MyBB Community Forums

Full Version: GDPR and forums
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
This question is regarding the GDPR and forums. This question has come up at our forum about whether or not to comply with it. I am curious about what the mybb community think of it regarding forums? Specifically pertaining to IP addresses, accounts, post retention. etc.

We have always had the rule on our forum that users need to request to delete accounts and posts. And that we can deny them if we feel it is not appropriate. Also we do not like people editing posts as it changes the forums dialogue flow. This is mainly due to cheating students who do not do their homework. But there are also those people that once they get their answer they delete all their posts or edit out all the content from their posts.

First of all I am an American and the server resides on US soil. Half the team are Americans. So naturally i am thinking a law passed by the European Union would not effect our website. We do have EU members. Obviously EU members are going to say that everyone in the world has to comply with that law. But American users say the opposite.

I am curious to get opinions from a different community.
(07-15-2018, 09:48 PM)metulburr Wrote: [ -> ]This question is regarding the GDPR and forums. This question has come up at our forum about whether or not to comply with it. I am curious about what the mybb community think of it regarding forums? Specifically pertaining to IP addresses, accounts, post retention. etc.

We have always had the rule on our forum that users need to request to delete accounts and posts. And that we can deny them if we feel it is not appropriate. Also we do not like people editing posts as it changes the forums dialogue flow. This is mainly due to cheating students who do not do their homework. But there are also those people that once they get their answer they delete all their posts or edit out all the content from their posts.

First of all I am an American and the server resides on US soil. Half the team are Americans. So naturally i am thinking a law passed by the European Union would not effect our website. We do have EU members. Obviously EU members are going to say that everyone in the world has to comply with that law. But American users say the opposite.

I am curious to get opinions from a different community.

If the website is ran by an American and is based inside the confines of the USA, technically, you and your website does not need to conform to the GDPR.

Having said that...

It won't hurt you or the website to follow the GDPR because I have a feeling that once this idiotic current admnistration is gone, the next administration will attempt to get some sort of US version of GDPR law passed and at that point in time, everyone in the USA will have to comply.
If you and the website already have conformed to the GDPR, you're in good shape.

Just my take on this.
We don’t, and have no intention to, comply to GDPR. Our website is based in Australia, on servers I physically own and go visit. If you want a website with a right-to-be-forgotten, we are not for you.
The talk is on with almost every forum software board. Looks like every major player is doing what can be done to be compatible. There was another thread on this forum which talked extensively about it. Give a search and you might get some solutions.

Another thing is that do we need to comply. Some forums I visit say that non EU companies, boards need to comply. However, they failed to say what will be the after effects if we do not.
Make sure your website clearly states your jurisdiction (eg. on your About Us or Terms of Use page).
Thank you all for your opinions and information. I am glad i am not alone then.
Forums as a whole do not store many personal information. email, password and IP that is all we have about a user. Not unless some admins add extra profile field and ask them DoB, gender etc. I never liked that practice. It is always best to collect as less personal information as possible.

Not many software offers an option to users to download info stored about them.
We do have a lot of custom profile fields added as it pertains to forum content (such as github/bitbucket account URL's, used 3rd party libs, Operating Systems, etc.) But users themselves can remove that kind of information anytime they want.

We also have the geo plugin that adds for admins/mods the users geo info and extended info in their profile. Example:

Quote:[b]IP address
REMOVED
Useragent
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0
Browser
Mozilla Firefox 61.0
Operating System
Linux



Country

United States (US)
City
04210 Auburn
Region
Maine
Continent code
NA
Latitude
REMOVED
Longitude
REMOVED

But its not 100% accurate and has come in handy with spam identification or troubling users.
GDPR wants to let users download what information admins have stored about them. Also, the board owners are responsible to remove them upon request.
Nope. I see no reason to comply.

From personal experience, 95% of account delete requests are submitted by trolls. Unsurprisingly, they create new accounts again.