General Data Protection Regulation (GDPR) - anyone preparing plugins?
#31
Thanks Roach, thats a handy competitive reference. I just wonder if they are doing all these in the core as many countries (like mine, say) not at all affected by GDPR.
[Image: logo.svg.svg]
Reply
#32
(05-09-2018, 04:56 PM)effone Wrote: Thanks Roach, thats a handy competitive reference. I just wonder if they are doing all these in the core as many countries (like mine, say) not at all affected by GDPR.

If you have European users you have to the same use this law (I say in general, if at the 100% you don't have European users then it's ok, feel super lucky Big Grin)
Reply
#33
(05-09-2018, 04:56 PM)effone Wrote: Thanks Roach, thats a handy competitive reference. I just wonder if they are doing all these in the core as many countries (like mine, say) not at all affected by GDPR.
They're in the core. Also, effectively you are still required to comply with GDPR regulations even if you don't reside in the EU. If you have members who are from the EU, you have to do these requirements. Most are just ticking boxes and giving the users a bit of information, so not too hard to comply with IMO. How they would actually go about prosecuting someone from a non-EU country who doesn't meet these regulations is a different matter though.
Reply
#34
(05-09-2018, 11:53 AM)abmd73 Wrote: Is a plugin blocked cookies but very old.
https://github.com/MattRogowski/Cookie-Law
It includes only your own cookies, I tried to add additional cookies in the cookielaw.php and cookielaw.lang.php file, but then the forum is down (I can not see a list of plugins, new cookies are shown on list).
e.g. in 1st file

'_ga => array (
'member' => true,
'guest' => true
)

and in 2nd file

$l['cookielaw_cookie__ga_desc'] = 'Stats GA.';

Perhaps someone would be affected by the modification so that you can add more cookies, description and blocking for the member and guest from the ACP level?

I have modified the plugin and included Google Analytics cookies as well as Google Adsense cookies, i didn't tested it personally if these cookies will be really blocked or not.
As referenced for the cookie names:
Types of cookies used by Google
Google Analytics Cookie Usage on Websites

Please notice that the .zip attachment has the cookielaw.lang.php inside folder "italiano" because my blog is in Italian language.


Attached Files
.zip   cookielaw.zip (Size: 6.42 KB / Downloads: 35)
Reply
#35
Changes to forums for this law may include or even require the following.

1. Disallow anyone from joining who doesn't agree to data collection. Similar to how COPPA is now.

2. Give members the full ability to delete their own account data. This may include all their posts, stored IPs, PMs, and just about all related material in the database. This is a HUGE problem imho.

3. Allow members the ability to be part of the forum but not log certain data like IPs. So similar to Facebook privacy settings. Forums may need a much more complex set of permissions.

Another issue is going to be hosts. Even if you don't agree with the GDPR you may have issues with Google, your host, and services like Cloudflare. This is similar to how DMCA may work. You might own the forum but the datacenter may have to comply with GDPR.

We may need to be concerned too with what is "personal data" since joining a forum doesn't require someone to provide much more than their email.

IMHO this law is a potential nightmare. It protects EU citizens but at a very high cost to providers.


Quote:Write down whatever you need in "Forums - Registration Agreement" and thats it.

That is not how it works. You can have a member agree to anything but later if they want full removal according to GDPR you will need to remove it.

Quote:Just few days ago, one of the bigest gaming forum from my country has close the shutters. The official reason - "impossibility to align to GDPR rules"

Exactly. This will not be as easy for forums to comply with this. Forums are reliant on some of the personal data like posts and membership data. If you strip that away you're left with nothing. We are not blogs with visitors. Forums are more similar to Facebook than a blog. We have social media elements but this law removes the ownership of the data from the provider to the member. Which is really bad for us.

Now think of these issues. What if you don't comply and Google delists you? What if your host suspends your account?

Quote:I guess one official MyBB plugin is under dev, with all good advanced features complying GDPR.

Really? I don't believe it. Does it solve everything I've outlined?

Personally, I don't comply with EU law because I'm not in EU or host there but I see that GDPR is going to be a problem.

Quote:Most are just ticking boxes and giving the users a bit of information, so not too hard to comply with IMO.

That's wrong. It's difficult to comply with this law.
Reply
#36
(05-10-2018, 07:46 PM)labrocca Wrote:
Quote:I guess one official MyBB plugin is under dev, with all good advanced features complying GDPR.

Really?  I don't believe it.  Does it solve everything I've outlined?

Yes, and possibly yes.

https://github.com/kawaii/mybb-pdatactrl

Keep an eye on that repository over the next 2 - 4 weeks, whilst not 'official' it should at least bridge the gap at making MyBB a whole lot more GDPR compliant - once finished and released that is.
Reply
#37
(05-10-2018, 08:17 PM)kawaii Wrote:
(05-10-2018, 07:46 PM)labrocca Wrote:
Quote:I guess one official MyBB plugin is under dev, with all good advanced features complying GDPR.

Really?  I don't believe it.  Does it solve everything I've outlined?

Yes, and possibly yes.

https://github.com/kawaii/mybb-pdatactrl

Keep an eye on that repository over the next 2 - 4 weeks, whilst not 'official' it should at least bridge the gap at making MyBB a whole lot more GDPR compliant - once finished and released that is.

Alright, nice.

I'm doing a lot of research now and if I figure out more stuff that's a concern or come up with solutions I'll be sure to vocalize them at MyBB. This is going to effect us all.


btw, I figured out that this does a really decent job at plain language explaining some changes.
https://www.digitalocean.com/security/gd...agreement/

That's the sort of thing we're all going to have to come up with for our users.

And here is 2 other resources:
https://ico.org.uk/for-organisations/res...ssessment/

https://ico.org.uk/media/1624219/prepari...-steps.pdf
Reply
#38
Regarding deleting content, one of the things we've talked about is instead anonymising content - add anew "system" user that posts/threads could be moved to. I'm not sure if that will meet the requirements of the GDPR though...
Reply
#39
Quote: add anew "system" user that posts/threads could be moved to.

That will not satisfy GDPR.

https://www.eugdpr.org/gdpr-faqs.html

Quote:What constitutes personal data?
Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

Anyone can complain their posts are personal data and require you to remove it.
Reply
#40
Maybe anonymizing data (for example IP)? But then it would be a disaster if, for example, you have to check the multi-account etc.


For example next update of Wordpress (it's just to understand how others move): https://make.wordpress.org/core/2018/05/...-9-6-beta/
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)