Discussion in 'Site Security & Legal Issues' started by Shin Ryoku, Mar 18, 2017.
Same as the EU with GDPR comply or you cant do business with the EU.
Honestly.. best thing that could happen would be that the entire EU be fire-walled off so they could protect their citizens.... would probably end up looking very similar to China before long.
I wasn't talking about your software. You previously stated that you don't sell member information to advertisers, don't track members to promote ads, and even anonymize your IPs. Ergo, you are following the spirit of what GDPR is about. Congrats.
I'm not 100% on this, but I believe existing members are grandfathered under GDPR, so you don't have to do that. But you should set up a go-forward process for new members, and perhaps consider some sort of consent renewal system that could pick up existing members over time. Businesses in my country went through a lot of the same issue here when the CASL anti-spam legislation came in.
This is what I was talking about before. Global economics and trade are blurring nationalistic lines, especially when it comes to the internet.
I thought I saw one of the articles state that if you previously got consent, you are fine. No need to re-do consent.
I dont think this is the case. You need to demonstrate explicit valid consent. If you cannot then there is no valid consent.
The WP29 document on consent does not mention any grandfathering. See attachment.
I have read several opinions by lawyers on the matter which stated that new consent needs to be requested if consent cannot be demonstrated. Even opinions by lawyers are just opinions. Here is one by two lawyers:
If you have any information to the contrary then please post this.
Tell that to smaller companies with Facebook groups. One has already been gone after.
That case was brought years ago and only just hit a conclusion - and wasn't under the GDPR, but under the DPD legislation, or under Germany's specific interpretations of the DPD (which have now mostly come into line with GDPR)
The regulations require all consents to to meet GDPR standards. If they don't they need to be refreshed. GDPR standards state that consent requires a positive opt-in.
I'd argue that there's a slightly grey area because although you may have obtained proper consent prior to GDPR, it may not have been recorded.
So in short you are probably right.
California seems set to take it even further than the GDPR: https://theadminzone.com/threads/california-consumer-privacy-act-users-can-claim-damages.147694/
Yep. I was wrong. That's something I'll have to take another look at too.
I think it requires new functionality so that existing users who do visit are at least asked to confirm their settings.
I dreamed up this suggestion:
I was surprised when Google didn't just shut down for 24 hours in the EU. On a Monday. See if people can actually function in their day-to-day lives without it.
This speaks to the state of forum software. This kind of feature is common in CMS software, and should have been part of forums long ago. We really need a total rethink of the software to make it modular enough to easily accommodate any change like this. Who know, maybe GDPR will end up being really good for forum development.
vBulletin 3.8.x was so loaded with features that it was an unmaintainable mess. Granted it was not modular. It was Christmas tree development. Everyone just kept hanging ornaments and then were surprised when the tree got unsteady.
Even as vBulletin 3.x was the most popular forum software out there, its two main developers -- Kier and Mike -- wanted to start over with a white piece of paper for vBulletin 4. Adding more features can be a double-edged sword.
I’m not sure this is the saviour of forums. I still believe the future for forums is about flavours of forum software, specialisations etc.
That's why I like the idea of modular forum software. Add what you need remove what you don't.
I don't think that's enough - we have had a couple of decades of forum software with addons that qualify on some level as modular, but it's not been enough.
I'm thinking about software that goes further down the road to the point where modularisation isn't viable because some of the flavour features are so integrated they can't be made modular.
Forum software is loaded with features that work the way it does because of technical limitations at the start of the century but make zero sense right now.
I also believe that this law was mostly made for the big companies. Think that until a few month ago it was not possible to delete a FB account, you could only disable it, but not remove it. If it's my personal data why I cannot control it and decide what to do with it? And I see people here talking about freedom...
Anyway, even if I'm late, I plan to make my forums compliant with this law.
I'd be interested to hear examples - but maybe in another thread?