GDPR and vBulletin

Collapse
This topic is closed.
X
X
 
  • Time
  • Show
Clear All
new posts
  • Ordovicium
    Senior Member
    • Nov 2001
    • 292
    • 4.2.x

    GDPR and vBulletin

    What are the crucial changes in regard of the upcoming General Data Protection Regulation for the vBulletin Software? Will be there a self deletion of the user account for example?
    I guess the changes will only come along with vB5 but how can vB4 customers react on the law?
    Sorry for my English
    Let'z talk German
  • Osman_b
    New Member
    • Oct 2017
    • 5
    • 5.3.x

    #2
    I have the same question. Do you have any plan for it?

    Comment

    • shining
      Member
      • Mar 2017
      • 56
      • 5.2.x

      #3
      I have created a jira today for this for new registrations.



      Please vote...

      And for already existing members maybe you should send all of them an email to inform them. And then they need to consider whether to stay in your forum or being deleted.

      Comment

      • Mark.B
        vBulletin Support
        • Feb 2004
        • 24286
        • 6.0.X

        #4
        Anything implemented would only be for vB5. vB4 is no longer in development.

        Also it must be an administrative option. I wouldn't want any site of mine to have a self-deletion option forced upon it (and this law doesn't require that anyway).

        Any changes will need to be carefully researched as many people's interpretation of this change is rather knee-jerk and over the top. You don't need self-deletion for example.
        MARK.B
        vBulletin Support
        ------------
        My Unofficial vBulletin 6.0.0 Demo: https://www.talknewsuk.com
        My Unofficial vBulletin Cloud Demo: https://www.adminammo.com

        Comment

        • Mrs.T
          Senior Member
          • Nov 2007
          • 1210
          • 6.0.X

          #5
          Originally posted by Mark.B
          Any changes will need to be carefully researched as many people's interpretation of this change is rather knee-jerk and over the top. You don't need self-deletion for example.
          It was the same with cookie consent, panic and fear seemed widespread yet on the day it became law even the ICO's own website wasn't compliant!

          Now no one seems to care about cookie consent. Will GDPR go the same way?

          Comment

          • Mrs.T
            Senior Member
            • Nov 2007
            • 1210
            • 6.0.X

            #6
            For those who don't know what GDPR is, there is useful info on the ico website

            Comment

            • In Omnibus
              Senior Member
              • Apr 2010
              • 2310

              #7
              vB4 customers can require all of their EU members to re-register with the new terms of service, which necessarily includes a waiver of the GDPR and a link to contact the controller to opt-out. It doesn't require any changes to the core software. You are required to obtain member consent to even possess a member's personal data under the regulation. This only applies to sites which are selling goods or services to EU customers. If a site is not actually selling goods or services or using personal data for research or marketing purposes it does not have to comply with the provisions of the GDPR. There is nothing that can be developed into the software to obtain consent from the existing membership. The terms of the GDPR have to be a separate agreement from any other terms or rules. You have to contact the individual members for consent, and if you do not receive consent by May 1st, 2018 you have to delete their personal data.

              I am curious though what you think vBulletin can do with the software to help sites comply with the GDPR ...

              Comment

              • In Omnibus
                Senior Member
                • Apr 2010
                • 2310

                #8
                Originally posted by MrsTiggywinkle

                It was the same with cookie consent, panic and fear seemed widespread yet on the day it became law even the ICO's own website wasn't compliant!

                Now no one seems to care about cookie consent. Will GDPR go the same way?
                People don't actually read anything. They just race through the "I agree" buttons as quickly as possible. They're virtually always thrown later when they realize to what they have agreed. It's the same way credit card companies and payday lenders get people.

                Comment

                • Mrs.T
                  Senior Member
                  • Nov 2007
                  • 1210
                  • 6.0.X

                  #9
                  Originally posted by In Omnibus

                  People don't actually read anything. They just race through the "I agree" buttons as quickly as possible. They're virtually always thrown later when they realize to what they have agreed. It's the same way credit card companies and payday lenders get people.
                  You are so right. An experiment on TV recently had people sign a form when ordering a coffee in a cafe. As they left they were presented with a mop and bucket, they looked incredulous until "cleaning up after coffee" was shown as a condition of sale on the form they had signed.



                  Comment

                  • R1Swedie
                    Senior Member
                    • Oct 2003
                    • 128
                    • 2.3.0

                    #10
                    Originally posted by In Omnibus
                    vB4 customers can require all of their EU members to re-register with the new terms of service, which necessarily includes a waiver of the GDPR and a link to contact the controller to opt-out. It doesn't require any changes to the core software. You are required to obtain member consent to even possess a member's personal data under the regulation. This only applies to sites which are selling goods or services to EU customers. If a site is not actually selling goods or services or using personal data for research or marketing purposes it does not have to comply with the provisions of the GDPR. There is nothing that can be developed into the software to obtain consent from the existing membership. The terms of the GDPR have to be a separate agreement from any other terms or rules. You have to contact the individual members for consent, and if you do not receive consent by May 1st, 2018 you have to delete their personal data.

                    I am curious though what you think vBulletin can do with the software to help sites comply with the GDPR ...
                    This is also my conclusion in general about GDPR. I wish there were better clear real world examples of how to apply GDPR. Like cases of different types of media on the internet and how GDPR should be applied and how far.

                    My concern now is regarding data portability.

                    Should I still comply to the data portability requirements within GDPR and somehow... create a possibility to export all threads / posts made by a user?

                    Comment

                    • In Omnibus
                      Senior Member
                      • Apr 2010
                      • 2310

                      #11
                      Originally posted by R1Swedie

                      This is also my conclusion in general about GDPR. I wish there were better clear real world examples of how to apply GDPR. Like cases of different types of media on the internet and how GDPR should be applied and how far.

                      My concern now is regarding data portability.

                      Should I still comply to the data portability requirements within GDPR and somehow... create a possibility to export all threads / posts made by a user?
                      Threads and posts wouldn't be considered "personal data" under this regulation unless they specifically contained publicly accessible personal identifying information. Real Name, Physical Address, Telephone Number(s), E-mail address(es), IP Addresses, Credit Card or Banking Information, etc.

                      The problem is all posts contain the user's IP address but it's not public and it's not always in the interest of a "commercial transaction."

                      I've suggested in the JIRA that administrators who sell goods or services in the EU or who conduct marketing or data research in the EU are the only people who need comply with the regulation and those who need comply with the regulation should be specific about the data collected, the nature, the purpose, who receives the data, and why the data will not be "forgotten" even if requested. Data which is kept in the interest of freedom of information or for statistical purposes is exempt from the "right to be forgotten."

                      Comment

                      • Wayne Luke
                        vBulletin Technical Support Lead
                        • Aug 2000
                        • 73981

                        #12
                        This situation is being reviewed. Just like Cookie Consent, someone will probably release a GDPR retrofit for websites that is a simple line of javascript code. When COPPA was released in the US, we scrambled to implement it. It was said that "Every site had to comply." Once implemented, less than 10% of our customers were required by the guidelines to comply. So while we're reviewing this, we're also waiting for the Internet Brands legal team to provide guidance on how to proceed. However, compliance will most likely be in the vBulletin 5 series only.
                        Translations provided by Google.

                        Wayne Luke
                        The Rabid Badger - a vBulletin Cloud demonstration site.
                        vBulletin 5 API

                        Comment

                        • shining
                          Member
                          • Mar 2017
                          • 56
                          • 5.2.x

                          #13
                          Originally posted by Wayne Luke
                          Just like Cookie Consent...
                          The controversial ePrivacy Regulation (Cookie Consent), which was originally due to come into force in May 2018 together with the GDPR, will come in 2019. Thats why no one really cares about it yet...

                          Comment

                          • Wayne Luke
                            vBulletin Technical Support Lead
                            • Aug 2000
                            • 73981

                            #14
                            Originally posted by shining

                            The controversial ePrivacy Regulation (Cookie Consent), which was originally due to come into force in May 2018 together with the GDPR, will come in 2019. Thats why no one really cares about it yet...
                            It has already been diluted so that nothing will really come of it. You have to consent to cookies to use the sites so people just check the box to eliminate the popup. I actually foresee the same thing happening with GDPR. Just another checkbox on a registration form.
                            Translations provided by Google.

                            Wayne Luke
                            The Rabid Badger - a vBulletin Cloud demonstration site.
                            vBulletin 5 API

                            Comment


                            • shining
                              shining commented
                              Editing a comment
                              Its like the GDPR in a transition period (don´t know if this is the right word for it)... but both were not in force yet. please google yourself or even better: aks a lawyer.. its not easy to find good quality english links/pages in german google... think this one is okay for quick overview: https://www.i-scoop.eu/gdpr/eu-eprivacy-regulation/

                              If there were better and more hooks in vb5 then 3rd party developers could help.. but still we have the problem that we are dependent on the godwill of your vb5 developer team. So please don´t play down the problems that commercial website/forum owners might get in the future here in europe. This starts already by using afiliate links or google adsense... which a lot of forums have in use.

                            • Wayne Luke
                              Wayne Luke commented
                              Editing a comment
                              We are asking the lawyers. That is why we're not rushing to implement anything. I stated that in my first reply on this topic. If a specific hook location is required for you to do third-party work on this, then you should request it. Otherwise, you'll need to wait for things to go through the proper process.
                          • gsk8
                            Senior Member
                            • Jun 2003
                            • 482
                            • 4.2.x

                            #15
                            Originally posted by Mark.B
                            Anything implemented would only be for vB5. vB4 is no longer in development.
                            I noticed that XenForo has worked to find a way to help their users bring their forums into compliance. I realize that VB no longer develops version 4, but was wondering if there is still any input and/or assistance to help the forum owners do the same?

                            Further, can anyone clarify the following?

                            - Does the "right to erasure" extend to posts/content a user makes on a forum (except under specific contexts where said content is personal information)?

                            - If a forum owner has a legitimate interest in retaining account details (for example to log troublesome users or enforce a 1 account policy), then do we have to delete an account ?

                            - What, if anything, can we had to TOS before someone registers to protect ourselves?

                            - What, if anything, can we do to get current users to agree to new TOS before they can continue to post?
                            Paula

                            Comment

                            Related Topics

                            Collapse

                            Working...