Archived Boards and Threads... > SMF Feedback and Discussion

[Brainstorming] EU data protection regulations

(1/2) > >>

Please see:

I'm starting this topic for brainstorming and discussion.
Do the existing or projected regulations affect SMF forums installations, and how? Perhaps particular forums, targeted at user services such as offering download services?
Do the existing regulations affect already SMF forums, in particular EU jurisdictions, why and how?

I'll note: it has been argued repeatedly in the past, that the user of a site/forum, has all rights to their personal data, such as email, website, and other profile data, to at least *see* them when they see fit (ask to know what the site/owner/company operating the site, "knows" about them). Of course, SMF allows that, unless a particular admin changes their installation.
It has been argued though, that under some laws (i.e. Finland, IIRC), this extends also to the posts they made... which is different: it's content, not personal contact information. Does it extend to content, how, why (what laws/regulation), any precedents?
Do note also that the ToS (the registration agreement) intervenes here as well.

I'll keep this topic short, it's only an invitation for you SMF admins and users, to share your knowledge on the matters. Please lets try to keep it to *actual* facts.

Please do also note: SMF admins need to make sure that their site operates correctly within the bounds of their respective jurisdictions. However, the first step is understanding them, their impact, and their reasoning, I'd say, and we can see if or how we can help.

Just be aware that posts may contain personal information, so the argument that posts are "content" isn't really going to work. Personally I'm going to get hardass on my ToS/registration agreement. It'll be worded so it is actually possible to run the place, bearing in mind the necessity of being able to deal with trolls, spammers and other miscreants without them being able to lead you on a merry chase. Let's face it, in practice you need to keep records of emails, IP's, etc to run the place effectively.

The applicable legislation in the UK is the Data Protection Act which is enforced by the Information Commissioner (ICO).

Forums necessarily record the username, email address, password, the IP Address used to register and the last-used IP Address. As far as the Data Protection Act is concerned, none of these is considered to be private information and thus can be retained without the need for the website to register with the ICO as a Data Controller.

But users often beef-up their profile with other information which could be used to identify them. Whilst they remain a member of the site, there's no problem since they have access to that information and can modify or remove it at will. A problem does occur if a member is banned since they no longer have access to their profile or private messages and thus can not remove them. Sites that retain this information should either register with the ICO or remove that personal information.

This can be overcome by extending the ban function to include removing non-essential information from the members' profile along with all his sent and received PMs.


--- Quote from: CircleDock on May 01, 2012, 01:17:41 PM ---This can be overcome by extending the ban function to include removing non-essential information from the members' profile along with all his sent and received PMs.

--- End quote ---
Simple delete the banned member account and create a new empty with the same name  ;)

(or just don't allow users to delete accounts)


[0] Message Index

[#] Next page

Go to full version