trapped_soul
Well-known member
I thought so, thank you for clarifying. Appreciate it.
Pocket guide to GDPR + Q&A + FAQ
- Thread starter Slavik
- Start date
There will or should be an option within your AdSense panel to disable personalised Ads.
Ozzy47
Well-known member
If you disagree, that is your prerogative, however unless you have started working for the ICO, I'm going by their word
I would be inclined to go by what they have said as well rather than the interpretation of a random individual on the internet.
DiamondD
Member
Great article and a well-written summary. Something to add / question to ask -
The regulation (as of 27 April 2016) clearly states in its opening "on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)"... the key piece being "protection of natural persons". Unless you're a forum like a facebook, where people tend to use their real names, this doesn't appear to apply. I have no Europen identity in the name of "DiamondD" and I'm guessing there is no (EU at least
) passport in the name of @Slavik ? As the usernames we're using publicly are not EU citizens there appears to be no case to answer in the majority of instances?
The regulation (as of 27 April 2016) clearly states in its opening "on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)"... the key piece being "protection of natural persons". Unless you're a forum like a facebook, where people tend to use their real names, this doesn't appear to apply. I have no Europen identity in the name of "DiamondD" and I'm guessing there is no (EU at least
) passport in the name of @Slavik ? As the usernames we're using publicly are not EU citizens there appears to be no case to answer in the majority of instances?
Great article and a well-written summary. Something to add / question to ask -
The regulation (as of 27 April 2016) clearly states in its opening "on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)"... the key piece being "protection of natural persons". Unless you're a forum like a facebook, where people tend to use their real names, this doesn't appear to apply. I have no Europen identity in the name of "DiamondD" and I'm guessing there is no (EU at least
An online handle on its own no, but when combined with other data, it can be considered personal data, especially if that person uses the same username on multiple sites.
DiamondD
Member
We've got a session with legal counsel on this next week. I'll loop back if there is anything solid to report.
usAdultAds
Active member
Maybe people should go look at eBays GDPR policy, it came out a few days ago, and it will be interesting to follow Facebook, and see where they are going to go with this, as their entire business revolves around user data, and so far, and from I read, FB is not GDPR compliant, and FB would be one of the first legit and many frivolous GDPR lawsuits that are expected to follow, and the US may be considering their own GDPR in the future.
Amin Sabet
Well-known member
If anyone is looking for a paid service that does all the cookie identification and opt in stuff automatically, this one works great: https://www.cookiebot.com/en/
You can also configure it to only work in the EU, which is how I have it.
If you want a demo, they can check out my site https://www.mu-43.com but you won't see it working unless they are visiting from the EU.
I only have it on my biggest site right now because it's not free. For the other sites, I've disabled advertising in the EU since in my experience, virtually no one opts into seeing ads, and even the non-personalized ads use cookies in most cases.
You can also configure it to only work in the EU, which is how I have it.
If you want a demo, they can check out my site https://www.mu-43.com but you won't see it working unless they are visiting from the EU.
I only have it on my biggest site right now because it's not free. For the other sites, I've disabled advertising in the EU since in my experience, virtually no one opts into seeing ads, and even the non-personalized ads use cookies in most cases.
Nice one and really useful for the cookie consent - but 37 EUR for each forum? This pricing is ridiculous and reminds me to moonprices. A shame.. :/
AzzidReign
Well-known member
I hate this stuff because the wording is just so asinine. But I thought I'd post this as I think it pertains to most of us here and if I'm reading it correctly, pretty much means we all don't need to change a damn thing. I'm looking at this page (I don't think this is the official GDPR site...the one that is official is down currently so this will have to suffice and hopefully it is a direct copy):
https://gdpr-info.eu/recitals/no-47/
1The legitimate interests of a controller, including those of a controller to which the personal data may be disclosed, or of a third party, may provide a legal basis for processing, provided that the interests or the fundamental rights and freedoms of the data subject are not overriding, taking into consideration the reasonable expectations of data subjects based on their relationship with the controller. 2Such legitimate interest could exist for example where there is a relevant and appropriate relationship between the data subject and the controller in situations such as where the data subject is a client or in the service of the controller. 3At any rate the existence of a legitimate interest would need careful assessment including whether a data subject can reasonably expect at the time and in the context of the collection of the personal data that processing for that purpose may take place. 4The interests and fundamental rights of the data subject could in particular override the interest of the data controller where personal data are processed in circumstances where data subjects do not reasonably expect further processing. 5Given that it is for the legislator to provide by law for the legal basis for public authorities to process personal data, that legal basis should not apply to the processing by public authorities in the performance of their tasks. 6The processing of personal data strictly necessary for the purposes of preventing fraud also constitutes a legitimate interest of the data controller concerned. 7The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.
So...is this page saying these are all reasons that can be overridden by subject data erasure requests? Since the title is "Overriding legitimate interest", or are they saying these legitimate interests can override subject data erasure? The way I'm reading it is these are reasons to override the subject data erasure. And if that's the case, points 6 and 7 relate to most of us (if not all of us). Heck, even number 4 should cover us, if you guys are like me, and send out the occasional email and that's it (with opt in of course).
https://gdpr-info.eu/recitals/no-47/
1The legitimate interests of a controller, including those of a controller to which the personal data may be disclosed, or of a third party, may provide a legal basis for processing, provided that the interests or the fundamental rights and freedoms of the data subject are not overriding, taking into consideration the reasonable expectations of data subjects based on their relationship with the controller. 2Such legitimate interest could exist for example where there is a relevant and appropriate relationship between the data subject and the controller in situations such as where the data subject is a client or in the service of the controller. 3At any rate the existence of a legitimate interest would need careful assessment including whether a data subject can reasonably expect at the time and in the context of the collection of the personal data that processing for that purpose may take place. 4The interests and fundamental rights of the data subject could in particular override the interest of the data controller where personal data are processed in circumstances where data subjects do not reasonably expect further processing. 5Given that it is for the legislator to provide by law for the legal basis for public authorities to process personal data, that legal basis should not apply to the processing by public authorities in the performance of their tasks. 6The processing of personal data strictly necessary for the purposes of preventing fraud also constitutes a legitimate interest of the data controller concerned. 7The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.
So...is this page saying these are all reasons that can be overridden by subject data erasure requests? Since the title is "Overriding legitimate interest", or are they saying these legitimate interests can override subject data erasure? The way I'm reading it is these are reasons to override the subject data erasure. And if that's the case, points 6 and 7 relate to most of us (if not all of us). Heck, even number 4 should cover us, if you guys are like me, and send out the occasional email and that's it (with opt in of course).
Through a lot of time educating myself, I have a good handle on GLPR as I run two sites which I've needed to get compliant. Some of the best information I've come across is this guide, and this thread by Chris D.
However, this situation below is what I need to confirm with regards to xenforo and email as I don't feel confident on this.
Through reading this guide, I understand that we don't have to unsubscribe everyone from any type of email coming out of xenforo, whether it's built into xenforo or an addon, and ask them to opt-in again — we just have to offer an opt-out option, which I know is available with my version of xenforo and the addons I have that send email notifications. We also have to do this for the user if they ask, which is fine.
Am I correct with my interpretation of the guide?
So this leaves me with a second issue. The defaults.
Do we need to mark all email notification defaults to unticked/off for new users? I have some concerns here, as I think it's important to have an email go out once and a while to remind people that the forum exists, yet if by default nothing is allowed to go out, this will impact forum traffic. For example, Andy's weekly email digest sends out one email a week, and it automatically subscribes people without asking them, and this is great to get people back onto the forum (For inactive users, it will not send an email after 30 days) — but should we/I disable this addon until it has an opt-in selection for new registered users in its options?
To comply with GDPR I also disabled sending a new email to welcome the user, and changed it to a new message, just to be careful.
I would reply something like
"Hi internet troll,
While GDPR does make changes to how sites use users data, it is not quite as one sided as you may have been lead to believe.
To address your specific points:
1) Please find attached a copy of your personal data from our system we are required to provide (provide a copy of the xml from the xenforo tool).
2) Your request for your account to be deleted will be respectfully declined for the following reasons
a) Maintaining your account data is a legitimate interest for enforcing our banned accounts policy
b) Consent was never the basis for processing, and therefore can not be withdrawn.
3) Your request for your posts to be deleted will be respectfully declined for the following reasons
a) We have a legitimate interest in maintaining posts to ensure the flow of content is not interrupted and becomes disjointed and unusable.
b) Publicly posted messages are not personal private information.
With love
Admin team"
Basically their profile data
Mr Lucky
Well-known member
As I misread part of it.
Similar threads
- Suggestion
- Suggestion
