Lack of interest Opt-In Cookies, Tracking, Receive saved Data - GDPR, DSGVO - European Law.

This suggestion has been closed automatically because it did not receive enough votes over an extended period of time. If you wish to see this, please search for an open suggestion and, if you don't find any, post a new one.
hibiskus

hibiskus

Active member
1.
I want to alarm the community, because i got a mail where one guy wanted to receive all his saved data, because now it is his right.
And he tried that for simple reason to see if he can sue me, because he literally said in the 2nd mail that he gives me another 48 the response or he will sue me.

I had before phpBB and the last 14 years it is lead by germans, and updated before few days before the law would come into effect, to be law compliant in front.
One of the changes was, that every user can Download all his saved Data all his Posts he ever did with a simple click from the profile panel.

201653

So now I switched to Xenforo2 and i have to do it manually? and every time i fly to holidays i have to fear now that i can't answer a data request soon enough and get sued?

Please you have to implement that too, Facebook has also a Button for that, in phpBB it is Out-Of-The-Box because they are very strict when it is about laws, there are many trolls who will wait for it.

This is the Article 15 of GDPR - Right of access by the data subject - https://gdpr-info.eu/art-15-gdpr/


2.
Opt-In for cookies, where you have to accept cookies and analytics should be also out of the box, technically you are selling EU law non compliant software.
As specially when you have google analytics integrated, still everybody free to use, but out of the box i can't use it with EU law compliant.
And is very very simple i guess to implement that, you are using it on your Page to? Am I missing the Settings for that, or is this custom?
Also one where you can accept and not accepting doesn't have a effect is also not compliant with the law, but better then nothing.
But one example how it should be done and is more then 100% GDPR compliant can be find at - https://forums.macrumors.com
When you press on "Show Purpose" you get a full selection where you can tick off everything normal cookie, tracking cookies, analytic ..

201651

This is the Recital No 32 of GDPR - https://gdpr-info.eu/recitals/no-32/

Those 2 things are essential because out of the box XenForo2 is not GDPR compliant, not anymore at least, as specially in strict Germany&Austria.
Since XenForo wants money for debranding which i understand but it makes it easy for troll lawyer or hacker to find a sue able or exploitable target.
 
Upvote 2
This suggestion has been closed. Votes are no longer accepted.
mcatze said:
Keep calm... :rolleyes:
Click to expand...
To many dump people are screaming, and are heard, let one sane one scream for sanity!
I may have to sorry may behaviour, but when important things are not heard and undermined i can get mad..
I am a guy who changes things by fundament, instead of sedating the symptoms or ignoring them.
 
hibiskus said:
To many dump people are screaming, and are heard, let one sane one scream for sanity!
I may have to sorry may behaviour, but when important things are not heard and undermined i can get mad..
I am a guy who changes things by fundament, instead of sedating the symptoms or ignoring them.
Click to expand...
Yes well targeting other forum members here with insults and posting extreme (and inaccurate) statements like "Xenforo is selling illegal software" is generally not the way to get help. You've just essentially alienated most of this community.

Good luck figuring things out on your own now.
 
djbaxter said:
Yes well targeting other forum members here with insults and posting extreme (and inaccurate) statements like "Xenforo is selling illegal software" is generally not the way to get help. You've just essentially alienated most of this community.

Good luck figuring things out on your own now.
Click to expand...
As soon as i use google ads function included out of the box, i am breaking the law, since no opt-out is given for the user.
And not using that function is not solving the problem. I may have used wrong constellated words, but there is still a legal thread.
This legal threat, concerns every single forum which is accessible over europe.. and the main entity who is letting in to this threat remain are those who are selling GDPR incompliant software. Technically i am not allowed to use their software here, without implementing something additional on my own, otherwise i am practicing crime.
Like a moped driving to fast unnerved is illegal in many countries, and if you are selling them on mass it is also illegal.
I am sure I have spoken a lot more with people which have much more legal experience, then anyone else here..

You are right, i over reacted. But this problem is undermined. And i feel not taken serious.
 
Anything to do with third party compliance needs to be managed with the third parties. Those are not Xenforo issues. As a starting point, your privacy page needs to list third party additions like AdSense with links to the privacy policies of those third parties, which usually should include instructions for opting out of cookies, etc. Using AdSense as an example (and by the way, you incorrectly stated above that Xenforo ships with AdSense which is untrue - it just includes a basic ad management feature for whatever ads you want to run), there are plenty of resources out there to bring your site into GDPR or CCPA requirements (this also applies to Google Analytics):

Tools to help publishers comply with the GDPR - Google AdSense Help

Google has a long history of taking a user-first approach in everything we do. As a part of our commitment to users, we never sell personal information and give users transparency and control over the
support.google.com

Comply with EU user consent policy - Google AdSense Help

Choose ad serving options and get user consentBeginning January 16, 2024, publishers and developers using Google AdSense, Ad Manager, or AdMob will be required to use a Consent Management Platform (CM
support.google.com

To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.

Consent solutions for Google AdSense, DoubleClick & Ad Exchange

How to become compliant with Google's EU user consent policy and display a banner for AdSense, DoubleClick and other Google cookies.
www.iubenda.com www.iubenda.com

www.privacypolicies.com

You Need a Privacy Policy for Google AdSense - Privacy Policies

If you're like the 14.3 million websites (and counting) that are using Google AdSense, your website must have a Privacy Policy. That Privacy Policy must comply with state, federal and international privacy laws, as well as with Google's AdSense Online...
www.privacypolicies.com www.privacypolicies.com

oko.uk

AdSense and Cookies. The EU user consent requirement explained - Cool Media

AdSense publishers were notified back in July that they would need to make changes to their websites to comply with the new EU user
oko.uk oko.uk

Help with the EU user consent policy – Company – Google

www.cookiechoices.org www.cookiechoices.org

www.cookiebot.com

Google Sets Industry Standard on Cookie Consent - Cookiebot™

Use Cookiebot's comprehensive cookie consent solution to enable compliance with Google's industry standard on cookie consent.
www.cookiebot.com www.cookiebot.com


www.cookiebot.com

Google Analytics and CCPA - Cookie Consent - Cookiebot™

Is Google Analytics compliant with the California Consumer Privacy Act? Learn how Cookiebot can help you comply with the CCPA for Google Analytics tracking.
www.cookiebot.com www.cookiebot.com

Helping advertisers comply with the U.S. states' privacy laws in Google Ads - Google Ads Help

Google has a long history of taking a user-first approach in everything we do. As a part of our commitment to users, we never sell personal information. We give users transparency and control over the
support.google.com

Data Protection Law Compliance - Business Data Responsibility

Explore our tools and resources to learn more about data protection laws and find ways to improve your business compliance.
privacy.google.com privacy.google.com

www.iubenda.com

Privacy Policy for Google AdSense

Google AdSense may utilize user data for advertising communication purposes by tracking user interactions with your content and with ads. This is why, in accordance with most countries’ privacy laws, Google requires you to have a privacy policy if you use Google products like Google AdSense and...
www.iubenda.com www.iubenda.com

www.termsfeed.com

Privacy Policy for Google AdSense - TermsFeed

If you choose to use AdSense on your website, you need to update your Privacy Policy to meet Google's requirements. This article will break down Google's requirements and show you what practical steps you can take to make sure your Privacy...
www.termsfeed.com www.termsfeed.com

www.ezoic.com

CCPA: A Compliance Guide With Everything You Need To Know

<p>In the age of digital, publishers have been forced to become increasingly versatile due to the fact the online world is constantly evolving. This never-ending change has given publishers a lot to juggle—one of those items that have jumped to the forefront of the conversation is data privacy...
www.ezoic.com
 
djbaxter said:
Anything to do with third party compliance needs to be managed with the third parties. Those are not Xenforo issues.
Click to expand...
I do agree with the first, but I disagree with the second.

Let's take a YouTube embed as an example.

XenForo simply uses an IFrame here which does load YouTube wich in turn does set cookies.
It is impossible for 3rd party (JavaScript) Consent Management solutions to prevent this in a waterproof way - they can't prevent it at all if the user is (partly) blocking JS.

While it is possible to implement blocking with custom code deeply integrated into XenForo, it is a major PITA to do so.

I don't expect XenForo to offer a full, integrated consent management solution - but it should be a lot easier to integrate consent managers.

Ideally, XenForo should have a framework that would allow consent management solutions to easily hook in whenever 3rd party content or services are used (Embeds, Captcha, Spam-Checkers, Gravatar, Giphy, Push, ...)

Right now, there even isn't a complete, official list of all cookies/storage objects :(
xenforo.com

Cookie purposes

Hey guys I have a question about cookies and hope you can help me. I live in Germany and am currently implementing all measures to create my forum privacy policy. Cookies naturally play an important role here. My cookie tool (Cookiebot) shows me which cookies are on the site. Among other...
xenforo.com xenforo.com
 

Similar threads

bzcomputers
  • Poll Poll
What was your solution for the Google Adsense deadline on Jan 16, 2024?
2
Replies
23
Views
2K
bzcomputers
bzcomputers
⭐ Alex ⭐
Why exactly do we need a cookie notice for third party cookies?
Replies
1
Views
594
⭐ Alex ⭐
⭐ Alex ⭐
M
  • Suggestion Suggestion
Implemented Update Cookie Banner compliant to GDPR
7 8 9
Replies
162
Views
18K
AndrewSimm
AndrewSimm
Alpha1
  • Suggestion Suggestion
Force Privacy settings confirmation: Record opt-in for news and update emails (GDPR)
Replies
0
Views
3K
Alpha1
Alpha1
Back
Top Bottom