Discussion in 'Site Security & Legal Issues' started by Shin Ryoku, Mar 18, 2017.
This has gone way way off topic now, please get back to the subject at hand. Thanks.
Shimei thanks for that - it helps to understand the stance of some when you understand from where they are coming from. I'm not a 'religious' person per-se, but I do believe in a force (the Native American Indians had a superb name for it - The Great Spirit) that follows us through our lives, but I do uphold the principles of law, even though I often disagree with many; some laws have been around for hundreds of years and no longer not fit the time we live in now and have never been repealed. An example would be that a Hackney Carriage in London must carry a bale of hay in its boot, as Hackney Carriages of old were horse drawn. That law fit the time that it was engaged but has never been repealed. Personally I don't consider myself a European but (for now) we as a country in the UK are part of the EU and are subject to its rulings; BTW I voted to leave the EU as I don't believe in all of its machinations
Whilst we have a lot in common as a people and share a great deal of the ideals and aspirations as nations, we do have our differences and I believe we have to respect those differences whilst keeping an open mind and having the ability to embrace change. The GDPR brings to the table changes that are for the benefit of all - even if the implementation is kind of off base, similar to this topic lol.
I agree, but whenever politics and religion are called into play they do, if presented correctly, illuminate the differences of 'why' some people believe what they believe and think what they think. And much of the discourse in this topic is derived from two distinctly different viewpoints with little understanding as to why.
I also believe that this topic has run its course - the only thing left to debate is the differences between cultures and that can become quite hectic and heated when different beliefs are called into play. The GDPR is here and we have to deal with it, one way or another; people can cooperate as best they can or dig their heels in and say 'stuff it' - that's their call, but getting into a spin over our differences is never going to achieve a positive outcome. Let's just see what happens over the course of time and let the diplomats and courts argue amongst themselves, because we can't change anything in this little part of the world and it is far more cordial and productive to see what we have in common rather than how we differ.
Is the fat lady singing? I don't think so
I guess if you have one or two small hobby related forums it's probably all done and dusted but for support forums attached to service providers and commercial outlets or for forums run for profit I suspect this one will run on for years.
I believe she lost her voice a few pages back. There is nothing constructive being added in any shape, way or form. All we have are argumentative posts about rights - principally who is right and who is wrong. I do believe the topic should be closed and let people start new topics that reflect their views and those that follow them can contribute. If you want a topic about a specific on the GDPR then post it - this is just a war zone at the moment between the GDPR and the USA with a bat and ball approach of tit-for-tat back and forth with no end. That's why I believe this topic should be closed because neither side is going to give ground no matter what, come hell or high water - so what is the point? This is supposed to be a help forum for admins.
Of course this is just in my own humble opinion. A new topic called (for want of a better term) 'How to comply with the GDPR' would be a better starting point from here on, so those interested in complying can get the advice they need. Hopefully that will stop all the angst that is being stirred up in this topic to no good end and newcomers looking for advice will not be put off by all the in-fighting.
I'm not sure how you got there. I've never said EU law is absolute. It is, however, an attempt to develop a new standard for dealing with the privacy and security of people's personal information in this global, online marketplace. It's a move that seems to be gaining traction, and approval by a lot of people around the world.
Petty insults aside, it's good that you have a lot of pride in your country. However, this law isn't about economics or who's is bigger. It's about human rights. And currently, the EU leads the pack in championing people over commerce.
And what is it your bible says about pride....?
I vote "stuff it".
And personally I agree with what it is trying to do. But there are better ways to make it apply to the major nations (actually any nations but minor ones will do what they do) than saying "You WILL do this because WE say so and you have to comply because we are the EU".
But without commerce, people can't get all those freebies that they want. You start taking away the ability of commerce to do what it does (make money) then guess what - all those neat social programs that champion the people over those big bad businesses won't be able to continue.
Is there any wonder that isolationism is growing?
This is the point to focus on for forum owners. It doesn't really matter where it comes from, how it began, or who started it. What is important are the principles behind it. Those principles are getting wide appeal from privacy advocates and business leaders all over, with calls for their nations to follow the example. As forum owners, we (those of us who have the choice) have to decide for ourselves if those are principles we embrace.
I didn't come to the GDPR easily. It looked like a nightmare, both vague and sweeping at the same time. I still think the legislation has many flaws and holes. It took some time and study to dig out the underlying idea behind it. As a long-time user advocate, I believe whole heartily in the idea of giving people the right to control their own personal information. It's good for my users and it's good for me as a user. That's what prompted me to move toward making my forum compliant, not because I'm worried about what the EU might do to me.
So people can puff their chests and spit their nationalistic or xenophobic venom against the European Union for being the ones with the where-with-all to try to do what every country should have done many years ago. In the end, though, it is up to each forum owner. If you believe in the idea, you'll find ways to make it work on your forum, even if it means changing the way you monetize your site. If you don't, carry on. There's nothing to see here.
Not really. Complying with an "unjust law" just because you may agree with a part of it is just being an enabler and empowering the group, in this case the EU. Resist the unjust law and insist that it be made just - in this case accepted by other nations with input that is listened to and acted upon by other nations if you want to insist that it applies to the rest of the world.
I'm not going to go out of the way to make any special efforts to comply with it. If my software is compliant that is fine... if it is not compliant that is also fine.
Since I have to maintain an ongoing subscription with IPS that will have any GDPR changes in it. With XenForo I'm still on an older release because I don't need to run XF 2 just because it's out... but I do need to stay on 1.5.x because it supports add-ons I use that have not been upgraded and the newer versions have not brought anything I just "had" to have in the 1.5.x line.
That's your right to see it as unjust. As you've stated previously, you already run your forum in a manner that complies with the spirit of GDPR. I think that's more important than your agreeing with the letter of the law.
No. One will meet GDPR compliancy simply because I choose to keep the SPAM ability offered by IPS. The site using XenForo has absolutely no GDPR compliancy in the version I run. And since the versions that have come out since then are not security related fixes, I feel no need to renew my license currently just so it can be GDPR compliant. I am making no special effort (actually no effort) to do anything special to comply with their law.
Tracy Perry its your own responsibility to either be GDPR compliant or not, but remember if somehow you get into trouble people warned you. If some how you find yourself in court by this you need to be aware that the court is final if you exhaust your option there, it can go either way good or bad. Big companies that have nothing in the EU even conform to GDPR so remember this that bigger companies are complying.
And many of those "big companies" (which I'm pretty sure you primarily mean FaceBook & Google) have an actual presence in the EU. By having an actual physical presence in the country(ies) covered they would be expected to comply with local law.
Simply having sales of a product or actively participating in an ad campaign that is presented in the EU will put you under their "thumb".
I have no representatives in said country. I pursue no business in said country(ies). Simply having an internet presence is not proof of pursuing business in a country.
Ergo, they have no legal jurisprudence over me. And no, I don't mind being a poster child for them pursuing someone. I could always use more money in my checking account when the associated civil suit under US law was brought against them.
I can't wait until the US decides to impose a unilateral law on the EU. I'll be right here to say "It's the law of the land. Whether you like it or not you have to comply with it so there's no point complaining. You shouldn't have any reason to be concerned unless you're doing something wrong! Why are you having such a hard time understanding 75 pages of vague contradictory rules? Other people are complying with it just fine."
They are doing that all ready US stepped out of the Iran deal companies in the EU that have no presence in the US cant do business in Iran because else they cant do business in the US. So the US is doing the same.
I thought that was pretty amazing.
Showing you've made an attempt to comply helps. But from the sounds of it, this law is mostly going after the bigger companies that collect a lot of personal data. What do we, as forum owners, collect (typically)? Email to validate user login and IP address to ensure the safety of our members so someone can't run a muck without any consequences.
The only thing I don't like is the fact that they are making it law for us to not make as much money as we can by offering our services, resources, and knowledge for "free" (free is in quotes since we can make money off the impressions but at little to no expense from the user...unless you count the ability of the ad platform to review the cookies, see what the person has been looking at on the web, and showing them ads that are relevant to that user, in which case, I think offers a much better user experience than someone like me seeing ads for tampons or leg wax).
In the end, I do plan on making the EU users an ultimatum. Since they will be consuming resources and utilizing the knowledge on my website, I think they should either have to accept tracking cookies so I can evaluate what direction I need to focus on my site while earning better targeted ad revenue or they should have to pay to use the service where there is no tracking, no ads, etc. Otherwise, if they click decline for those, they can try to find the information elsewhere (quite hard unless someone has copied our information since it is usually unique, and in that case, DMCA complaints will be sent out ). And someone said it is other users offering that information (aka not personal information)...yes, when you get to a certain point that is true, but when I started my site, I had 2000 posts, many of them were tutorials, guides, and support answers, while the next highest staff member was 300 posts. The only way to get to the point where a forum "runs itself" is when the owner goes to the great lengths like I did and then users are happy to "return the favor" or show off "hey I took this information and made some changes here, now look at it!". And it's much hard to be an administrator of a big website than an end user...keeping the platform lively and making sure users are happy, introducing more features that are requested or features that aren't requested and users didn't know they wanted (yes, sort of a quote from Steve Jobs). Many of us here have been in the game for a while...how many forums have we seen come and go? It's not an easy task and if you aren't compensated for all your hard work, yeah, you'll give up your site and the internet just lost another site that possibly was information rich.
Which is a right that is granted to anyone that "enters a treaty". They can leave said treaty also.
No, those business CAN do business in Iran. They just have to decide which market is more lucrative for them. If they decide that they want to do business in Iran then they are prohibited from doing business in the US. And that is a right of ANY country to control who does business inside their borders - even the EU. That's the point... I'm (and many others) are not doing business within the EU.
So the examples you use are nothing like what the GDPR is.
My site is decades old. Members have opted into my newsletter before there was ever an audit trail.
Now with the GDPR I am supposed to be able to prove that my members opted in or face potentially millions in fines. But there is no functionality to prove legacy members have ever given consent. This sounds like a liability to me which may result in hefty fines.
So what to do? Email everyone that I need their consent to email them? lolol.
I have posted a suggestion here:
Because it has never done this kind of thing before, of course. DMCA didn't affect EU users at all. Neither did SOPA/PIPA. Nor SOSTA/FESTA. We must have been hallucinating these...