Advertisement:

Author Topic: SMF & GDPR Personally Identifiable Information  (Read 20263 times)

Offline aegersz

  • SMF Hero
  • ******
  • Posts: 1,445
  • Gender: Male
  • "mods" junkie
    • dopetalk
Re: SMF & GDPR Personally Identifiable Information
« Reply #300 on: June 02, 2018, 12:15:18 AM »
i see, thanks vbg.
The configuration of my Linux VPS (SMF 2.0 with 140+ mods) can be found here and notes on my mods can be found here (warning: those links will take you to a drug related forum)

Offline Dame2

  • Semi-Newbie
  • *
  • Posts: 23
Re: SMF & GDPR Personally Identifiable Information
« Reply #301 on: June 04, 2018, 07:40:30 AM »
Not mentioned yet ...if you monetized your forum with Google Adsense you will need to address this issue in a way which satisfies Google.   Google has created the option to show only non-personalized ads for EU users of your forum:

Ad review center>all my sites> EU user consent

Still need to have a consent form according to Google.... otherwise you are not compliant with Google Adsense and you risk having your account terminated.   I chose to close my forum since ad revenues have declined and adhering to GDPR and Google was just too much to be bothered with.


Offline Ben_S

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 11,709
  • xxx
Re: SMF & GDPR Personally Identifiable Information
« Reply #302 on: June 04, 2018, 07:49:17 AM »
So a small notification from us (SMF), we're adding the GDPR-features to the next release (2.0.16.).

That is certainly a welcome update, I personally wouldn't pay for a mod to address it, more likely I would pay for XenForo to address this and other some other shortcomings in SMF.
Liverpool FC Forum with 14 million+ posts.

Offline Si6776

  • Jr. Member
  • **
  • Posts: 184
Re: SMF & GDPR Personally Identifiable Information
« Reply #303 on: June 04, 2018, 12:31:36 PM »
So, how do forums stand while we are awaiting the SMF update?  Is it actually legal to continue without taking any action towards GDPR compliance?

Offline vbgamer45

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 20,471
    • smfhacks on Facebook
    • VBGAMER45 on GitHub
    • @createaforum on Twitter
    • SMF For Free
Re: SMF & GDPR Personally Identifiable Information
« Reply #304 on: June 04, 2018, 12:58:01 PM »
I have a mod that helps with GDPR at https://custom.simplemachines.org/mods/index.php?mod=4183 
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Offline Si6776

  • Jr. Member
  • **
  • Posts: 184
Re: SMF & GDPR Personally Identifiable Information
« Reply #305 on: June 04, 2018, 02:50:23 PM »
I have a mod that helps with GDPR at https://custom.simplemachines.org/mods/index.php?mod=4183 

Yes, I was aware of that, and many thanks for all your work in making it available.

What I was getting at is, if I wanted to wait for the SMF update, so as to avoid effectively doing everything twice (with regards member consents, etc), is it still legal to run a forum with no mods, and therefore no compliance?  I assume it is, as the SMF board itself is still going.

Offline vbgamer45

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 20,471
    • smfhacks on Facebook
    • VBGAMER45 on GitHub
    • @createaforum on Twitter
    • SMF For Free
Re: SMF & GDPR Personally Identifiable Information
« Reply #306 on: June 04, 2018, 03:07:56 PM »
It is all about risk to comply or not. Questions about law mainly should be spoken to lawyer as there are many interpretations
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Offline petewadey

  • Jr. Member
  • **
  • Posts: 122
Re: SMF & GDPR Personally Identifiable Information
« Reply #307 on: June 05, 2018, 05:05:55 AM »
Hi vbgamer45
After installing this mod, when I delete a members account who had images in Gallery Pro, I get this error message. Any ideas?

Offline GigaWatt

  • The Smiley Guy
  • Support Specialist
  • Sophist Member
  • *
  • Posts: 1,341
  • Gender: Male
    • Macedonian electronics forum
Re: SMF & GDPR Personally Identifiable Information
« Reply #308 on: June 05, 2018, 06:10:24 AM »
What I was getting at is, if I wanted to wait for the SMF update, so as to avoid effectively doing everything twice (with regards member consents, etc), is it still legal to run a forum with no mods, and therefore no compliance?  I assume it is, as the SMF board itself is still going.

Depends where the server hosting your site is located. If it's in the EU, yes, you're affected. If it's not, you're probably safe.

And I wouldn't worry about small communities and local forums... those will probably be last in the chain to get a warning... if they ever get one.

Don't be so paranoid about these laws. TPB was shut down at least twice and is still up thanks to some legal loopholes, mirrors and other technical/IT tricks ;).
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

Online Aleksi "Lex" Kilpinen

  • A Peculiar Finn
  • Lead Support Specialist
  • SMF Super Hero
  • *
  • Posts: 17,390
  • Gender: Male
  • Don't worry, I'm n00b friendly
    • Aleksi.Kilpinen on Facebook
    • aleksi-kilpinen on LinkedIn
Re: SMF & GDPR Personally Identifiable Information
« Reply #309 on: June 05, 2018, 06:24:14 AM »
What I was getting at is, if I wanted to wait for the SMF update, so as to avoid effectively doing everything twice (with regards member consents, etc), is it still legal to run a forum with no mods, and therefore no compliance?  I assume it is, as the SMF board itself is still going.

Depends where the server hosting your site is located. If it's in the EU, yes, you're affected. If it's not, you're probably safe.
Actually no, the GDPR affects you if you cater to EU citizens - regardless of the country you are in. This is mostly achieved by international agreements, and based on a voluntary choice to either not cater to the EU, or accept the responsibility.

It does NOT involve you though, if you are not a business entity of any kind.
A Finnish Support Specialist
 Happily running multiple SMF 2.0 installations.

How you can help SMF

"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum.
 Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

Offline vbgamer45

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 20,471
    • smfhacks on Facebook
    • VBGAMER45 on GitHub
    • @createaforum on Twitter
    • SMF For Free
Re: SMF & GDPR Personally Identifiable Information
« Reply #310 on: June 05, 2018, 06:29:16 AM »
Hi vbgamer45
After installing this mod, when I delete a members account who had images in Gallery Pro, I get this error message. Any ideas?

that's a gallery pro issue for deleted members. You loaded the page that had a member before and is trying to lookup the member but it was deleted.
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Offline GigaWatt

  • The Smiley Guy
  • Support Specialist
  • Sophist Member
  • *
  • Posts: 1,341
  • Gender: Male
    • Macedonian electronics forum
Re: SMF & GDPR Personally Identifiable Information
« Reply #311 on: June 05, 2018, 06:49:14 AM »
Actually no, the GDPR affects you if you cater to EU citizens - regardless of the country you are in. This is mostly achieved by international agreements, and based on a voluntary choice to either not cater to the EU, or accept the responsibility.

It does NOT involve you though, if you are not a business entity of any kind.

Even if I my site is making revenue, I'd like to see them take any legal action if my server and domain are registered in China or Russia ::).

Not that my forum is making revenue, just making a point... there are ways to stay online even if some law somewhere forbids something.
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

Offline Uhura!

  • Sophist Member
  • *****
  • Posts: 1,037
  • Gender: Female
    • Our Parenting Spot
Re: SMF & GDPR Personally Identifiable Information
« Reply #312 on: June 19, 2018, 09:23:33 PM »
« Last Edit: June 19, 2018, 09:56:57 PM by Uhura! »
:) Our Parenting Spot is an online parenting community for fathers, mothers, grandparents, teachers, and family service professionals. 8) We also provide low cost advertising options for authors, family service providers, and businesses with family friendly products and services. ;D Visit us @ www.OurParentingSpot.net!

Offline Si6776

  • Jr. Member
  • **
  • Posts: 184
Re: SMF & GDPR Personally Identifiable Information
« Reply #313 on: June 20, 2018, 03:43:43 AM »
Sharing my updated Privacy Policy. Hope it helps! ... https://ourmomspot.net/community/index.php?PHPSESSID=rfe9s39r4mdcq2r5rgq5c2v4s0&action=register

I previously had it reviewed by an attorney, but I was able to update it easily based on the EU's GDPR info here: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/principles-gdpr/what-information-must-be-given-individuals-whose-data-collected_en

Thanks, but I'm getting:

Forbidden

You don't have permission to access /community/index.php on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

Seems you have to register to read it. 

Offline Sh@mbles

  • SMF Hero
  • ******
  • Posts: 4,916
  • Gender: Male
    • i30 Owners Club
Re: SMF & GDPR Personally Identifiable Information
« Reply #314 on: June 20, 2018, 04:17:16 AM »
Quote from: Si6776
Sharing my updated Privacy Policy. Hope it helps! ... https://ourmomspot.net/community/index.php?PHPSESSID=rfe9s39r4mdcq2r5rgq5c2v4s0&action=register

Seems you have to register to read it. 

I just read it - no problems.

Offline Armada

  • Jr. Member
  • **
  • Posts: 283
  • Gender: Male
  • Tux loves Linux
Re: SMF & GDPR Personally Identifiable Information
« Reply #315 on: June 20, 2018, 06:37:51 PM »
Uhura! Thanks for sharing that with us, it's appreciated. I like the clarity in there.
--- SMF Rocks even more than YabbSE---

Offline Chalky

  • SMF Friend
  • SMF Hero
  • *
  • Posts: 3,380
  • Gender: Female
  • If in doubt, give me beer...
    • ChalkCat
Re: SMF & GDPR Personally Identifiable Information
« Reply #316 on: June 27, 2018, 09:56:28 AM »
Good job guys, I'm looking forward to the GDPR features in 2.0.16.  Something I'm wondering about though, when members are required to accept the privacy policy... what should be done with inactive members who don't respond?  Should they be given something like 30 days to respond and then their accounts are deleted by default?  Or should we just do nothing knowing they will be asked for consent should they ever log in again?

Offline feline

  • SMF Hero
  • ******
  • Posts: 1,638
  • Gender: Female
Re: SMF & GDPR Personally Identifiable Information
« Reply #317 on: June 27, 2018, 10:26:22 AM »
According the GDPR, the acceptance of the Privacy Data Regulation must be Saved !!!
So it's a good option to save the data of accepting in the Member table. For this you have add a column in the table ...

Online Aleksi "Lex" Kilpinen

  • A Peculiar Finn
  • Lead Support Specialist
  • SMF Super Hero
  • *
  • Posts: 17,390
  • Gender: Male
  • Don't worry, I'm n00b friendly
    • Aleksi.Kilpinen on Facebook
    • aleksi-kilpinen on LinkedIn
Re: SMF & GDPR Personally Identifiable Information
« Reply #318 on: June 27, 2018, 10:28:47 AM »
Good job guys, I'm looking forward to the GDPR features in 2.0.16.  Something I'm wondering about though, when members are required to accept the privacy policy... what should be done with inactive members who don't respond?  Should they be given something like 30 days to respond and then their accounts are deleted by default?  Or should we just do nothing knowing they will be asked for consent should they ever log in again?
On a purely speculative note, I would see inactive members that have not logged in over a prolonged period as unnecessary data, and without clear acceptance they should probably be removed.
A Finnish Support Specialist
 Happily running multiple SMF 2.0 installations.

How you can help SMF

"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum.
 Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

Offline Chalky

  • SMF Friend
  • SMF Hero
  • *
  • Posts: 3,380
  • Gender: Female
  • If in doubt, give me beer...
    • ChalkCat
Re: SMF & GDPR Personally Identifiable Information
« Reply #319 on: June 27, 2018, 10:33:11 AM »
Thanks Aleksi!  That'll be a good chunk of my members then...