For forum owners, if you want to learn more about what you can do about GDPR, you can take a read at this: https://xenforo.com/community/threads/upcoming-changes-for-gdpr-compliance-in-xf1-and-xf2.146888/ - This is exclusive to XenForo but the general information is useful for what you need to know and you can find similar tools for your forum software. If your forum software hasn't released updates to comply with the regulation, then maybe its time to move to a better one. I recommend XenForo in this case.
GDPR privacy laws!
- Thread starter Page
- Start date
For forum owners, if you want to learn more about what you can do about GDPR, you can take a read at this: https://xenforo.com/community/threads/upcoming-changes-for-gdpr-compliance-in-xf1-and-xf2.146888/ - This is exclusive to XenForo but the general information is useful for what you need to know and you can find similar tools for your forum software. If your forum software hasn't released updates to comply with the regulation, then maybe its time to move to a better one. I recommend XenForo in this case.
I can say the same for IPB, they have added allot to the system to make it easy on things.
https://invisioncommunity.com/news/product-updates/gdpr-updates-for-invision-community-433-r1087/
https://invisioncommunity.com/news/community-management/your-gdpr-questions-answered-r1086/
https://invisioncommunity.com/news/product-updates/gdpr-updates-for-invision-community-433-r1087/
https://invisioncommunity.com/news/community-management/your-gdpr-questions-answered-r1086/
IT. IS. TAXING.
It's the same thing as the IRS collecting tax from corporations. If your company is big enough, you are tax'ed against the value of your company. Right now, Facebook's C.E.O. (Zuckerberg), is appearing before the stupid European Parliament folks just to argue why Facebook isn't responsible for EU resident's account(s). He already did, but I mean, it's an ongoing case, and I doubt it's going to be resolved. But the thing is, EU's ego will just tax FB's corporate funds.
The whole point of GDPR is to "charge" corporations residing HQ's in EU. The legalese on EU's part is too broad, and will cost American citizens, and residents money. This will prompt Trump to hit back at EU at some point, and will prompt a civil war. This a shady law, and it's horrible.
The thing is this: This law was triggered by the hackings of companies over the last few years, along with the spam attacks on e-mails and the release of personal information onto the public web or even the dark web. EU thinks U.S. is responsible for all of these unfortunate incidents that affected them, and wants to blame them. I agree that we need to hold corporations responsible for security negligence, but why do the little guy have to be collateral damage? It's because EU are a bunch of shady little fuckers. That's why.
Other saying it's fraud/scams, allGDPR is really doing is costing legitimate business's money, when the real spammers will carry on regardless but you look at the bigger picture, it's not about spammers or about costing business's money. It's about giving people control over their personal information and being informed about how that information is being used by legitimate businesses.
I disagree, IMO I think the new GDPR law is a step in the right direction to secure user's right to privacy and to make the web a more mature place. The new data protection laws doesn't apply to countries outside EU, but they do apply to all EU citizens data no matter where the server hosting this data is located.
Which ones are ridiculous?
This. Good to see that someone gets it. Really, the GDPR might result in more work in the short term for website owners, but in the long term it will make your website/business more legitimate and trustworthy.
This is the very attitude that I hate. This means you want to own your profile, the very profile that I, as the business owner own and operate? Fuck that. Look, I embrace users from EU. But as soon as you press "submit" or "sign up," you consented to registering! That's my frustration with EU residents right now. If you didn't want to have your private information out in the open, then don't put it into your profile to BEGIN WITH! UGH! *rubs head* Jesus lord.
Your privacy is leaked because of this. Blame the hackers. Companies never wanted to "expose" your information to the world. In fact, they never gave a shit about your information to begin with! Some companies are and were negligent about security, and that's what I said earlier. It's not just a PR snafu, it's a legal snafu.
Your "information" is sold, but this information isn't your full street address. It's stuff like where you are, like: Where is this user from? "United Kingdom." How much does he make? "from 20k to 30k." What's his nationality? "Hispanic." Gender? "Male." All of this information is condensed into a marketing sheet that says "30 thousand people are from United Kingdom, most of them are of Hispanic origin, and their price bracket is from 20k to 40k. We want a product that is cheap, and reaches these folks." But as I linked above, hackers get into machines, and leak company information (which are NOT intended for outside use), and guess who gets the blame? The company that owns the machine. The company that owns the server. Do you understand the problem? The EU doesn't understand this. So, practically, all of these "leaks" aren't from U.S. businesses, but rather the hackers - wherever they're from. Right now? The major target is Russia. For years now, Russia is being blamed for the election meddling. And based on the government's insistence, it may even be true.
THIS is not the way to do it! I would be okay with putting notices out saying the following:
But giving the power to EU users to delete their own account? You realize by giving them that power, it means for whatever reason, they can just claim "Whoops! I made a mistake!" but what they really want to do is hurt the business. Not just from money, but also the growth of the site. There are people who are willing to go so far, that they don't give a shit about your business, to the point of hurting it. They just want to rile people up, make controversy. I had a few users like that. They are regulars in my site, but instead of being nice, they go like "fuck off. Unsubscribe."
If you saw my the e-mails that I get from people, you would be floored by how childish people can be.
Last edited:
ture, but so many sites that are not aware of this new law. And also affect many business
As an site owner you don't need to have that option for the members. You can say in the information:
Most members/clients don't case as long as they get what they want. Like cheaper fees
I think you're looking at it wrong. They want to own their personal info Not any part of a website you "installed". It's not for you to use and abuse and distort to your own liking. I agree that once someone puts something on the internet, its up there forever. However, people have the right to decide what happens to their info and privacy.
That is completely false. Majority of websites need user information to operate. Even if it's just anonymous data. Sites like Facebook and Google make money off it.
As they should be. It is up to them to make the proper security steps and prevent hacks. I understand nothing is 100% hack proof. However, it IS the company who is at fault for lacking in security.
Remind me not to register to any of your sites as you clearly don't care about user privacy and their right to be forgotten.
This right here proves you don't understand GDPR. You don't have to delete their account. You just have to remove any personally identifiable information about them on that account. Besides, what does it matter anyway. If this is a user who will never visit your site again anyway, what difference does it make to you if their personal information gets deleted.
Listen, as I stated above I dislike the way GDPR is going about all this. However, I'm not an idiot and understand why.
I can already see by your posts how childish people can be 🙂
shreddedbullet
Up-and-Coming Sensation
Okay, for someone who's totally new to this, what do I do to my forum to make this transition without getting in trouble? I use PhpBB 3.2. I thought the forum software handled the privacy policies on it's own.
I can't find a straight answer. What steps do I take to cover my back?
Also, I'm in the US. How the hell do EU laws apply to me?
I can't find a straight answer. What steps do I take to cover my back?
Also, I'm in the US. How the hell do EU laws apply to me?
They apply when an EU resident registers on your site. if you don't want to abide by EU laws, you can block access to EU users entirely.
From what I can see phpbb don't have any gdpr addons out yet.
shreddedbullet
Up-and-Coming Sensation
Still, why would that be my responsibility? Wouldn't it be their responsibility to block my site? Since I'm in a different country I shouldn't have to worry about laws in other countries.
No 😛 As the website owner it is your responsibility to block countries you cannot legally operate in. An end user would not know whether you are legal or not. It's very easy to block EU via cpanel. However, that may end up loosing out on some good members. Might be best to just get GDPR compliant.
It is called "extraterritorial laws".
- Extraterritorial jurisdiction (ETJ) is the legal ability of a government to exercise authority beyond its normal boundaries.
shreddedbullet
Up-and-Coming Sensation
Interesting. What is the easiest way to do this since I suck at writing an entire Privacy Policy for my site? Is there a template I can copy and paste so I don't have to worry about this utterly stupid and unnecessary law?
You will need more than just a new privacy policy to comply 😛
shreddedbullet
Up-and-Coming Sensation
Catch me up on this?
I honestly can't find a straight answer anywhere. What do I need to do to comply.
I hate laws like this, because they just expect the people who this affects, to figure it out ourselves.
If they could tell us what we have to do so we don't own a million dollars I don't have, that'd be great.
So many misunderstandings about GDPR in this thread. 🙄
GDPR will make it easier for your users to understand what data you collect from them and how you use it. It will give your users increased control over their data. GDPR will also give users a detailed explanation of their rights as a customer/user on your site. This is all good stuff!
GDPR will make it easier for your users to understand what data you collect from them and how you use it. It will give your users increased control over their data. GDPR will also give users a detailed explanation of their rights as a customer/user on your site. This is all good stuff!
Phpbb is just the software your business/service is built on. It's YOU who handle your user's data and it's YOU who are responsible for their rights to privacy. The software can help make this easier for you (see the recent and good GDPR updates from IPB, etc) but it's your responsibility to comply with existing laws and regulations.
The new data protection laws applies to you if you have users/customers from the EU.
There is no such thing as a privacy policy template which you can use. Only YOU can know what kind of privacy policy your site/business require. It needs to describe how your site/business will handle and process data and privacy requests. No one can know any of these things but you.
shreddedbullet
Up-and-Coming Sensation
Okay, I've created and update a privacy policy. Can you take a look to see if my bases are covered?
https://net-chan.com/app.php/privacy-policy
https://net-chan.com/app.php/privacy-policy
Seems all good, You can edit overtime anyway! just keep your back save.
No misunderstanding here. I will explain later in this post.
All of this has been there for a very long time. EU is stirring a pot when there wasn't an issue in the first place. To gain trust to a website, the way to do it isn't by giving them control to "right to privacy." As I said earlier, you should already know what you're getting into before you "Register" or "Sign Up." It. is. your. RESPONSIBLITY.
YOURS.
Not Facebook's, not Twitter's, not Instagram's, and definitely not MINE!
I didn't want you to put your street address on your profile, but if you did that on my site - YOUR. GODDAMN. FAULT. I'll come back to this very subject later.
First, I'll respond to @Jordan whom I've known since xenForo was introduced. So, whatever he posted, was both surprising and shocking to me. I never expected the sarcasm from him. I've always treated him nicely, I've always treated him with respect. Today, I'm going to fight fire with fire. Because I do not tolerate being treated this way. I DO NOT tolerate people who use my words against me as a way to use his post as a tone to say "no, you're stupid."
You, and everyone else in EU are blowing this out of proportion, and that's why I am having the stance I have now. Yes, [and I even acknowledge this earlier...] your info is being sold, but this info is anonymous, it should not affect you. The only time you should feel affected is when your street address, Social Security, your EIN, or any other sensitive information is "leaked" to the public, or even the dark web. The anonymous info is only sold to other people as way to tell them, and I said this earlier, too:
"30 thousand people are from United Kingdom, most of them are of Hispanic origin, and their price bracket is from 20k to 40k. We want a product that is cheap, and reaches these folks."
This makes YOU totally anonymous. It doesn't identify you as a person. It just says you're male, hispanic, and you live in United Kingdom. But what'd you and the EU folks do? Freak out. You SHOULDN'T freak out. You want the next Call of Duty to target you? We can't find that information without this. We can't. We'd have to assume that United Kingdom doesn't like First Person Shooters, and we don't know what age likes it. Do you get it? If not. Then, we're at a stalemate, because you don't understand why we need that information.
Now, some sites need user information to operate - this I agree. eCommerce websites, shopping sites, and whatever gets you your favorite products online needs your full first name, address, credit card, but again, this is information that gets leaked to the dark web or the public because hackers get into machines of those companies or servers. In this case, companies need to be held responsible. That's where I agree with you. But this whole thing is too broad, and attacks just about everyone. When in the first place, it's supposed to tax corporations that have HQ's in EU. An article I saw over the weekend, says exactly what I said:
And I said that. I acknowledge it. The problem with these regulations is that it's too broad. Way too broad.
Comments like this is where I get pissed off at people. I don't appreciate people who paint me the wrong way. I don't appreciate the tone you've set here for my reputation. Until you understand where I come from, don't ever speak on my behalf. It's how you make enemies with me.
I am a very principled, very strong-minded person. I think my way, you think your way. But when you try to damage my integrity like you did in this post, I get really angry. I was when I saw this post. Thank god you weren't next to me when you said that. Because if you were, you would know how pissed off I was. You would know instantly that you pushed my button.
That being said: You misunderstand what I actually meant. I care about people's privacy, but what I don't care is your address. Your information. I don't use it for my agenda. I'm wired like that. Why? I'm an ethical person. You challenged my integrity when you said those words.
Well, we're back to square one, where I have to re-explain what I said earlier: It. is. your. responsibility.
And, YES, they want to delete their account. You have no idea what happened to me as owner. At first, I didn't understand what the fuck was going on, until I read all these GDPR e-mails, posts, hysteria, and whatever. My users came into my site - not to ask me if they could delete their account, they tried to do the following...
- Removed posts. Which means the overall forum post count goes down. Why? Because that person wanted to nuke their account.
- Removed Profile Posts. Not as big as the above, but still.
- Removed Posts' content, which is a NO-NO for SEO. I as owner get penalty from Google.
What I did afterwards is made it harder to edit posts, delete posts, delete profile posts, and whatnot.
Some users asked me to delete their account, you can imagine me scratching my head here. Wondering why a regular user is asking to delete his account after YEARS of posting, communicating with other members. I thought it was out of place. These are members I knew, trust, and even liked.
It's not their personal information gets removed, that's a problem with me. If all they wanted was to remove personal information, such as first or last names, all they had to do was ask. But they didn't.
My problem: It's the accounts/posts that are going to be removed under this stupid, dumbass law that affects owners on a large scale that they don't even begin to realise what they've done to businesses like yours and mine!
From there on, I started banning accounts. Not what I had in mind. Not what I wanted. I lose people that way!
Now, you can sit there and say "That doesn't apply to me, so I don't care, you loser!" But when it hits YOU, you will care. When it hits YOU, you will sit there and feel sorry for me. You will sit there and understand my position!
And here's another example of why I treat people like they're dumb. You insinuated that I am an idiot, and if I say so myself, you called me an idiot.
And yet another one! By structuring your post this way, you're insinuating that I am childish and idiotic, so from now on, I will treat you that way.
That's all you had to say. Everything else you said insults me. Even in this quote. I am not evil, and that's the picture that you painted me as. I have never been evil. Never will. You think that I want to use your information to abuse, and distort to my own liking, and you are getting this wrong, too. Not many corporations are interested in abusing and distorting to their liking; if they did - I agree that they need to be held responsible.
You made me look like the bad guy in this entire post.
Last edited:
I almost miss the days when the EU only forced people to put up cookies notices.
Shocking to be sure. And seriously, the right to be forgotten has always been a thing.
I don't like the idea of exposing a button for a user to hit all willy-nilly, but if they want to delete their account, then barring some time for them to possibly reconsider, there's not much you can do.
Although, it is slightly suspect considering that they're trying to apply laws across jurisdictions, which even China isn't able to do, considering they hate a huge portion of what's allowed here.
I won't be the guinea pig or "precedent" leaning either way though.
Also, XenForo are delusional if they think merely stripping usernames will anonymise the data, all someone has to do is say someone's name even once, to defeat that. And that's assuming anonymisation is permissable at all.
What admin is going to vet two thousand posts for a "My name is Randy".
You will also have to delete other people's posts, just in case there's a "Hey Randy".
Trying to be smart is actually even worse than just deleting the posts outright.
And for the record, the ad networks are going too far. Some will even do tricks where they inject a hidden form, have the browser autofill that with your username / password, and use that data to identify you.
It's utterly bizarre how they get away with things like that, the problem, like every problem when the government gets involved is that the government only has one way for reacting with problems it doesn't entirely understand. The nuclear option.
You can never really count on the government to solve problems, as much as just having it carpet bomb both sides, good or bad, into complete annihilation with the rest of us picking up the pieces.
And the thing with security, is that it's often someone else's incompetence which leads to you getting compromised, for instance, several forum software don't even use prepared statements which is practically asking to be hacked in 2018, and who really knows when another NSA virus will get leaked which causes mass devastation.
The only way to even partially mitigate that to is to go entirely custom, and even that might not be enough. It is still good to take every possible measure to be secure however. 2FA, etc. Not doing so is simply irresponsible.
I don't want to hear about nonsense like Sony getting hacked dozens of times via SQL Injections, vTech exposing millions of kids data due to an SQL Injection, or oh my, lots of SQL Injections. This is completely avoidable, just sheer incompetence.
Shocking to be sure. And seriously, the right to be forgotten has always been a thing.
I don't like the idea of exposing a button for a user to hit all willy-nilly, but if they want to delete their account, then barring some time for them to possibly reconsider, there's not much you can do.
Although, it is slightly suspect considering that they're trying to apply laws across jurisdictions, which even China isn't able to do, considering they hate a huge portion of what's allowed here.
I won't be the guinea pig or "precedent" leaning either way though.
Also, XenForo are delusional if they think merely stripping usernames will anonymise the data, all someone has to do is say someone's name even once, to defeat that. And that's assuming anonymisation is permissable at all.
What admin is going to vet two thousand posts for a "My name is Randy".
You will also have to delete other people's posts, just in case there's a "Hey Randy".
Trying to be smart is actually even worse than just deleting the posts outright.
And for the record, the ad networks are going too far. Some will even do tricks where they inject a hidden form, have the browser autofill that with your username / password, and use that data to identify you.
It's utterly bizarre how they get away with things like that, the problem, like every problem when the government gets involved is that the government only has one way for reacting with problems it doesn't entirely understand. The nuclear option.
You can never really count on the government to solve problems, as much as just having it carpet bomb both sides, good or bad, into complete annihilation with the rest of us picking up the pieces.
And the thing with security, is that it's often someone else's incompetence which leads to you getting compromised, for instance, several forum software don't even use prepared statements which is practically asking to be hacked in 2018, and who really knows when another NSA virus will get leaked which causes mass devastation.
The only way to even partially mitigate that to is to go entirely custom, and even that might not be enough. It is still good to take every possible measure to be secure however. 2FA, etc. Not doing so is simply irresponsible.
I don't want to hear about nonsense like Sony getting hacked dozens of times via SQL Injections, vTech exposing millions of kids data due to an SQL Injection, or oh my, lots of SQL Injections. This is completely avoidable, just sheer incompetence.
Last edited:
Affiliates
