EU's GDPR

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • jagtpf
    Senior Member
    • Feb 2015
    • 111
    • 3.8.x

    [Forum] EU's GDPR

    Two of us run a Forum as a private club with members.

    The GDPR seems a sledgehammer of regulations that is likely to impact (?) many Forums like ours.

    I'm hoping it's not going to come to us having to close because of these new regulations. We can alter out T&Cs and find a way to get all members to accept, but I worry about those who are banned - their usernames/emails and IP addresses are retained on the database in order to help prevent re-registration, whilst others are there to help prevent spamming.

    If a member, inactive, for (say) 5 years, asks for their account to be deleted, the software replaces the username with 'guest', thus breaking the link between post/thread and user.
    If, however that same member requests a guaranteed deletion of all their contributions on the Forum, can the software cope - indeed can it cope if dozens of members request the same?

    Does anyone with a similar Forum have any suggestions on how to move forward on the compliance with the GDPR - we certainly don't have the funding to request specific legal advise!
  • Mrs.T
    Senior Member
    • Nov 2007
    • 1210
    • 6.0.X

    #2
    I've no legal knowledge so this is just my personal opinion.

    ​​​​​​Unless a members post content can actually identify them I would have thought changing them to guest and removing personal info from their account should be enough.

    I dont think members will care about gdpr after a while, just like the cookie policy, it will be ignored.

    Comment

    • jagtpf
      Senior Member
      • Feb 2015
      • 111
      • 3.8.x

      #3
      Indeed, one can hope....

      Comment

      • jagtpf
        Senior Member
        • Feb 2015
        • 111
        • 3.8.x

        #4
        I'll ask the main question, again.

        Can the software cope if members demand a deletion of their threads/posts?



        We have, over the years, a number of very awkward members - at least one who was particularly vicious. They have been banned.

        If one of these asks for some thousand threads/posts to be deleted, can the software cope - I know it can only be deleted manually for large post counts.

        If more than one of these makes the same demand?

        There's no clarity on whether changing their usernames to 'guest' will be sufficient.

        They remain banned in order to help stop them re-registering, which has worked for most.

        Comment

        • Peter Walker
          Member
          • Oct 2005
          • 67
          • 3.8.x

          #5
          If I want to delete a user in admincp, it tells me that "All posts made by this user will be set to 'Guest.' "
          If they are banned anyway and posts can only be viewed by current members, then how would they know if their posts were still there or not?
          You can also "Find Latest Posts by User" Select All and then delete posts.
          Sure, this can be laborious if they have made hundreds of posts.
          But is this needed - surely setting their username to Guest is sufficient.
          Regards

          Peter Walker
          http://www.rifeforum.com

          Comment

          • jagtpf
            Senior Member
            • Feb 2015
            • 111
            • 3.8.x

            #6
            Originally posted by Peter Walker
            If I want to delete a user in admincp, it tells me that "All posts made by this user will be set to 'Guest.' "
            If they are banned anyway and posts can only be viewed by current members, then how would they know if their posts were still there or not?
            You can also "Find Latest Posts by User" Select All and then delete posts.
            Sure, this can be laborious if they have made hundreds of posts.
            But is this needed - surely setting their username to Guest is sufficient.
            Is setting their username to 'Guest' sufficient.

            That I don't know, and I doubt anyone would be able to confirm without a legal case being examined.
            In our site a user can identify their own threads easily, even if their usernames are changed to 'guest'.
            They are posting their own work for discussion etc, so it's feasible.

            Is setting to 'Guest' in this context satisfactory under the terms of the GDPR?

            My main concern is the knock on effect on the database tables of deleting thousands of threads/posts from one individual. As the software wasn't
            designed with mass deletion on the table ( hence an easier solution to change to Guest ) - I'll ask again - can the software cope?

            I am asking because a previous owner of the site deleted a few hundred (I don't know how he did it) but the action damaged the tables in some way.

            Obviously deleting threads changes each post count for members who commented on the thread.

            Comment

            • Peter Walker
              Member
              • Oct 2005
              • 67
              • 3.8.x

              #7
              As there has been very little assistance provided by vBulletin, I found this page on the Xenforo forum website. It answers a lot of questions, missing here.


              The General Data Protection Regulation (GDPR) is soon upon us. But, what is it? Does it apply to your site? How can XenForo help you with compliance in the key areas of the regulation? This "Have you seen" thread will aim to clear up some of these questions, and give you a preview of what is...
              Regards

              Peter Walker
              http://www.rifeforum.com

              Comment

              • Mrs.T
                Senior Member
                • Nov 2007
                • 1210
                • 6.0.X

                #8
                Originally posted by Peter Walker
                As there has been very little assistance provided by vBulletin
                As far as I'm aware vBulletin and consulting their lawyers on interpretation of GDPR, I don't blame them for not offering much information until this is complete as people would take what they say as fact.

                It's a risky business offering assistance until you know what is the correct thing to say.





                Comment

                • jagtpf
                  Senior Member
                  • Feb 2015
                  • 111
                  • 3.8.x

                  #9
                  Originally posted by MrsTiggywinkle

                  As far as I'm aware vBulletin and consulting their lawyers on interpretation of GDPR, I don't blame them for not offering much information until this is complete as people would take what they say as fact.

                  It's a risky business offering assistance until you know what is the correct thing to say.




                  Indeed ....

                  And yet they seem to know what to do with v5....

                  Comment

                  • Mark.B
                    vBulletin Support
                    • Feb 2004
                    • 24286
                    • 6.0.X

                    #10
                    Very little assistance? We are adding GDPR support into vB5. This has been a major project.

                    We cannot provide legal advice however. You will need a lawyer for that.
                    MARK.B
                    vBulletin Support
                    ------------
                    My Unofficial vBulletin 6.0.0 Demo: https://www.talknewsuk.com
                    My Unofficial vBulletin Cloud Demo: https://www.adminammo.com

                    Comment

                    • jagtpf
                      Senior Member
                      • Feb 2015
                      • 111
                      • 3.8.x

                      #11
                      I've followed advice on another thread, to create a new entry on the profile, that's set as "required". Not too sure it's working as there's nothing yet on member's profiles. It's set, also, under 'edit profile'.

                      Comment

                      • jagtpf
                        Senior Member
                        • Feb 2015
                        • 111
                        • 3.8.x

                        #12
                        Originally posted by Mark.B
                        Very little assistance? We are adding GDPR support into vB5. This has been a major project.

                        We cannot provide legal advice however. You will need a lawyer for that.
                        Indeed - but not in vB4. I know it's a 'no longer' supported version, but this is a major change.
                        vB5 doesn't offer the custom-ability that vB4 does (or at least it didn't when I looked into upgrading).
                        I'm sure I'm not the only one who runs a non-monetary Forum as a hobby.
                        Whether I need to do anything seems to fall into a grey area as far as clarity on details is concerned.

                        Legal advice is unaffordable.

                        Comment

                        • Peter Walker
                          Member
                          • Oct 2005
                          • 67
                          • 3.8.x

                          #13
                          The problem is that all of vBulletin's customers have the same problem of what to do and kind of expect vBulletin to at least give advice as to what changes need to be made and how to do it, even if there is a disclaimer that goes with the advice. With draconian fines of up to 20 million Euros, surely it makes sense to support the customer base in this important issue.

                          You say it is risky to vBulletin, well yes but they have to upgrade their own websites as well and by not providing enough advice, you are risking that your customer's will end up with hefty fines.

                          Surely this is reason enough to even provide support for version 4.2.5 customers, as well.

                          If Xenforos can provide advice, why not vBulletin?
                          Regards

                          Peter Walker
                          http://www.rifeforum.com

                          Comment

                          • jagtpf
                            Senior Member
                            • Feb 2015
                            • 111
                            • 3.8.x

                            #14
                            Originally posted by Peter Walker
                            The problem is that all of vBulletin's customers have the same problem of what to do and kind of expect vBulletin to at least give advice as to what changes need to be made and how to do it, even if there is a disclaimer that goes with the advice. With draconian fines of up to 20 million Euros, surely it makes sense to support the customer base in this important issue.

                            You say it is risky to vBulletin, well yes but they have to upgrade their own websites as well and by not providing enough advice, you are risking that your customer's will end up with hefty fines.

                            Surely this is reason enough to even provide support for version 4.2.5 customers, as well.

                            If Xenforos can provide advice, why not vBulletin?
                            As an aside, of course, this is an EU issue - not an International or even US one....

                            But if Zenforo deem it important enough to offer support, then perhaps that's a place to go to if another software change is required?

                            Comment

                            • Mark.B
                              vBulletin Support
                              • Feb 2004
                              • 24286
                              • 6.0.X

                              #15
                              Originally posted by Peter Walker
                              The problem is that all of vBulletin's customers have the same problem of what to do and kind of expect vBulletin to at least give advice as to what changes need to be made and how to do it, even if there is a disclaimer that goes with the advice. With draconian fines of up to 20 million Euros, surely it makes sense to support the customer base in this important issue.

                              You say it is risky to vBulletin, well yes but they have to upgrade their own websites as well and by not providing enough advice, you are risking that your customer's will end up with hefty fines.

                              Surely this is reason enough to even provide support for version 4.2.5 customers, as well.

                              If Xenforos can provide advice, why not vBulletin?
                              The problem with providing legal advice with disclaimers, is that disclaimers don't generally mean a great deal. You cannot provide uninsured unqualified legal advice and then disclaim by saying "Warning: this advice might be rubbish and get you into serious trouble".

                              vB4 is end of life from a development perspective and no new features will be added, however we have provided some suggestions on how compliance might be achieved in vB4 (and vB3).

                              Software doesn't actually NEED extra features for compliance, it's just a matter of convenience.

                              I would also caution against listening to people who provide longs lists of things you MUST do otherwise <world falls in>. They are invariably partially if not entirely wrong. We had this with the cookie compliance stuff, with predictions of fines running into millions, prison sentences, none of which ever happened. There is much unnecessary hysteria over all this.
                              MARK.B
                              vBulletin Support
                              ------------
                              My Unofficial vBulletin 6.0.0 Demo: https://www.talknewsuk.com
                              My Unofficial vBulletin Cloud Demo: https://www.adminammo.com

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...