About the GDPR

Started by LiroyvH, June 02, 2018, 09:08:21 PM

Previous topic - Next topic

LiroyvH

Dear users,


Many of you had questions about the GDPR and how to comply with this EU law about processing personal data of EU-citizens.
To make things easier for you, our next releases will include multiple features to help you with that. :)

The current list of features we are expecting to add to SMF is as follows:
- Data export, so users may (if you allow them to) export their profile data. (Profile including IP address(-history), posts (optional), personal messages (optional)). In the future, SMF might get an option to restore the basic profile of another site.
- Include unsubscribe links in newsletter emails if you set them to be marketing related (functional emails will remain being sent if someone opts out of marketing emails, depending on notification settings.)
- Opt-in checkbox for marketing emails during registration
- Force users to agree to new registration agreement, keep track of who consented and when they did, and the ability to see who have not agreed (yet).
- We are considering making it possible to show the privacy policy separate from the registration agreement during registration
- Show Privacy Policy link in the footer
- Ability to, when deleting a user/user has requested deletion of their data, check a box to remove IP-history from posts and anonymise their posts; which is to say their user/nickname is automatically changed to something other than what they registered with. Of course you still retain the ability to remove their posts as well. Even though this is not strictly required by GDPR if your policy checks out! (Note that you can already (pseudo-)anonymise their posts by first changing their nick before removing their profile, but we figured it would be nice to automate this in the future.)
- Extra prune functions, like expunging IP history for users as far as (technically) reasonably possible, to limit the amount of personal data you have on record. (Use with care.)

These functions will likely not all be introduced at once and some features will be expanded/improved with later updates.
We are aiming to get the basics introduced first (such as ability to add privacy policy, basic profile export, opt-out function for newsletters and forcing users to agree again to a (changed) registration agreement/privacy policy and log that). More features may be added later. If you think we forgot something, you may also post suggestions here - but please keep in mind that we are limited in time and resources. :) We have decided to implement these features in to SMF itself rather than releasing it as a modification (mod), so when you update SMF: these features will be available to you instantly.

The features will be optional for you to enable/disable, so if you do not want to use or activate them: that is possible.
We have been working hard on this and will release it as soon as possible. Our estimate is a release around the end of this month/begin of July, but please do not consider that a promise. Keep in mind that these tools are to help you with being/becoming GDPR-compliant, only activating them doesn't necessarily make you compliant. We advise you to read up on the laws and obtain legal advice if you are unsure whether or not you are compliant or have to be and what you should put in your privacy policy.


As for our own site, we will post a Privacy Policy soon to make it easier for you to see what we do with the very limited amount of data that you provide us with and information about what your rights are. And of course we will introduce the above features here as well as they will be included in SMF itself. :)

Last but not least, we apologize for the delay in introducing these features. Once we became aware of this new law, we wanted to get to the bottom of it and get some legal advice first. And as we are all volunteers: there are some time constraints as well. We are working very hard on it though and will release the features soon. :)

Thank you!


Kind regards, on behalf of;
- SMF Team
- Simple Machines
((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

GigaWatt

Will this be included in the Core features section and will it be turned on or off by default?

And with the term "our next release", do you mean the next major update (the 2.1 branch) or the current stable branch (2.0.x)?
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

LiroyvH

Quote from: GigaWatt on June 02, 2018, 09:21:00 PM
Will this be included in the Core features section and will it be turned on or off by default?

Good question on the Core features section, I'll ask the devs. :)
It will be turned off by default as we don't want to impose this on everybody, plus if you enable it you have to take extra actions such as populating your Privacy Policy.

QuoteAnd with the term "our next release", do you mean the next major update (the 2.1 branch) or the current stable branch (2.0.x)?

Both! :)
But SMF 2.0 gets it first as that's the current stable version and thus what most people are using.
((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

GigaWatt

Than you for the prompt answer ;).
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

petb

Thank you,
i appreciate that very much.

-Rock Lee-

Well, little by little, for several communities, it should be applied, although personally I do not really give much importance. Although it is really appreciated as quickly as possible, this new law was acted upon!


Regards!
¡Regresando como cual Fenix! ~ Bomber Code
Ayudas - Aportes - Tutoriales - Y mucho mas!!!

GravuTrad

Cool news. Thanks for this effort.
On a toujours besoin d'un plus petit que soi! (Petit!Petit!)


Think about Search function before posting.
Pensez à la fonction Recherche avant de poster.

Bigguy

Very nice to hear and should be well appreciated by members. :)

Aleksi "Lex" Kilpinen

Quote from: CoreISP on June 02, 2018, 09:24:21 PM
Quote from: GigaWatt on June 02, 2018, 09:21:00 PM
Will this be included in the Core features section and will it be turned on or off by default?

Good question on the Core features section, I'll ask the devs. :)
It will be turned off by default as we don't want to impose this on everybody, plus if you enable it you have to take extra actions such as populating your Privacy Policy.
As this wasn't yet answered, I'll just mention that it would appear to be the plan for 2.0 to use the Core features section for this. :)
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

GigaWatt

Well, IMO that was also kind of logical, so that's why I asked ;).
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

Arantor

Ugh, not Core Features! It actually is a barrier to entry because people don't know it's there half the time.

(This is why it was removed in 2.1)

Aleksi "Lex" Kilpinen

But in context of 2.0 it is only logical to use it.
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Illori

Quote from: Aleksi "Lex" Kilpinen on June 17, 2018, 05:48:04 AM
But in context of 2.0 it is only logical to use it.

but we dont need to continue to be logical ;) we need to make sure the users can find how to enable the feature and go from there.

Aleksi "Lex" Kilpinen

Granted, that is true as well.
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Arantor

So... don't put it in Core Features, add a new menu to the admin panel called Privacy and put all the things in there.

In context of 2.0, burying stuff in Core Features only guarantees people having to ask where to find it.

vbgamer45

Glad core features is going away that was always odd and agree people never really checked it.
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

landyvlad

Just did a search on GDPR and found this post - great to know that it's being worked on.
"Put as much effort into your question as you'd expect someone to give in an answer"

Please do not PM, IM or Email me with questions on astrophysics or theology.  You will get better and faster responses by asking homeless people in the street. Thank you.

Be the person your dog thinks you are.

wintstar

alberlast has implemented this well for the upcoming version 2.1. The European Data Protection Act stipulates that data protection is displayed even if the website is in maintenance mode or the website can be accessed even if there are system errors. If the forum is in maintenance mode, privacy cannot be displayed. For this, a possibility would have to be given that the data protection in maintenance mode or system error, where the forum is to be called, is given.
Regards Stephan

,,In order for the possible to come into being, the impossible must be attempted again and again."
Hermann Hesse (1877-1962)

My HomepageMy Board - My Atelier

Aleksi "Lex" Kilpinen

Actually no, I really do not think the GDPR requires that, or even could require that. The whole regulation is built on clauses like "unless requiring unproportioned effort or technically impossible"...
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

wintstar

Quote from: Aleksi "Lex" Kilpinen on August 09, 2018, 03:26:50 AM
Actually no, I really do not think the GDPR requires that, or even could require that. The whole regulation is built on clauses like "unless requiring unproportioned effort or technically impossible"...
That is necessary:

Sorry is of german.
https://www.kreativ-web-marketing.com/de/news/meldungen/dsgvo-datenschutz-weisse-webseite.php
Regards Stephan

,,In order for the possible to come into being, the impossible must be attempted again and again."
Hermann Hesse (1877-1962)

My HomepageMy Board - My Atelier

Advertisement: