Advertisement:

Author Topic: SMF & GDPR Personally Identifiable Information  (Read 21002 times)

Offline Aleksi "Lex" Kilpinen

  • A Peculiar Finn
  • Lead Support Specialist
  • SMF Super Hero
  • *
  • Posts: 17,574
  • Gender: Male
  • Don't worry, I'm n00b friendly
    • Aleksi.Kilpinen on Facebook
    • aleksi-kilpinen on LinkedIn
Re: SMF & GDPR Personally Identifiable Information
« Reply #320 on: June 27, 2018, 10:38:25 AM »
I base my answer only on a gut feeling over the fact that you either have to have a legal interest to protect by keeping the members data, or you have to have their permission to keep their data. For members that have been away for say more than a few months, have not given clear consent, and are not currently doing business with you, you basically lack both.

Sucks, but that's how I would see it.
A Finnish Support Specialist
 Happily running multiple SMF 2.0 installations.

How you can help SMF

"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum.
 Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 69,584
    • StoryBB/StoryBB on GitHub
Re: SMF & GDPR Personally Identifiable Information
« Reply #321 on: June 27, 2018, 10:43:28 AM »
That’s a pretty good interpretation.

You have no automatic right to any data, and you either need a legal right (performing a service counts, as would performing legal duties or criminal investigation) or the user consenting.

Without clear proof of consent, it’s tough but I think you’d be safe doing one round of emails to long dormant accounts with “we haven’t heard from you, and so under GDPR we are going to clear out the data we have on you after a 30 day period”

Those who care can then reconsent, those who don’t, you’ve done your due diligence.

This at least would be above board under the ICO guidance. YMMV for other EU territories.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline Si6776

  • Jr. Member
  • **
  • Posts: 184
Re: SMF & GDPR Personally Identifiable Information
« Reply #322 on: June 27, 2018, 11:02:47 AM »
Good job guys, I'm looking forward to the GDPR features in 2.0.16.  Something I'm wondering about though, when members are required to accept the privacy policy... what should be done with inactive members who don't respond?  Should they be given something like 30 days to respond and then their accounts are deleted by default?  Or should we just do nothing knowing they will be asked for consent should they ever log in again?
On a purely speculative note, I would see inactive members that have not logged in over a prolonged period as unnecessary data, and without clear acceptance they should probably be removed.

On the other hand, it could be argued that removing large chunks of members, particularly those that have participated in threads, would be detrimental to the site, and therefore, it wouldn't be unreasonable to keep that data.  Members that have registered but never posted, however, are fair game for removal, in my opinion. 

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 69,584
    • StoryBB/StoryBB on GitHub
Re: SMF & GDPR Personally Identifiable Information
« Reply #323 on: June 27, 2018, 11:17:46 AM »
You don’t have to delete posts unless they contain personal data, only the accounts.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline Aleksi "Lex" Kilpinen

  • A Peculiar Finn
  • Lead Support Specialist
  • SMF Super Hero
  • *
  • Posts: 17,574
  • Gender: Male
  • Don't worry, I'm n00b friendly
    • Aleksi.Kilpinen on Facebook
    • aleksi-kilpinen on LinkedIn
Re: SMF & GDPR Personally Identifiable Information
« Reply #324 on: June 27, 2018, 11:20:12 AM »
For some sites that might work too, but I would not be willing to bet that would hold in general. You would have to have some real reason to keep the personal data, not meaning user provided content which is another thing really, but the actual user info.
A Finnish Support Specialist
 Happily running multiple SMF 2.0 installations.

How you can help SMF

"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum.
 Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

Offline Rikacha

  • Newbie
  • *
  • Posts: 1
Re: SMF & GDPR Personally Identifiable Information
« Reply #325 on: July 11, 2018, 10:56:28 AM »
I apologize for bumping this topic but am wondering if a forum owner does not comply with the new GDPR regulations and installs some type of tool which allows for the right to be forgotten and other GDPR regulations, can I contact SMF support to have my content deleted from the site or how should I proceed? I have managed to accumulate thousands of posts on a particular forum and I am confident that some of them do contain identifying information, but despite using the search function for keywords there are still posts in sections I do not have access too and, the risk that I have overlooked something which worries me.

Offline vbgamer45

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 20,640
    • smfhacks on Facebook
    • VBGAMER45 on GitHub
    • @createaforum on Twitter
    • SMF For Free
Re: SMF & GDPR Personally Identifiable Information
« Reply #326 on: July 11, 2018, 11:12:00 AM »
SMF does not have any control over other forum owner or their content.. You would have to contact them.
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro