SMF & GDPR Personally Identifiable Information

Started by kitz, April 11, 2018, 01:35:54 PM

Previous topic - Next topic

Aleksi "Lex" Kilpinen

I base my answer only on a gut feeling over the fact that you either have to have a legal interest to protect by keeping the members data, or you have to have their permission to keep their data. For members that have been away for say more than a few months, have not given clear consent, and are not currently doing business with you, you basically lack both.

Sucks, but that's how I would see it.
Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Arantor

That's a pretty good interpretation.

You have no automatic right to any data, and you either need a legal right (performing a service counts, as would performing legal duties or criminal investigation) or the user consenting.

Without clear proof of consent, it's tough but I think you'd be safe doing one round of emails to long dormant accounts with "we haven't heard from you, and so under GDPR we are going to clear out the data we have on you after a 30 day period"

Those who care can then reconsent, those who don't, you've done your due diligence.

This at least would be above board under the ICO guidance. YMMV for other EU territories.

Si6776

Quote from: Aleksi "Lex" Kilpinen on June 27, 2018, 10:28:47 AM
Quote from: Chalky on June 27, 2018, 09:56:28 AM
Good job guys, I'm looking forward to the GDPR features in 2.0.16.  Something I'm wondering about though, when members are required to accept the privacy policy... what should be done with inactive members who don't respond?  Should they be given something like 30 days to respond and then their accounts are deleted by default?  Or should we just do nothing knowing they will be asked for consent should they ever log in again?
On a purely speculative note, I would see inactive members that have not logged in over a prolonged period as unnecessary data, and without clear acceptance they should probably be removed.

On the other hand, it could be argued that removing large chunks of members, particularly those that have participated in threads, would be detrimental to the site, and therefore, it wouldn't be unreasonable to keep that data.  Members that have registered but never posted, however, are fair game for removal, in my opinion. 

Arantor

You don't have to delete posts unless they contain personal data, only the accounts.

Aleksi "Lex" Kilpinen

For some sites that might work too, but I would not be willing to bet that would hold in general. You would have to have some real reason to keep the personal data, not meaning user provided content which is another thing really, but the actual user info.
Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Rikacha

I apologize for bumping this topic but am wondering if a forum owner does not comply with the new GDPR regulations and installs some type of tool which allows for the right to be forgotten and other GDPR regulations, can I contact SMF support to have my content deleted from the site or how should I proceed? I have managed to accumulate thousands of posts on a particular forum and I am confident that some of them do contain identifying information, but despite using the search function for keywords there are still posts in sections I do not have access too and, the risk that I have overlooked something which worries me.

vbgamer45

SMF does not have any control over other forum owner or their content.. You would have to contact them.
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro


vbgamer45

It is not. GDPR is built into SMF now found under Admin -> Core Features
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Advertisement: