(2012-12-30, 05:23 AM)Tom K. Wrote: [ -> ]Refusing to delete an account is a risky tactic to take. By my understanding (I'm no lawyer), it is illegal to hold personal data of an identifiable data subject without their consent.
The European data Directive Article 7 specifies:
Quote:a) the data subject has unambiguously given his consent; or
Although a user can go through and delete most of their data, some data cannot be removed, such as logs. This is identifiable data, and must be deleted by you (the board owner). Honestly, deleting an account really takes no time at all.
Similarly, under the UK data protection Act 1998, you cannot hold personal data if it will cause damage or distress to the subject. By refusing to remove the data, it could be argued that you are causing distress.
But I'm no lawyer, and I would remove an account if requested.
show me what identifiable information is available in a server log? All the information I have is an IP address that may or may not be your individual IP and a timestamp. The IP tells me little information (I can geolocate it approximately) and it contains absolutely nothing identifiable about you.
I would need to somehow obtain your personal details from your ISP for the given timestamp, if the IP is even identifying your router.
if the comment is about admin/mod logs in the ACP, there is no personal information there and once the user changes the details in their account, again it is disconnected from them.
Quote:Simply put depending on what you do with user information it can be tested in court if its legal.
You have to have a basis in law to go to court. On what basis do you this would be "tested in court"? You can't just say "I think this is immoral so I'm gonna sue".
Quote:Their is though a huge difference between the tos of most MYBB forums and the things you named like Ebay.
Are you going to argue TOS or are you going to argue ethics?
Legally you're just losing this argument and ethically I think I've given more than enough reasons why you shouldn't delete member accounts.
Here is a serious question.
What argument can you make to a site owner that your data should be deleted?
Example: "Dear site owner, please delete my account data from your service because...."
Okay now we're getting somewhere:
http://en.wikipedia.org/wiki/Data_Protection_Directive
Quote:The seven principles governing the OECD’s recommendations for protection of personal data were:
Notice—data subjects should be given notice when their data is being collected;
Purpose—data should only be used for the purpose stated and not for any other purposes;
Consent—data should not be disclosed without the data subject’s consent;
Security—collected data should be kept secure from any potential abuses;
Disclosure—data subjects should be informed as to who is collecting their data;
Access—data subjects should be allowed to access their data and make corrections to any inaccurate data; and
Accountability—data subjects should have a method available to them to hold data collectors accountable for following the above principles.[3][/quiote]
I can fully agree with all those principles. Also I don't see anywhere in that page indicating that site owners will be required to remove private member data simply because it's requested. Matter of fact it states otherwise as far as I can read.
[quote]The data subject even has the right to demand the rectification, deletion or blocking of data that is incomplete, inaccurate or isn't being processed in compliance with the data protection rules.
So as far as forums go...I don't see how this Directive changes currently the way things are done.
Also that's not exactly law. It's a Directive by EU.
Quote:EU directives are addressed to the member states, and aren't legally binding for citizens in principle. The member states must transpose the directive into internal law.
Lastly...
Quote: To date, the US has no single data protection law comparable to the EU's Data Protection Directive.
I'm sure eventually the US will outline laws for this but just look at how much furor SOPA started. I just don't think anyone wants to mess with the internet.
Jesse - If I may call you that -
If it's hard-coded into the TOS that we will *not* remove your account information and you should exercise caution when filling out your profile, then they have no legal leg to stand on.
I don't even see how it's ethically wrong to keep user-data like posts and such. I completely understand how it's ethically wrong to refuse to delete data like their email, name and personal information similar to that, but otherwise I think we're blowing this out of proportion. I don't know what argument someone can present to demand their account to be deleted - which can cause a lot of issues on larger communities - and until I do I will still refuse to delete an account. That plugin by Paul H seems good though, it's something I will likely install. Labrocca has already stated the strong arguments why deleting an account can be troublesome, and I completely agree with those.
I actually 100% agree with Brad.
If I sign up for a site, it's for the purpose that I wish to be a member of that website alone, not somewhere else.
Now, about the whole "legal" aspect, I actually do have a leg to stand on.
If I receive e-mails from another website that it bought the former site and/or database and merged it, I have a legal complaint against them.
I receive spam for something I 'DID NOT' sign up for.
Might not have the exact wished result but still better than nothing.
Secondly I immediatly go to the site in question, say my outrage and ask kindly to be deleted.
I'll already change every single detail as much as possible and delete my posts if possible.
If that doesn't work, then I'll simply have to get myself banned
(2012-12-30, 02:09 PM)Ansem Wrote: [ -> ]I actually 100% agree with Brad.
If I sign up for a site, it's for the purpose that I wish to be a member of that website alone, not somewhere else.
Now, about the whole "legal" aspect, I actually do have a leg to stand on.
If I receive e-mails from another website that it bought the former site and/or database and merged it, I have a legal complaint against them.
I receive spam for something I 'DID NOT' sign up for.
Might not have the exact wished result but still better than nothing.
Secondly I immediatly go to the site in question, say my outrage and ask kindly to be deleted.
I'll already change every single detail as much as possible and delete my posts if possible.
If that doesn't work, then I'll simply have to get myself banned
but again your example here is not about the original thread content of merging data, but rather the outright selling of personal info solely for access to that personal data, which we all agree is wrong.
Selling personal information is part of merging, so then it's both wrong.
(2012-12-30, 05:54 PM)Ansem Wrote: [ -> ]Selling personal information is part of merging, so then it's both wrong.
No, it just comes in the package. What the buyer is actually buying is the content, the foundation; the intent is to build a successful website, it's not simply isolating personal information and selling it. I assume you disagree with sites like Ebay, PayPal and other mainstream platforms selling then? As it would be rather hypocritical to solely be against it for forums only.
(2012-12-30, 06:06 PM)Crayo Wrote: [ -> ] (2012-12-30, 05:54 PM)Ansem Wrote: [ -> ]Selling personal information is part of merging, so then it's both wrong.
No, it just comes in the package. What the buyer is actually buying is the content, the foundation; the intent is to build a successful website, it's not simply isolating personal information and selling it. I assume you disagree with sites like Ebay, PayPal and other mainstream platforms selling then? As it would be rather hypocritical to solely be against it for forums only.
Personally i am against any form of media selling personal user information. I have no problem with anonymous statistic data. But anything that has an IP, email, real name etc attached to it for me should be prevented by law if you ask me.
The nice examples that i have called out a few times now is the walking dead forum which was as far as i can see not merged though what ever happened with the original user data is a mystery. That is also a nice thing for those users not knowing what actually happened with their information.
In the end it does not matter what you argue, as long as a site uses the default registration agreement and has not other "rules stated by the site admin" you are simply not allowed to do anything with the user data that would involve trading/selling of the data with anybody who is not part of the site staff, when a user signs up.
That's the whole issue the current TOS does not allow this to be done. Which is a good thing if you ask me, to bad nobody seems to bother to hold those admins (who do not change their rules) to their word.
And this is without taking into account if a person finds it ethical or not. Which i find its not, in what ever form selling username + email + any additional data to third parties for whatever reason. I just find that unethical and quite shady practice yes i know everybody does it but it does not change its something that happens behind the users backs in the shades. And a few strict rules could .. should be enforced to prevent that if you ask me.
Why would you attach your real name to a forum anyway? If you do such a thing you should get some common sense and realize that you're at risk as soon as you reveal that type of information. If you're that paranoid, sign up to forums with a disposable email. No one has posted any legitimate decent reasons why refusing to delete an account or selling your forum is unethical, but reasons for refusing to delete accounts have all been posted.
As I said earlier, people are taking this way too far. If you're paranoid then be more careful.