General Data Protection Regulation (GDPR) - anyone preparing plugins?
#41
FYI part of what I'm going to do is use the COPPA column in users table and change it to be int(10) with different status options.

Example
0= no agreement
1= coppa
2=gdrp approved
3=gdrp denied


I think using that column in user table makes more sense then adding a new one. But the column type has to be changed. The good news is that I think with minimal changes to core this can be done as coppa column isn't used much.

I've spent all day researching GDRP and one thing is for sure. None of us can ignore it.

I'm going to likely create a post here about what I've found and the changes that might be required to be compliant. An example might be how quotes are handled. And new tools for allowing members to download their account data and even delete it.
Reply
#42
Regarding the post deletion on request, it is a good idea (in fact is mandatory) for MyBB to make a big change: today, when the admin change the user ID of a person it don't affect the replies with quotes because the old posts still apear like

effone Wrote: 

even if @effone has changed the username in JohnSmith

If MyBB team will make possible to change the username even in replies with quotes, then the author will be a user like 0158987 (or a
JohnSmith) and no one can easily demonstrate a relation between the person that request removal and the post made. If the user is a good lawyer it's more complicated Smile but almost the admin has a negotiation tool in order to keep the posts but anonymized. Is not 100% fair what I proposed but it worth try to mentain live the forum... 

If GDPR will kill the forums, the GDPR will kill Mybb or others platforms

If GDPR mean post deletion, that's the end of many forums, particulary the specialized forums, where 4-5 exits of heavy posters can destabilize the entire forum because many posts and replies will remain with no sense. If we extend the gdpr to blogs with many authors or another websites based on users contribution, where the author did not sign a copyright surrender contract, that's the end for milions websites.
Think, how many authors did not leave from a publication / blog / online platform after a wrangle with the boss or colegues?! Now the owners are sure victims because the old colaborators can request masive content removal?!
Reply
#43
(05-11-2018, 04:36 PM)Lyvyoo Wrote: Regarding the post deletion on request, it is a good idea (in fact is mandatory) for MyBB to make a big change: today, when the admin change the user ID of a person it don't affect the replies with quotes because the old posts still apear like

effone Wrote: 

even if @effone has changed the username in JohnSmith

If MyBB team will make possible to change the username even in replies with quotes, then the author will be a user like 0158987 (or a
JohnSmith) and no one can easily demonstrate a relation between the person that request removal and the post maded. If the user is a good lawyer it's more complicated Smile but almost the admin has a negotiation tool in order to keep the posts but anonymized. Is not 100% fair what I proposed but it worth try to mentain live the forum... 

If GDPR will kill the forums, the GDPR will kill Mybb or others platforms

If GDPR mean post deletion, that's the end of many forums, particulary the specialized forums, where 4-5 exits of heavy posters can destabilize the entire forum because many posts and replies will remain with no sense. If we extend the gdpr to blogs with many authors or another websites based on users contribution, where the author did not sign a copyright surrender contract, that's the end for milions websites.
Think, how many authors did not leave from a publication / blog / online platform after a wrangle with the boss or colegues?! Now the owners are sure victims because the old colaborators can request masive content removal?!

You have to use this plugin - it reflects name changes in quotes. http://mybbhacks.zingaburga.com/showthread.php?tid=274

btw - works only for new quotes
[MyBB 1.8 Czech translation] [MyBB 1.8 plugins]: Prune old PMs + optimize DB plugin --- Thank you/like system
Reply
#44
Thanks, I will install it for future but having a 10 years old forum it's not the best solution for 25May 2018 Smile
Reply
#45
(05-11-2018, 04:50 PM)Eldenroot Wrote:
(05-11-2018, 04:36 PM)Lyvyoo Wrote: Regarding the post deletion on request, it is a good idea (in fact is mandatory) for MyBB to make a big change: today, when the admin change the user ID of a person it don't affect the replies with quotes because the old posts still apear like

effone Wrote: 

even if @effone has changed the username in JohnSmith

If MyBB team will make possible to change the username even in replies with quotes, then the author will be a user like 0158987 (or a
JohnSmith) and no one can easily demonstrate a relation between the person that request removal and the post maded. If the user is a good lawyer it's more complicated Smile but almost the admin has a negotiation tool in order to keep the posts but anonymized. Is not 100% fair what I proposed but it worth try to mentain live the forum... 

If GDPR will kill the forums, the GDPR will kill Mybb or others platforms

If GDPR mean post deletion, that's the end of many forums, particulary the specialized forums, where 4-5 exits of heavy posters can destabilize the entire forum because many posts and replies will remain with no sense. If we extend the gdpr to blogs with many authors or another websites based on users contribution, where the author did not sign a copyright surrender contract, that's the end for milions websites.
Think, how many authors did not leave from a publication / blog / online platform after a wrangle with the boss or colegues?! Now the owners are sure victims because the old colaborators can request masive content removal?!

You have to use this plugin - it reflects name changes in quotes. http://mybbhacks.zingaburga.com/showthread.php?tid=274

btw - works only for new quotes

Not the correct thread to start a discussion on it, but I wonder why something like this isn’t in the core? Quote usernames should definitely be updated upon a user changing their usernames IMO.
Plugin Count: I lost count.
Public Plugins are available here.
Official GitHub.
Please do not PM me for support unless asked to.
Reply
#46
(05-11-2018, 05:07 PM)Wires Wrote: Not the correct thread to start a discussion on it, but I wonder why something like this isn’t in the core? Quote usernames should definitely be updated upon a user changing their usernames IMO.

With current long-time plans it should be possible to avoid duplicated data (stored for optimal performance) - one discussed idea, related to defaulting to Markdown for simple formatting syntax, is to allow embedding media, quotes and other resources by providing a link only, which would be both simple and intuitive.
The new parsing mechanism would cache rendered posts so information like usernames could be updated automatically (with cache expiration) or on request (like anonymization).
devilshakerz.com/pgp (DF3A 34D9 A627 42E5 BC6A 6750 1F2F B8AA 28FF E1BC) ▪ keybase.io/devilshakerz
Reply
#47
For what I understand, the admin of a forum must delete posts only if there are sensitive and personal data of the user, instead if there aren't his data at most admin can delete the user's account but the posts can remain.
If you delete a user on mybb this becomes "Guest" I think.
Reply
#48
I am in support with remaining posts as anon. It is a dumb idea to let users delete posts regardless of any law. I believe the rule complies if the user loses the ownership of the post as it went anonymous.

Letting the user delete posts is a disaster for the websites empowered by user posts only.
[Image: logo.svg.svg]
Reply
#49
I think there is another important thing: having the consent updated by users.
I am seeing a webminar about the GDPR, they say that we can't keep forever the user data but often we have to have the consent updated, for example at the login tell the user "please regard the privacy policy and if ok click on the consent".
In short, the consent to the privacy policy will become a fundamental thing..
Reply
#50
(05-09-2018, 05:02 PM)IntoxNitram Wrote: How they would actually go about prosecuting someone from a non-EU country who doesn't meet these regulations is a different matter though.

EU can always fine international companies.

(05-10-2018, 10:13 PM)labrocca Wrote: Anyone can complain their posts are personal data and require you to remove it.

But they will need to prove that these posts indeed hold any personal data. If you can't prove that your post holds any personal data then administrators aren't forced to delete such content.

(05-12-2018, 07:19 PM)niere8 Wrote: I think there is another important thing: having the consent updated by users.

The user is free to change their mind right after updating the consent, so there is no point in updating at all.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)