Advertisement:

Author Topic: SMF & GDPR Personally Identifiable Information  (Read 20644 times)

Offline Portugal

  • Jr. Member
  • **
  • Posts: 204
Re: SMF & GDPR Personally Identifiable Information
« Reply #80 on: May 06, 2018, 05:33:09 PM »
Very thanks vbgamer45 for that wonderful work. Well if ive sme sugest to implement on that, i will post here :)

Offline Si6776

  • Jr. Member
  • **
  • Posts: 184
Re: SMF & GDPR Personally Identifiable Information
« Reply #81 on: May 07, 2018, 06:53:53 AM »
The right to erase

The right to erasure is also known as ‘the right to be forgotten’. The broad principle underpinning this right is to enable you to request the deletion or removal of personal data where there is no compelling reason for its continued processing.

On the forum, this can be dealt with by requesting to delete your account. A deletion will have to be approved by an administrator (to protect against accounts being deleted maliciously). Posts can be individually deleted, and can be deleted en masse. A full deletion requires a request being sent to the email above.

Your new ToS is excellent, but there seems to be a somewhat grey area around the removal of all posts should a member wish to delete their account.  If indeed, this is not a requirement, providing the member has been fully anonymised, would it be slightly misleading to say that posts can be deleted 'en masse', as how would you distinguish 'en masse'  from 'all posts'?  I would be inclined to remove the 'en masse' part, and add something along the lines of:

Quote
... In the case of a full deletion, please note that post content is not subject to the ‘right of erasure’. All posts from a deleted account will be anonymised so no trace will be left to the post author, however, any identifiable information in posts themselves won't be deleted.

How sure are we that post content isn't subject to the rights of erasure?

Offline Si6776

  • Jr. Member
  • **
  • Posts: 184
Re: SMF & GDPR Personally Identifiable Information
« Reply #82 on: May 07, 2018, 07:09:07 AM »
One more quick question - with regards the user downloading their own data, presumably they wouldn't be able to do so once an account has been deleted?  Are we (forum admins) then under any liability to provide them with their data?  I would assume not, but clarification would be good, for the ToS.  :)

Online vbgamer45

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 20,556
    • smfhacks on Facebook
    • VBGAMER45 on GitHub
    • @createaforum on Twitter
    • SMF For Free
Re: SMF & GDPR Personally Identifiable Information
« Reply #83 on: May 07, 2018, 08:25:22 AM »
I would say if the acount is deleted then they have no data left on them. Posts are ok to leave in the forum. Just have to remove personal information
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Offline Si6776

  • Jr. Member
  • **
  • Posts: 184
Re: SMF & GDPR Personally Identifiable Information
« Reply #84 on: May 07, 2018, 08:58:53 AM »
Brilliant, thanks.  :)

Offline feline

  • SMF Hero
  • ******
  • Posts: 1,638
  • Gender: Female
Re: SMF & GDPR Personally Identifiable Information
« Reply #85 on: May 08, 2018, 11:30:52 AM »
I would say if the acount is deleted then they have no data left on them. Posts are ok to leave in the forum. Just have to remove personal information
You have to note that in quotes from other users the name is stay alive !!
So it's better to remove the complete topic, not only the post from this user ...
Alternately you can check any message of quotes from this user and rename this ...

Feline

Online vbgamer45

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 20,556
    • smfhacks on Facebook
    • VBGAMER45 on GitHub
    • @createaforum on Twitter
    • SMF For Free
Re: SMF & GDPR Personally Identifiable Information
« Reply #86 on: May 08, 2018, 11:33:14 AM »
Removing the topic would be overkill. Yes the name should be removed from quotes. I have to find a good way to do that. that is not find and replace based. 
Also people can mention the persons name in a topic's post.
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Offline feline

  • SMF Hero
  • ******
  • Posts: 1,638
  • Gender: Female
Re: SMF & GDPR Personally Identifiable Information
« Reply #87 on: May 08, 2018, 11:38:25 AM »
Yes, it is overkill .. but until we have no other chance, it's better to drop the topic.
Same for export the data for GDPR ... better to remove the username in quotes

Feline

Offline hugbear

  • Semi-Newbie
  • *
  • Posts: 28
  • Gender: Male
Re: SMF & GDPR Personally Identifiable Information
« Reply #88 on: May 08, 2018, 12:40:57 PM »
Don't admins have 30 days to comply with GDPR-based requests? I would think that's plenty time to search and edit out usernames from quotes. Deleting topics with hundreds of posts just because a quoted user wants to be forgotten is overkill. Might as well retire the entire forum, it's less of a hassle...
« Last Edit: May 08, 2018, 12:58:19 PM by hugbear »

Offline Si6776

  • Jr. Member
  • **
  • Posts: 184
Re: SMF & GDPR Personally Identifiable Information
« Reply #89 on: May 08, 2018, 04:24:41 PM »
Unless someone has actually used their real name, I can't see how even quoted posts could contain PII (Personally Identifying Information), as all they would contain is a user name.  Who uses their real full name on forums?

Offline Portugal

  • Jr. Member
  • **
  • Posts: 204
Re: SMF & GDPR Personally Identifiable Information
« Reply #90 on: May 08, 2018, 04:36:39 PM »
Well... about username ive an idea, in fact i think to implement this on my forum a few years ago... its to change the information displayed... it means, change the username, to number of member, i think that solves the problem for GDPR. May it works... :)

Offline SpacePhoenix

  • Semi-Newbie
  • *
  • Posts: 26
Re: SMF & GDPR Personally Identifiable Information
« Reply #91 on: May 09, 2018, 01:44:24 AM »
Well... about username ive an idea, in fact i think to implement this on my forum a few years ago... its to change the information displayed... it means, change the username, to number of member, i think that solves the problem for GDPR. May it works... :)

Say a member's user id is 1234 and they get deleted, the poster name for any posts that they make could be changed to something like "Member1234" and their user title could be changed to "No Longer Registered". Deleting all posts by a deleted member is in no way practical as for most forum software, deleting post #1 probably deletes the entire thread. If that former member has started many threads then that could result in many threads and posts disappearing from a given forum.

Deleting the changing the member name in quotes to, using the above example "Member1234" will be a case of working out the correct regular expression for use with a php function like preg_filter, using one example (opening and closing [ ] removed to make it quote as intended

Quote
quote author=Portugal link=topic=559841.msg3971698#msg3971698 date=1525811799

The bit:

Quote
author=Portugal link

would have to have the member's name changed to something like "Member 1234" Things like mentions (on any forum (of any software)) that uses mentions should be easy to do. Where a member's name has just been typed in normally i can't see a viable alternative to just using the forum's search facility to search for instances of the ex-members name.

Here's a thought, say a member gets deleted from a forum (might not necessarily be running SMF), they get deleted, then the server craps itself and the forum gets restored to a backup from before the member gets deleted. Would the owners of the forum have to go through the deletion process again (could well be different people admins from those that maintain the server and/or software), or would the ex member have to re-submit their request for removal

Offline Ravey76

  • Jr. Member
  • **
  • Posts: 125
  • Gender: Male
    • BMW Einzylinder
Re: SMF & GDPR Personally Identifiable Information
« Reply #92 on: May 10, 2018, 08:31:16 AM »
Great work, vbgamer45! Thanks a lot for it, it comes just in time

In case someone needs a GERMAN translation of it - here it is ...

By the way, "General Data Protection Regulation (GDPR)" means in german "Datenschutz-Grundverordnung (DSGVO)"
... just in case you want to change the name of your app for the german users

Online vbgamer45

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 20,556
    • smfhacks on Facebook
    • VBGAMER45 on GitHub
    • @createaforum on Twitter
    • SMF For Free
Re: SMF & GDPR Personally Identifiable Information
« Reply #93 on: May 10, 2018, 09:07:55 AM »
Thanks
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Offline @rjen

  • Jr. Member
  • **
  • Posts: 278
  • Gender: Male
Re: SMF & GDPR Personally Identifiable Information
« Reply #94 on: May 11, 2018, 07:18:55 AM »
1.0.3
!Spelling fixes for GDPR

Installed it , and when I export data I am getting these erros in the log...

https://www.fjr-club.nl/index.php?action=profile;area=exportdata;u=3
2: Invalid argument supplied for foreach()
Bestand: /home/deb77453/domains/fjr-club.nl/public_html/Themes/default/Profile.template.php
Regel: 1204

https://www.fjr-club.nl/index.php?action=profile;area=exportdata;u=3
8: Undefined index: profile_fields
Bestand: /home/deb77453/domains/fjr-club.nl/public_html/Themes/default/Profile.template.php
Regel: 1204

The code in question.

Code: [Select]
1198: if (!empty($context['profile_fields']))
1199: echo '
1200: <dl>';
1201:
1202: // Start the big old loop 'of love.
1203: $lastItem = 'hr';
==>1204: foreach ($context['profile_fields'] as $key => $field)
1205: {
1206: // We add a little hack to be sure we never get more than one hr in a row!
1207: if ($lastItem == 'hr' && $field['type'] == 'hr')
1208: continue;

By the way: I am NOT getting the custom profile fields in the download...
(FYI: using PHP7.1)
Running SMF 2.0 with Tinyportal 1.6.0 at www.fjr-club.nl
Testing SMF 2.1 beta 4 with Tinyportal 1.6.1 at http://test2.fjr-club.nl/

Online vbgamer45

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 20,556
    • smfhacks on Facebook
    • VBGAMER45 on GitHub
    • @createaforum on Twitter
    • SMF For Free
Re: SMF & GDPR Personally Identifiable Information
« Reply #95 on: May 11, 2018, 09:15:34 AM »
If you make money in any way. Such as ads they would say you do.
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Offline @rjen

  • Jr. Member
  • **
  • Posts: 278
  • Gender: Male
Re: SMF & GDPR Personally Identifiable Information
« Reply #96 on: May 11, 2018, 09:32:45 AM »
If you make money in any way. Such as ads they would say you do.

Is this in response to my bug report?

If so, the 'ads' on my site are not making me any money: Out site is a bikers' club site: the company's mentioned on our site are providing members of the club a discount on purchases....
Running SMF 2.0 with Tinyportal 1.6.0 at www.fjr-club.nl
Testing SMF 2.1 beta 4 with Tinyportal 1.6.1 at http://test2.fjr-club.nl/

Offline petewadey

  • Jr. Member
  • **
  • Posts: 125
Re: SMF & GDPR Personally Identifiable Information
« Reply #97 on: May 12, 2018, 04:06:08 AM »
Thanks vbgamer45. Good work. I've added this to my site and it works fine. I now just need to email all my members to ask them to log on to except the agreement.
I'm very curious why this forum hasn't done anything about GDPR yet? As it holds the same personal data as mine or anyone else's Simple Machines Forum?

Offline lurkalot

  • Sophist Member
  • *****
  • Posts: 1,141
  • Gender: Male
  • Tinyportal Support
    • guitaristguild on Facebook
    • Tinyportal on GitHub
    • @GuitaristGuild on Twitter
    • Guitarist Guild
Re: SMF & GDPR Personally Identifiable Information
« Reply #98 on: May 12, 2018, 04:48:56 AM »

Installed it , and when I export data I am getting these erros in the log...

https://www.fjr-club.nl/index.php?action=profile;area=exportdata;u=3
2: Invalid argument supplied for foreach()
Bestand: /home/deb77453/domains/fjr-club.nl/public_html/Themes/default/Profile.template.php
Regel: 1204

https://www.fjr-club.nl/index.php?action=profile;area=exportdata;u=3
8: Undefined index: profile_fields
Bestand: /home/deb77453/domains/fjr-club.nl/public_html/Themes/default/Profile.template.php
Regel: 1204


Getting the same two errors on my site.  ;)

Offline Illori

  • Project Manager
  • SMF Master
  • *
  • Posts: 49,952
Re: SMF & GDPR Personally Identifiable Information
« Reply #99 on: May 12, 2018, 06:16:57 AM »
I'm very curious why this forum hasn't done anything about GDPR yet? As it holds the same personal data as mine or anyone else's Simple Machines Forum?

we are in the process of consulting a lawyer for what we need to do.