News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

SMF & GDPR Personally Identifiable Information

Started by kitz, April 11, 2018, 01:35:54 PM

Previous topic - Next topic

aegersz

The configuration of my Linux VPS (SMF 2.0 with 160+ mods & some assorted manual tweaks) can be found here and notes on my mods can be found here (warning: those links will take you to a drug related forum). My (House) music DJ dedication page is here

Dame2

Not mentioned yet ...if you monetized your forum with Google Adsense you will need to address this issue in a way which satisfies Google.   Google has created the option to show only non-personalized ads for EU users of your forum:

Ad review center>all my sites> EU user consent

Still need to have a consent form according to Google.... otherwise you are not compliant with Google Adsense and you risk having your account terminated.   I chose to close my forum since ad revenues have declined and adhering to GDPR and Google was just too much to be bothered with.


Ben_S

Quote from: CoreISP on May 31, 2018, 04:16:48 PM
So a small notification from us (SMF), we're adding the GDPR-features to the next release (2.0.16.).

That is certainly a welcome update, I personally wouldn't pay for a mod to address it, more likely I would pay for XenForo to address this and other some other shortcomings in SMF.
Liverpool FC Forum with 14 million+ posts.

Si6776

So, how do forums stand while we are awaiting the SMF update?  Is it actually legal to continue without taking any action towards GDPR compliance?

vbgamer45

Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Si6776

Quote from: vbgamer45 on June 04, 2018, 12:58:01 PM
I have a mod that helps with GDPR at https://custom.simplemachines.org/mods/index.php?mod=4183 

Yes, I was aware of that, and many thanks for all your work in making it available.

What I was getting at is, if I wanted to wait for the SMF update, so as to avoid effectively doing everything twice (with regards member consents, etc), is it still legal to run a forum with no mods, and therefore no compliance?  I assume it is, as the SMF board itself is still going.

vbgamer45

It is all about risk to comply or not. Questions about law mainly should be spoken to lawyer as there are many interpretations
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

petewadey

Hi vbgamer45
After installing this mod, when I delete a members account who had images in Gallery Pro, I get this error message. Any ideas?

GigaWatt

Quote from: Si6776 on June 04, 2018, 02:50:23 PM
What I was getting at is, if I wanted to wait for the SMF update, so as to avoid effectively doing everything twice (with regards member consents, etc), is it still legal to run a forum with no mods, and therefore no compliance?  I assume it is, as the SMF board itself is still going.

Depends where the server hosting your site is located. If it's in the EU, yes, you're affected. If it's not, you're probably safe.

And I wouldn't worry about small communities and local forums... those will probably be last in the chain to get a warning... if they ever get one.

Don't be so paranoid about these laws. TPB was shut down at least twice and is still up thanks to some legal loopholes, mirrors and other technical/IT tricks ;).
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

Aleksi "Lex" Kilpinen

Quote from: GigaWatt on June 05, 2018, 06:10:24 AM
Quote from: Si6776 on June 04, 2018, 02:50:23 PM
What I was getting at is, if I wanted to wait for the SMF update, so as to avoid effectively doing everything twice (with regards member consents, etc), is it still legal to run a forum with no mods, and therefore no compliance?  I assume it is, as the SMF board itself is still going.

Depends where the server hosting your site is located. If it's in the EU, yes, you're affected. If it's not, you're probably safe.
Actually no, the GDPR affects you if you cater to EU citizens - regardless of the country you are in. This is mostly achieved by international agreements, and based on a voluntary choice to either not cater to the EU, or accept the responsibility.

It does NOT involve you though, if you are not a business entity of any kind.
Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

vbgamer45

Quote from: petewadey on June 05, 2018, 05:05:55 AM
Hi vbgamer45
After installing this mod, when I delete a members account who had images in Gallery Pro, I get this error message. Any ideas?

that's a gallery pro issue for deleted members. You loaded the page that had a member before and is trying to lookup the member but it was deleted.
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

GigaWatt

Quote from: Aleksi "Lex" Kilpinen on June 05, 2018, 06:24:14 AM
Actually no, the GDPR affects you if you cater to EU citizens - regardless of the country you are in. This is mostly achieved by international agreements, and based on a voluntary choice to either not cater to the EU, or accept the responsibility.

It does NOT involve you though, if you are not a business entity of any kind.

Even if I my site is making revenue, I'd like to see them take any legal action if my server and domain are registered in China or Russia ::).

Not that my forum is making revenue, just making a point... there are ways to stay online even if some law somewhere forbids something.
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

Uhura!

:) Our Parenting Spot is an online parenting community for fathers, mothers, grandparents, teachers, and family service professionals. 8) We also provide low cost advertising options for authors, family service providers, and businesses with family friendly products and services. ;D Visit us @ www.OurParentingSpot.net!

Si6776

Quote from: Uhura! on June 19, 2018, 09:23:33 PM
Sharing my updated Privacy Policy. Hope it helps! ... https://ourmomspot.net/community/index.php?PHPSESSID=rfe9s39r4mdcq2r5rgq5c2v4s0&action=register

I previously had it reviewed by an attorney, but I was able to update it easily based on the EU's GDPR info here: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/principles-gdpr/what-information-must-be-given-individuals-whose-data-collected_en

Thanks, but I'm getting:

Forbidden

You don't have permission to access /community/index.php on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

Seems you have to register to read it. 

Shambles

Quote from: Si6776
Quote from: Uhura! on June 19, 2018, 09:23:33 PM
Sharing my updated Privacy Policy. Hope it helps! ... https://ourmomspot.net/community/index.php?PHPSESSID=rfe9s39r4mdcq2r5rgq5c2v4s0&action=register

Seems you have to register to read it. 

I just read it - no problems.

Armada

Uhura! Thanks for sharing that with us, it's appreciated. I like the clarity in there.
--- SMF Rocks even more than YabbSE---

Chalky

Good job guys, I'm looking forward to the GDPR features in 2.0.16.  Something I'm wondering about though, when members are required to accept the privacy policy... what should be done with inactive members who don't respond?  Should they be given something like 30 days to respond and then their accounts are deleted by default?  Or should we just do nothing knowing they will be asked for consent should they ever log in again?

feline

According the GDPR, the acceptance of the Privacy Data Regulation must be Saved !!!
So it's a good option to save the data of accepting in the Member table. For this you have add a column in the table ...

Aleksi "Lex" Kilpinen

Quote from: Chalky on June 27, 2018, 09:56:28 AM
Good job guys, I'm looking forward to the GDPR features in 2.0.16.  Something I'm wondering about though, when members are required to accept the privacy policy... what should be done with inactive members who don't respond?  Should they be given something like 30 days to respond and then their accounts are deleted by default?  Or should we just do nothing knowing they will be asked for consent should they ever log in again?
On a purely speculative note, I would see inactive members that have not logged in over a prolonged period as unnecessary data, and without clear acceptance they should probably be removed.
Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Chalky

Thanks Aleksi!  That'll be a good chunk of my members then...

Advertisement: