Spam Management & GDPR

[Victoria Bampton]

I'm trying to get my GDPR compliance in order (what fun that is!!). Today's challenge is looking at Xenforo's anti-spam measures.

Could someone please clarify for me, what data does Xenforo send to Stop Forum Spam, Project Honeypot or Akismet when someone registers, or when we report a spammer?

Thank you

Victoria

 

[otto]

I also interested in this. Would be nice if Xenforo can clarify all GDPR Points for Xenforo, so we better know what we have to do for. Tahnks

 

[Ozzy47]

XenForo is already compliant by default and there currently isn’t any further action planned by them.

 

[Mr Lucky]

XenForo is already compliant by default and there currently isn’t any further action planned by them.

Maybe it is compliant, but that doesn't actually answer the question about what it sends to Stop Forum Spam, Project Honeypot or Akismet

 

[RobinHood]

At registration I imagine it's just IP Address, username and email address, as those are the 3 factors that get captured at registration and the ones I see used regularly flagged up in their user registration moderation.

 

[otto]

Yes, and thats realy no problem, when we transfer this user data? I mean, it can be used to profile people and GDPR will exactly this not, I think so.

 

[Kirby]

XenForo is already compliant by default and there currently isn’t any further action planned by them.

Sorry to disappoint you, but I don't think that this holds true if the anti-spam features are enabled.

IANAL, explicit consent by the user is required before PII can be sent and processed to services like StopForumSpam, Akismet, etc..
Furthermore, the board owner might need to sing a data processing agreement with tohse services and they also have to comply to GDPR.

Here is some talk about Akismet but in general all services suffer the same issues:
https://www.redsandmarketing.com/blog/tag/akismet-gdpr/
https://en.forums.wordpress.com/topic/akismet-gdpr/

So as it is now, I think it is not legal to use those services under GDPR.

 

[RobParker]

Completely off-topic but @Victoria Bampton the "Lightroom Queen"? Very cool to see you using XF

 

[Victoria Bampton]

Completely off-topic but @Victoria Bampton the "Lightroom Queen"? Very cool to see you using XF

LOL That's me Rob! I've used a fair range of forum software over the last 10 years, but Xenforo is my favorite to date.

 

[sport_billy]

My uneducated guess on this is it is up to us as Admins to choose if we use these anti spam measures, there is the option in XF to not use them - to disable them.

I am loathe to remove access to these services as they stop so much spam hitting our forum. But unless the companies prove to be GDPR compliant I see very little choice for us - as pretty sure the IP, email and Username is checked against databases at the various sites. If we don't know what these sites are doing with what has now been determined as PII then we aren't been compliant.