Regulators usually don't give small websites much attention. But again, we must follow GPDR regulations as much as possible.
 
duderuud said:
That may be so but it is the law. So you have to deal with it.

Most of us are "lucky" to own a small website (compared to Facebook/Google/etc). Regulators usually don't give small websites much attention. But again, we must follow GPDR regulations as much as possible.
Click to expand...

Exactly i was already victim, it is only a matter of time when trolls will search out simple XenForo Installations over google and border them.
 
Faust said:
Set your forum invitation only. Keep it small, and enjoy it.
Click to expand...
Sorry but i really hate answers like that. You have nothing better to do? Nothing then aggression appears to my mind.
People like you are the reason why we will extinct. Thank you so for nothing!

My Forum is for anticensorship and crypto, so i never will consider to make it invitation only. Also it will still be against the law, but i guess you don't have big things planed in your life. You make things bigger they will be complicated, and I will not run away from that.. I like to play with the big boys, you can go back to your children's playground. Here are discussing real man about real world problems. You can smoke your pot some where else and ignore important problems. You not understanding it or here getting not enough attention doesn't change the fact that this is a important topic and no one is aware. Please don't waste your time with writing an answer, your short sentence shows already how deep you are in that matter, no further exchange needed.
 

Similar threads

bzcomputers
  • Poll Poll
What was your solution for the Google Adsense deadline on Jan 16, 2024?
2
Replies
23
Views
2K
bzcomputers
bzcomputers
⭐ Alex ⭐
Why exactly do we need a cookie notice for third party cookies?
Replies
1
Views
530
⭐ Alex ⭐
⭐ Alex ⭐
M
  • Suggestion Suggestion
Implemented Update Cookie Banner compliant to GDPR
7 8 9
Replies
162
Views
17K
AndrewSimm
AndrewSimm
S
  • Question Question
XF 2.0 Re-Opt-In Email Preferences For Existing Members
Replies
3
Views
1K
Mike
Mike
Kleazy
The comeback of Forums - What I am doing about it.
Replies
2
Views
2K
Kleazy
Kleazy
Top Bottom