Announcement

Collapse
No announcement yet.

GDPR and vBulletin

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • GDPR and vBulletin

    What are the crucial changes in regard of the upcoming General Data Protection Regulation for the vBulletin Software? Will be there a self deletion of the user account for example?
    I guess the changes will only come along with vB5 but how can vB4 customers react on the law?
    Sorry for my English
    Let'z talk German

  • #2
    I have the same question. Do you have any plan for it?

    Comment


    • #3
      I have created a jira today for this for new registrations.

      http://tracker.vbulletin.com/browse/VBV-18175

      Please vote...

      And for already existing members maybe you should send all of them an email to inform them. And then they need to consider whether to stay in your forum or being deleted.

      Comment


      • #4
        Anything implemented would only be for vB5. vB4 is no longer in development.

        Also it must be an administrative option. I wouldn't want any site of mine to have a self-deletion option forced upon it (and this law doesn't require that anyway).

        Any changes will need to be carefully researched as many people's interpretation of this change is rather knee-jerk and over the top. You don't need self-deletion for example.
        MARK.B | vBULLETIN SUPPORT

        TalkNewsUK - My vBulletin 5.4.0 Demo - FEATURING "ROUTE BY NODE"!
        AdminAmmo - My Cloud Demo

        Comment


        • #5
          Originally posted by Mark.B View Post
          Any changes will need to be carefully researched as many people's interpretation of this change is rather knee-jerk and over the top. You don't need self-deletion for example.
          It was the same with cookie consent, panic and fear seemed widespread yet on the day it became law even the ICO's own website wasn't compliant!

          Now no one seems to care about cookie consent. Will GDPR go the same way?

          __________________________________________
          We don't stop playing because we grow old;
          we grow old because we stop playing.
          GBS

          Comment


          • #6
            For those who don't know what GDPR is, there is useful info on the ico website

            https://ico.org.uk/for-organisations...-for-the-gdpr/
            __________________________________________
            We don't stop playing because we grow old;
            we grow old because we stop playing.
            GBS

            Comment


            • #7
              vB4 customers can require all of their EU members to re-register with the new terms of service, which necessarily includes a waiver of the GDPR and a link to contact the controller to opt-out. It doesn't require any changes to the core software. You are required to obtain member consent to even possess a member's personal data under the regulation. This only applies to sites which are selling goods or services to EU customers. If a site is not actually selling goods or services or using personal data for research or marketing purposes it does not have to comply with the provisions of the GDPR. There is nothing that can be developed into the software to obtain consent from the existing membership. The terms of the GDPR have to be a separate agreement from any other terms or rules. You have to contact the individual members for consent, and if you do not receive consent by May 1st, 2018 you have to delete their personal data.

              I am curious though what you think vBulletin can do with the software to help sites comply with the GDPR ...

              Comment


              • #8
                Originally posted by MrsTiggywinkle View Post

                It was the same with cookie consent, panic and fear seemed widespread yet on the day it became law even the ICO's own website wasn't compliant!

                Now no one seems to care about cookie consent. Will GDPR go the same way?
                People don't actually read anything. They just race through the "I agree" buttons as quickly as possible. They're virtually always thrown later when they realize to what they have agreed. It's the same way credit card companies and payday lenders get people.

                Comment


                • #9
                  Originally posted by In Omnibus View Post

                  People don't actually read anything. They just race through the "I agree" buttons as quickly as possible. They're virtually always thrown later when they realize to what they have agreed. It's the same way credit card companies and payday lenders get people.
                  You are so right. An experiment on TV recently had people sign a form when ordering a coffee in a cafe. As they left they were presented with a mop and bucket, they looked incredulous until "cleaning up after coffee" was shown as a condition of sale on the form they had signed.



                  __________________________________________
                  We don't stop playing because we grow old;
                  we grow old because we stop playing.
                  GBS

                  Comment


                  • #10
                    Originally posted by In Omnibus View Post
                    vB4 customers can require all of their EU members to re-register with the new terms of service, which necessarily includes a waiver of the GDPR and a link to contact the controller to opt-out. It doesn't require any changes to the core software. You are required to obtain member consent to even possess a member's personal data under the regulation. This only applies to sites which are selling goods or services to EU customers. If a site is not actually selling goods or services or using personal data for research or marketing purposes it does not have to comply with the provisions of the GDPR. There is nothing that can be developed into the software to obtain consent from the existing membership. The terms of the GDPR have to be a separate agreement from any other terms or rules. You have to contact the individual members for consent, and if you do not receive consent by May 1st, 2018 you have to delete their personal data.

                    I am curious though what you think vBulletin can do with the software to help sites comply with the GDPR ...
                    This is also my conclusion in general about GDPR. I wish there were better clear real world examples of how to apply GDPR. Like cases of different types of media on the internet and how GDPR should be applied and how far.

                    My concern now is regarding data portability.

                    Should I still comply to the data portability requirements within GDPR and somehow... create a possibility to export all threads / posts made by a user?

                    Comment


                    • #11
                      Originally posted by R1Swedie View Post

                      This is also my conclusion in general about GDPR. I wish there were better clear real world examples of how to apply GDPR. Like cases of different types of media on the internet and how GDPR should be applied and how far.

                      My concern now is regarding data portability.

                      Should I still comply to the data portability requirements within GDPR and somehow... create a possibility to export all threads / posts made by a user?
                      Threads and posts wouldn't be considered "personal data" under this regulation unless they specifically contained publicly accessible personal identifying information. Real Name, Physical Address, Telephone Number(s), E-mail address(es), IP Addresses, Credit Card or Banking Information, etc.

                      The problem is all posts contain the user's IP address but it's not public and it's not always in the interest of a "commercial transaction."

                      I've suggested in the JIRA that administrators who sell goods or services in the EU or who conduct marketing or data research in the EU are the only people who need comply with the regulation and those who need comply with the regulation should be specific about the data collected, the nature, the purpose, who receives the data, and why the data will not be "forgotten" even if requested. Data which is kept in the interest of freedom of information or for statistical purposes is exempt from the "right to be forgotten."

                      Comment


                      • #12
                        This situation is being reviewed. Just like Cookie Consent, someone will probably release a GDPR retrofit for websites that is a simple line of javascript code. When COPPA was released in the US, we scrambled to implement it. It was said that "Every site had to comply." Once implemented, less than 10% of our customers were required by the guidelines to comply. So while we're reviewing this, we're also waiting for the Internet Brands legal team to provide guidance on how to proceed. However, compliance will most likely be in the vBulletin 5 series only.
                        Translations provided by Google.

                        Wayne Luke
                        The Rabid Badger - a vBulletin Cloud customization and demonstration site.
                        vBulletin 5 Documentation - Updated every Friday. Report issues here.
                        vBulletin 5 API - Full / Mobile
                        Vote for your most annoying bugs.
                        I am not currently available for vB Messenger Chats.

                        Comment


                        • #13
                          Originally posted by Wayne Luke View Post
                          Just like Cookie Consent...
                          The controversial ePrivacy Regulation (Cookie Consent), which was originally due to come into force in May 2018 together with the GDPR, will come in 2019. Thats why no one really cares about it yet...

                          Comment


                          • #14
                            Originally posted by shining View Post

                            The controversial ePrivacy Regulation (Cookie Consent), which was originally due to come into force in May 2018 together with the GDPR, will come in 2019. Thats why no one really cares about it yet...
                            It has already been diluted so that nothing will really come of it. You have to consent to cookies to use the sites so people just check the box to eliminate the popup. I actually foresee the same thing happening with GDPR. Just another checkbox on a registration form.
                            Translations provided by Google.

                            Wayne Luke
                            The Rabid Badger - a vBulletin Cloud customization and demonstration site.
                            vBulletin 5 Documentation - Updated every Friday. Report issues here.
                            vBulletin 5 API - Full / Mobile
                            Vote for your most annoying bugs.
                            I am not currently available for vB Messenger Chats.

                            Comment


                            • shining
                              shining commented
                              Editing a comment
                              Its like the GDPR in a transition period (donīt know if this is the right word for it)... but both were not in force yet. please google yourself or even better: aks a lawyer.. its not easy to find good quality english links/pages in german google... think this one is okay for quick overview: https://www.i-scoop.eu/gdpr/eu-eprivacy-regulation/

                              If there were better and more hooks in vb5 then 3rd party developers could help.. but still we have the problem that we are dependent on the godwill of your vb5 developer team. So please donīt play down the problems that commercial website/forum owners might get in the future here in europe. This starts already by using afiliate links or google adsense... which a lot of forums have in use.

                            • Wayne Luke
                              Wayne Luke commented
                              Editing a comment
                              We are asking the lawyers. That is why we're not rushing to implement anything. I stated that in my first reply on this topic. If a specific hook location is required for you to do third-party work on this, then you should request it. Otherwise, you'll need to wait for things to go through the proper process.
                          Working...
                          X