GDPR - What does it mean for the forum owner?

Discussion in 'Site Security & Legal Issues' started by Shin Ryoku, Mar 18, 2017.

Tags:
  1. Nev_Dull

    Nev_Dull Anachronism

    1,760
    717
    +820
    I don't recall anyone ever making that claim. GDPR has nothing to do with ad-driven sites. All it does is stop sites, companies, and advertisers from tracking users or collecting and using their personal data, without their knowledge or consent.
     
  2. feldon30

    feldon30 Adherent

    381
    132
    +401
    Which is the exact description of how all modern advertising, specifically Google Adsense and Facebook Ads work.
     
  3. Nev_Dull

    Nev_Dull Anachronism

    1,760
    717
    +820
    So the law doesn't prohibit advertising. It just changes the way companies are allowed to do it. They will adapt.
     
  4. Pete

    Pete Flavours of Forums Forever

    1,773
    227
    +601
    That's actually one thing that should change, incidentally, because now publishers are NOT allowed to assume that people want their newsletter. It must be opt-in, not opt-out, so you shouldn't even have to click if you don't want the newsletter.
     
  5. feldon30

    feldon30 Adherent

    381
    132
    +401
    The newsletter and mobile app offers are opt-in messages displayed for guests.


    By the way, I love to tell this story. I was at a friend's house and mentioned a book on my shelf at home which I had not searched for or otherwise referenced in cyberspace for years. The next day, I saw an ad for it online. This is not apocryphal. I have several friends who have reported similar experiences.

    Our devices are listening to everything we say, monitoring every search we do -- not just on Google.com but Amazon, eBay, etc., showing us ads specific to our personal profiles stored by data warehouse companies. Everything is microtargeted. American cell phone carriers sell our GPS data to advertisers. Data brokers know our medical conditions, sexual preference, etc. During the 2016 election, Trump's online campaign manager had Facebook employees working at Trump HQ teaching them how to microtarget ads to individual voters. They used computer learning and automated scripts to create over 10,000 uniquely colored, phrased, and targeted advertisements PER DAY and showed them to individual voters based on the company's intrusively detailed profile on them.

    Yet people keep saying the GDPR is "no big deal", just a few common sense regulations that everyone should be able to comply with and we and are "overreacting". No we're not and no it's not simple. Google and Facebook are going to have to completely change how they operate and advertise and target consumers on May 25th or they will face massive fines. Every bit of learning they've introduced in the last 20 years will have to be rolled back to 1998 style banner ads that are "dumb" and don't know anything about you.

    And during all this, every other site owner is being swept up in these regulations even if we only make a few dollars a month in ad revenue.
     
  6. Pete

    Pete Flavours of Forums Forever

    1,773
    227
    +601
    Facebook apparently moved some of the processing out of their Ireland office to make them not have their supervisory authority (=regulator) inside the EU specifically to avoid having to shoulder all of that hassle. (Henceforth only EU users apparently will be affected by this, and they are free to carry on doing this for all the other users. I don't understand practically how this could possibly work, but Facebook has some very expensive lawyers.)

    As for Google, I've seen the paperwork. I've even sat and gone through the model clauses they're using to make sure transporting data out of the EEA (not the EU, something quite different legally) was legitimate, even though the paperwork is only covering the previous legislation, not the incoming one as it refers to 95/46/EC (aka 1995's Data Protection Directive, not the GDPR) and Google clearly thinks it has covered its posterior sufficiently.

    Even if you make no dollars a month and don't monetise your site this is relevant. And yet, as I've said repeatedly, a good 90% of this was already applicable. This has literally be law for 20 years in Europe. 20 YEARS. The only new things, really, are portability and deletion of data and the headline-grabbing fines. Right to access was already there, so was consent. These have been tightened up a bit and made more in line with the original intent which in some ways is just common sense - people were fed up of opting out of newsletters they didn't want in the first place.
     
    • Agree Agree x 1
    • Informative! Informative! x 1
    • List
  7. Maddox

    Maddox Moderator

    1,188
    407
    +891
    You only have to check your mail inbox to see how YOUR data without YOUR permission is being thrown around, sold and resold to get an angle on this. My inbox is filled every day with newsletters and sales pitches for something I never heard of, never signed up for nor agreed that my data could be used in such a way for. At first I was annoyed at the GDPR for making us jump through hoops to tighten up how we use people's data and to ensure that we treat it with the respect it deserves. It's nobody's data but our own and if we want to sell it, that's up to us, not someone else who wants to make a quick buck and be damned if they sell it to someone unscrupulous who then has a data breach because they couldn't care less and people's lives can be in tatters when they suffer from identity theft. The bigger the company the more audacious they are because they can afford high paid lawyers to wriggle them out of trouble.

    The GDPR isn't penalising sites that run advertising, they're simply making them man up and tell people what they're doing in respect of selling your data and then making them ask for your permission to do so. Taking your personal data, profiling you with it and then using it to make money without you knowing about it, well it's just amoral. And just because it's being going on for years, doesn't make it right. If those BIG companies fold, so what? They deserve it for using people to feather their own nests and treating them like chattel.

    ;)
     
    • Like Like x 2
    • Agree Agree x 1
    • List
  8. Dobson

    Dobson Aspirant

    24
    3
    +10
    IPS posted what I thought was a good and reassuring article on this a few days ago, then someone who (seemingly) knows what hes talking about has just ripped it to pieces. Just when I thought I was ok to carry on as usual, now I am back to having no clue again
     
  9. Maddox

    Maddox Moderator

    1,188
    407
    +891
    This is going to happen - because a lot of the GDPR is open to interpretation there are going to be conflicts of opinion. The real test of time will come when (I would have said 'if' but no longer) a case comes before a court of law and then we will see what interpretation is going to be considered correct. In the meantime just do what you feel is the correct thing to do based upon what has been said and discovered. Beyond that, there is not much else anyone can do.

    ;)
     
  10. Pete

    Pete Flavours of Forums Forever

    1,773
    227
    +601
    Hmm, I've just skim-read the comments to that article, and I'm not entirely convinced that that person is correct, despite seeming to be reasonably intelligent and informed.

    If it were true that companies all had to use GDPR compliant software, otherwise the entire venture is not GDPR compliant, then large amounts of the EU are not compliant because there are a great many institutions using platforms that by themselves are not compliant, and never going to be - and they don't *need* to be provided that the operations required can be carried out manually. As long as a deletion request comes in and is properly handled, that's sufficient for compliance with RTBF. Yes, there is the general guidance to use software that has privacy by design, but it's simply not possible to re-engineer that in in all cases, nor is it reasonable to expect industries to just retool their entire software setup.

    Reason for that? Word, and Excel. Word and Excel can be used to put peoples' data in. And no doubt will have been - and Word and Excel can't be 'made compliant' but it's not about making the tool compliant, it's about making the process compliant.
     
    • Like Like x 1
    • Agree Agree x 1
    • List
  11. Dobson

    Dobson Aspirant

    24
    3
    +10
    precisely why I used the term 'seemingly' :)
     
  12. feldon30

    feldon30 Adherent

    381
    132
    +401
    amedia.giphy.com_media_HiXbqSrs6aH04_giphy.gif
     
  13. Brad

    Brad Charter Member

    6,093
    1,177
    +1,330
    I have never once said I'm opposed to the idea of a law like this. I am just not happy about the EU assuming they can just force a law on the rest of the world. This is not the first time they've attempted to overstep their jurisdiction. I don't know if you've been paying attention to the EU but if not you really should read up on them. You're always going to see knee-jerk reactions from people in the US over any outside nation attempting to force us to follow their laws. This attitude is the reason we're even a county in the first place.

    Those of us with two brain cells to rub together have warned anyone that would listen for many years that storing all that personal data with third parties was a bad idea. Most people rolled their eyes and called us paranoid. You guys are speaking of the early/good days of the internet/web but you've yet to mention the main reason why it was such a nice place; Everyone was putting up content because they simply wanted to and the people storing personal data weren't running analytics on it to serve up a never ending stream of ads and broken javascript from other third parties that probably contains malware. The greed hadn't set-in yet. By all means cover your operating costs, hell make a decent living, but people are taking it too far now and attempting to get rich. You can make a living on the web without google and its ad-network. If we all ran our own advertising things would improve so much. I tell people they can ditch google all together and they say it's impossible....that's how bad things have gotten.

    This law is not going to hurt the big companies that matter. They'll do their usual underhanded stuff to avoid paying any fines/taxes. It'll just be something that makes it more of a burden for the small guy to get something going on the internet. Google, Facebook, Microsoft and all the rest of them don't care they'll eat a fine here and there and chalk it up to the cost of doing business. They're making so much on the other side that it doesn't even matter to them. I'm sure the lawyers are already thinking along the same lines as I am.

    Anyway, we're fine on this end of the pond. We'll have something similar coming a long soon I'm sure. As long as it comes from my own Government and I have the freedom to complain about it (because I'm sure it'll be awful like most laws they pass) I'm content. You won't see anything major until after midterms though, right now the crooked people that run our Government are more concerned about keeping their jobs. They're in full on ass-kissing mode at the moment so they aren't going to be doing much until the end of the year.
     
    • Agree Agree x 1
    • Informative! Informative! x 1
    • List
  14. Maddox

    Maddox Moderator

    1,188
    407
    +891
    feldon30feldon30 I'd appreciate it if you did not quote me out of context to prove a point that another member stated. Yes, the GDPR is open to interpretation depending on what points are being referred to - not ALL of it is open to interpretation, there are many, many parts that explain explicitly what is required, some parts will be open to interpretation, but that is not our job to do the interpreting, that job is down to the courts and until any case is brought under the GDPR we will not know for sure whose interpretation is the one that will have to be adhered to.

    It would be beneficial if everyone commenting on the GDPR actually read the document in its entirety and if there are any points that are unclear or lead you to making an interpretation that you are unsure about, consult the enforcing body in your own country within the EU. If you are outside of the EU then you would be better placed to wait and see what transpires rather than making uninformed statements based on your opinion, which may or may not be accurate.

    I also understand the anger from some who do not live in the EU and are having to come to terms with this new regulation, but if the ball was on the other foot and that law was coming from your own countries, you would no doubt be attempting to lean the other way. Some laws are regional, some laws are country specific and some laws are international. Depending on the agreements between countries will depend on what laws can cross borders. So until or unless your respective governments say otherwise, it would be in everyone's interests to do whatever you can to comply. After all, we are discussing something that can affect all of us in some pretty unpleasant ways and, quite possibly, already has to many.

    Attempting to point score over one another, degrades the discussion and adds nothing useful that can gleaned and applied once this regulation comes into effect on 25th May 2018.

    ;)
     
  15. sport_billy

    sport_billy Neophyte

    2
    3
    +1
    Just wondering what people are doing with their forum spam services namely -

    Stopforumspam
    Projecthoneypot
    Askimet

    We use XF and upon registration XF checks new registrations against the StopForumSpam database, presuming IP, email and username gets checked

    I am at pains to stop using these services, but I can't see if they are GDPR compliant and therefore by sending user data that way we'll be breaking GDPR
     
  16. Nev_Dull

    Nev_Dull Anachronism

    1,760
    717
    +820
    Thanks for the reply. I understand that initial reaction -- I had it myself. I was one of the ones early on who was thinking about closing off my forum to EU visitors rather than be subjected to what seemed like a vague, overarching legislation. Given some time to reflect, and to read over the law and what it was trying to do, I've come around to agreeing with the idea, and I've been working to make my own forum compliant, even though I don't believe I need to.

    I expected the same sort of response from American forum owners. And while many, like you, have come to say you aren't against the idea of GDPR, I haven't heard many say they were going to support that idea by making their own sites compliant, whether they legally needed to or not. It just seems like the kind of individual rights idea that Americans (and we Canucks) would embrace and run with, just because it is the right direction to go. So I'm guessing the primary reason for not doing it is because of where it comes from, either because it's from the EU specifically, or just externally in general.

    Again, this isn't intended as a criticism or dig, just an observation.
     
  17. iamacyborg

    iamacyborg Enthusiast

    229
    48
    +29
  18. pierce

    pierce Habitué

    1,131
    232
    +698
    Actually google adsense does not "sneakly collect" user data. There is a button at the top right for "Ad Choices"

    upload_2018-5-18_17-57-37.png


    It will lead you to this.

    You can then chose to control your ad settings.

    upload_2018-5-18_17-58-9.png


    Which gives you that and you can globally turn it off there.

    Pierce
     
  19. mysiteguy

    mysiteguy Devotee

    2,538
    887
    +1,785
    Received this today:

     
Verification:
Draft saved Draft deleted
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.