1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Urgent help from uk xenforo users

Discussion in 'XenForo Questions and Support' started by ineedhelp, Sep 29, 2011.

  1. ineedhelp

    ineedhelp Well-Known Member

    Someone said they can have my site shut down because I don't offer members an account deleting option.

    I'm obviously using the xenforo forum system.

    So under the UK Data Protection Act. Is this true? Xenforo forums doesn't offer this open to users. So how is it the site owners fault?

    I Can delete people's account if they request but it's not mentioned on the forums that members can request to have there account deleted.

    Does the data protection act really apply in this situation? Surely xenforo must have thought all this through ?
    Please reply.
  2. Brogan

    Brogan XenForo Moderator Staff Member


    There is no such requirement in the UK.
    DaveL likes this.
  3. Floris

    Floris Guest

    Make sure your terms of services that they agree to (before they sign up!) mentions that submitted data becomes the property of the web site, and that (exceptions aside) you don't prune accounts or content.

    I don't delete accounts upon request, unless the person has exactly 0 posts, hasn't been active in any way, etc. if they have been active "at most" we null the name/email, but we don't touch the posts.
  4. ineedhelp

    ineedhelp Well-Known Member

    Brogan: So nothing to be alarmed or to worry about?

    Cos your in the uk so clearly you would know as your involved or own xenforo.
  5. CyclingTribe

    CyclingTribe Well-Known Member

    If they do not use their real name, and their identity cannot (reasonably) be established from the content they post - no. Privacy applies to a person, not an Internet handle.

    I have text in my registration terms that explicitly states we do not delete accounts/post history.

    It *is* reasonable to expect you to remove their real name and email address form their account - which I will do for people if they request it, but AFAIAA there is no legal requirement to do so.

    Shaun :D
    ineedhelp likes this.
  6. Floris

    Floris Guest

    The UK has their data protection law, but it basically means upon request you might have to provide them with a dump of the private data. It's worth googling.

    The EU has a data protection act as well.

    But these don't include 'prune all data upon request', I've never read that.

    I am from the Netherlands btw.
  7. ineedhelp

    ineedhelp Well-Known Member

    All the registering and the terms are default xenforo terms as they come with the system.. I've not changed anything.

    So I not even required to delete accounts of I don't want too?
  8. Floris

    Floris Guest

  9. Floris

    Floris Guest


    You could email him once more.

    To my best intentions and knowledge, based on what I have observed after reading the UK data protection act there's no clause mentioning it's mandatory to comply to data pruning requests. Thank you for your concern and request, and as a courtesy I provide you with these options:
    a) As a courtesy and at our discretion we nullify the user-account by renaming the username and changing the email to oldusername@example.com.
    b) We await a court order by a Judge 'it is ordered' to prune specific data from your account from our live database.
    c) You accept that we do not have to prune any data, and discontinue using our site because you no longer agree to our terms of services. And we consider this matter resolved.
  10. ineedhelp

    ineedhelp Well-Known Member

    It'll take me a year to read through all that...lol

    So to simplify the topic... My site can't just shutdown out the blue for this reason?

    Cos the registration doesn't ask for personal details apart from email address and as for d o b... Most lie about their age anyways...

    What about users who sign up using the Facebook login... Can they deactivate or delete there account via Facebook or something?
  11. MGSteve

    MGSteve Well-Known Member

    Unfortunately in the UK, that's not right, thanks to the Data Protection Act, even posting under a pseudonym, the DPA still applies.

    However, as far as the original post goes, the posts they have submitted are in the public domain, the DPA doesn't apply. The DPA only applies as far as what you do with private user data (i.e. their email address, real name, etc.. stuff that may not be public on their profile. It also applies to PMs between you and the user and any discussion threads about them in any private moderator / administrator forums.

    It should also be noted, that if a user is banned, you also shouldn't tell any other users any details about the banned user's account, including why they were banned.

    If a user ever requested DPA records from you, that's basically what you would have to supply them with, evidence of their private data, any PMs between you & them and print outs of any threads in moderator / administrator forums that concern them.

    It really does go a little too far in my opinion, but I've had legal advice on the matter, so I can speak with some degree of knowledge on this.
  12. ineedhelp

    ineedhelp Well-Known Member

    MGSteve - so any advise on avoiding these issuses?

    If I delete any pms then how does one convince anyone in question that it is deleted?

    And if threads are not part of data protection act cos they are in the public domain. Why would you need to provide printouts?

    What are the chances of 1 user who signed up yesterday to get my site shutdown because of no account deleting option?
  13. akia

    akia Well-Known Member

    Users don't have the right to have data deleted, they have the right to have it corrected if its wrong, and if they pay you a tenner they have the right to get a copy of it, and thats it. oh and you shouldn't be keeping more than that's needed to run the site.

    Also if your not a company and you just run the site as a hobby then your not even required to register as a data handler with the ICO.
    ineedhelp and Phil Conway like this.
  14. ineedhelp

    ineedhelp Well-Known Member

    R U from the UK as well?

    Yes it's a hobby so I don't want such issues.

    I don't keep anything more or anything less, only what is required by the xenforo registering process.

    So what about deleting users on request? Required or not? Or as the poster said earlier just change email login n username?
  15. akia

    akia Well-Known Member

    Yes and i've been in touch with the ICO before about it. You wouldn't get shut down anyway, if something was to happen it would be a fine, and only for data loss but extremely unlikly as for a regulator they are quite toothless, I mean look at what has happened to some of the high profile companies that have lost sensitive data in the past.

    I wound't worry about it at all. I think its under German Law that your required to offer the chance to delete accounts, just make sure your T&C's are updated from the default like GeekChat said to state that posts are not removed and you've covered yourself.
    Phil Conway likes this.
  16. Phil Conway

    Phil Conway Active Member

    ineedhelp - you do not have to delete users upon request under the Data Protection Act :)
  17. MGSteve

    MGSteve Well-Known Member

    Deleted PMs aren't an issue as they've been deleted, DPA only applies to data held by an organisation that concerns the member, if its deleted, its gone.

    With regards to threads - I was talking about private threads in the moderator / admin section that discuss the member concerned, obviously these are private (sort of like notes the bank may keep about you when you ring up) and are covered by the DPA.

    I've never heard of a site being shutdown because they don't delete accounts. At the end of the day, if someone wants their account deleted, we tend to remove any personal info from the account and leave the account there.

    Basically and I can't offer this as cast iron legal advice as I'm not a lawyer and as such I have to put that disclaimer; the member is talking rollocks. if he wants to be deleted, simply change the email address and remove any personal info out of his profile.
    ineedhelp likes this.
  18. ineedhelp

    ineedhelp Well-Known Member

    I called the ICO - and the helpline lady assured me I had nothing to worry about after I had explained the situation, though I have also emailed them so I can have a written assurance of what the lady said!

    She said as my website is a hobby and for personal use then it doesn't fall under the DPA.


    Can someone tell me how and where I can go to edit the T&C of the registration process, please, thanks!
    ChemicalKicks likes this.
  19. Brogan

    Brogan XenForo Moderator Staff Member

    It's a phrase; search for the text in the phrase contents and the relevant phrase will be returned.
  20. ineedhelp

    ineedhelp Well-Known Member

    ^^^^^ Thanks, found it!


    I've searched the Help Manual, but couldn't find the answer to my question:

    For example, I want to ban a users IP address, example IP To ban this user's ip I would ban it as 213.23.*

    Right? Or the whole IP?

    And....... Will this IP ban ONLY effect that 1 single user? say there are other users on the same street as him, they won't be effected, will they?

Share This Page