MyBB Community Forums
General Data Protection Regulation (GDPR) - anyone preparing plugins? - Printable Version

+- MyBB Community Forums (https://community.mybb.com)
+-- Forum: Extensions (https://community.mybb.com/forum-201.html)
+--- Forum: Plugins (https://community.mybb.com/forum-73.html)
+---- Forum: Plugin Requests (https://community.mybb.com/forum-65.html)
+---- Thread: General Data Protection Regulation (GDPR) - anyone preparing plugins? (/thread-215816.html)

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14


RE: General Data Protection Regulation (GDPR) - anyone preparing plugins? - Eldenroot - 2018-05-14

I post a link to a plugin which supports your request - change name in quotes...


RE: General Data Protection Regulation (GDPR) - anyone preparing plugins? - labrocca - 2018-05-14

Quote:Q: Can I delete my account and be forgotten?
A: Our sign up agreement does say "You agree your account can not be deleted without exceptional circumstances" I will however review each case as requested on a one to one basis.

That's invalid. The law requires you to give them the right to delete their content. You can't say that they'll agree that you're exempt from the law. That's like saying "I agree that you can murder me" and then claim it's not murder because they agreed.

@sarisisop I think your terms are insufficient on a number of points but that one in particular is just not going to work.

Part of the real problem with this is that Google, datacenters, and services like Cloudflare are going to potentially be a huge problem. Imagine you don't comply and Google delists you? Or Cloudflare stops providing your service.

My own approach is going to be "dissociation". Where if a user requires their privacy then content linking their posts will be converted to a "Guest" post which should satisfy the law imho. The intent of law is to allow top-tier privacy. It's not meant for copyright or destroying content. So if I can retain the content (posts) but disassociate from the user I do believe I'll be compliant.

Quotes are a real problem though and it's likely I'm going to alter MyBB so that quotes no longer function with a username. This destroys a vital function in forums but what choice do we have? It's imho the lesser of all evils.

This law is insanity. Huge burden on small sites which don't have the resources to fully understand and comply with this ridiculous EU law. I'm not in EU, I shouldn't have to care about this.


RE: General Data Protection Regulation (GDPR) - anyone preparing plugins? - erich199 - 2018-05-15

But I'm not an EU resident...
That may be true, but with over half a billion residents in 28 member states, it's a fairly reasonable expectation that at some point you will have an EU resident register on your forum and they will indeed be protected by this regulation and breaches of the regulation can bring penalties and fines against you, whether you're an EU resident, or not. Even so, data protection and privacy will be important to every one of your members, regardless of their country of origin.


RE: General Data Protection Regulation (GDPR) - anyone preparing plugins? - Omar G. - 2018-05-15

You are only required to meet the regulation if you directly aim the EU market, wasn't that the case?


RE: General Data Protection Regulation (GDPR) - anyone preparing plugins? - labrocca - 2018-05-15

(2018-05-15, 02:00 AM)Omar G. Wrote: You are only required to meet the regulation if you directly aim the EU market, wasn't that the case?


https://www.eugdpr.org/gdpr-faqs.html

"The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location."

Ignoring this law may end up having consequences and I suggest that no one ignore it.


As a forum owner I (and most likely everyone here), is under the "data controller" definition for regulation. Service like Google and Cloudflare are "data processors". And while you as a controller might ignore the law you may have to contend with the processors taking action against your site like delisting it from Google Search results or hosts cancelling your account.


There really is a lot to consider for forum owners. I actually think we are the most effected by it.


RE: General Data Protection Regulation (GDPR) - anyone preparing plugins? - Eldenroot - 2018-05-15

So guys, how will you solve this on your boards, I am just curious about it because I dont know the best way... anyway I need to solve this ASAP Sad


RE: General Data Protection Regulation (GDPR) - anyone preparing plugins? - kawaii - 2018-05-15

(2018-05-15, 01:55 PM)Eldenroot Wrote: So guys, how will you solve this on your boards, I am just curious about it because I dont know the best way... anyway I need to solve this ASAP Sad

Keep an eye on this repository:

https://github.com/kawaii/mybb-pdatactrl

In the next couple of weeks we should hopefully have something usable for forum owners.


RE: General Data Protection Regulation (GDPR) - anyone preparing plugins? - labrocca - 2018-05-15

I'd like to see MyBB remove the Birthdays feature by default. It's private information and even if members opt-in to display it the GDPR requires you to remove it at their request if they stop being a member. I see very little benefit on having it anymore other than to confirm age as signup. Birthday should be a setting now to universally remove from profile and put into its own template.

The law also requires giving members the ability to delete their own accounts. Now you can do this manually in the ACP each time it's requested but better to allow members to do it.

Then there is an issue with data retention for long periods of time. We'll need to cap how long things like IPs are stored. A better pruning system is going to be needed.

I'm still formulating my own policy and I hope when I'm done I'll post a nice thread here about all the changes I think MYBB will need for the default software to be compliant. But these couple things I've mentioned are off the top of my head.

And I want to note that so far the only site I've seen where they've made adjustments which are similar would be Discord.
https://discordapp.com/privacy


btw, here is a direct link to the actual law.
http://eur-lex.europa.eu/eli/reg/2016/679/oj

I find it ironic they expect all policies to be written in plain speak but the law is over 100 pages long of legalese. Fines are up to 10 million Euro btw for violating this law. Who wants to deal with that?


RE: General Data Protection Regulation (GDPR) - anyone preparing plugins? - effone - 2018-05-15

I said it before, I say it again:
Allowing users to delete data is a disaster for the sites empowered by user posted data only.

If this is the intent there might not be any forum software.

I'd also like to know the method of UK penalise the admins not coming under UK regulations. I'll not comment further in this regard. I just expressed my doubt.


RE: General Data Protection Regulation (GDPR) - anyone preparing plugins? - Eldenroot - 2018-05-15

(2018-05-15, 02:09 PM)kawaii Wrote:
(2018-05-15, 01:55 PM)Eldenroot Wrote: So guys, how will you solve this on your boards, I am just curious about it because I dont know the best way... anyway I need to solve this ASAP Sad

Keep an eye on this repository:

https://github.com/kawaii/mybb-pdatactrl

In the next couple of weeks we should hopefully have something usable for forum owners.

Do we have couple of weeks?!  Huh