Advertisement:

Author Topic: About the GDPR  (Read 6192 times)

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 69,274
    • StoryBB/StoryBB on GitHub
Re: About the GDPR
« Reply #20 on: August 09, 2018, 03:47:22 AM »
So if there is a system error that means the privacy policy physically can't be displayed (maintenance mode aside), it's now a GDPR violation. In fact, in almost every single possible circumstance under that, you'd have to display the privacy notice. Even if the site is in hard maintenance where not even admins can log in, you STILL have to display it on almost every webhost ever set up because it still goes into access logs so even though the site isn't accessible, the fact it's been visited at all still counts.

Congratulations, that's the second dumbest thing I've heard yet coming out of the German interpretation of the GDPR, the first being that if patients request their healthcare data to be deleted under RTBF, electronic records must be deleted, while the paper copies (that are fundamentally incomplete, if say, you have cancer where you'll have CTs and treatment plans and all that stuff as 95% of that won't ever make it to paper and even if it did, it wouldn't be especially useful anyway) must be kept for 30 years.

Fortunately the ICO is not quite so asinine about any of this. It's getting increasingly less worth the effort to run a website the way this is going.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Online Aleksi "Lex" Kilpinen

  • A Peculiar Finn
  • Lead Support Specialist
  • SMF Super Hero
  • *
  • Posts: 17,374
  • Gender: Male
  • Don't worry, I'm n00b friendly
    • Aleksi.Kilpinen on Facebook
    • aleksi-kilpinen on LinkedIn
Re: About the GDPR
« Reply #21 on: August 09, 2018, 03:50:35 AM »
I still think that must be a misunderstanding, or very very poor local implementation because no such requirement can be seen in the actual GDPR.

EDIT:

As far as I know, this is THE point in GDPR that has been interpreted as the need of a privacy policy available:

Quote
The controller shall take appropriate measures to provide any information referred to in Articles 13 and 14 and any communication under Articles 15 to 22 and 34 relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child. The information shall be provided in writing, or by other means, including, where appropriate, by electronic means. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.

In my understanding, appropriate measures does not mean it has to be available at all cost at all times, it simply means to make it public and clear where you can obtain the information if needed.

Article 13 in itself will not come in to play, if the server is down - because no information is then collected, and the user does not have to be informed of that.
« Last Edit: August 09, 2018, 04:04:07 AM by Aleksi "Lex" Kilpinen »
A Finnish Support Specialist
 Happily running multiple SMF 2.0 installations.

How you can help SMF

"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum.
 Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

Offline wintstar

  • Jr. Member
  • **
  • Posts: 116
  • Carpe diem!
    • wintstar on GitHub
    • SF Webdesign
Re: About the GDPR
« Reply #22 on: August 09, 2018, 04:18:10 AM »
...
Congratulations, that's the second dumbest thing I've heard yet coming out of the German interpretation of the GDPR, the first being that if patients request their healthcare data to be deleted under RTBF, electronic records must be deleted, while the paper copies (that are fundamentally incomplete, if say, you have cancer where you'll have CTs and treatment plans and all that stuff as 95% of that won't ever make it to paper and even if it did, it wouldn't be especially useful anyway) must be kept for 30 years.

Fortunately the ICO is not quite so asinine about any of this. It's getting increasingly less worth the effort to run a website the way this is going.
That's not German, that's European crap. And I also see it in such a way, that it is not worthwhile itself in Europe slowly privately a web page to operate.
This DSGVO is actually made to bring even more members to the social networks. The private websites will be broken. But that's not the topic here. The laws are made, then you should also see to implement them as far as possible. alberlast has already solved it.

Online Aleksi "Lex" Kilpinen

  • A Peculiar Finn
  • Lead Support Specialist
  • SMF Super Hero
  • *
  • Posts: 17,374
  • Gender: Male
  • Don't worry, I'm n00b friendly
    • Aleksi.Kilpinen on Facebook
    • aleksi-kilpinen on LinkedIn
Re: About the GDPR
« Reply #23 on: August 09, 2018, 04:32:36 AM »
The actual GDPR is EU crap, but each country will have to write it in their own legislation, so if german legislation says what you say it does, then that is german crap, not EU crap, sorry.
A Finnish Support Specialist
 Happily running multiple SMF 2.0 installations.

How you can help SMF

"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum.
 Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 69,274
    • StoryBB/StoryBB on GitHub
Re: About the GDPR
« Reply #24 on: August 09, 2018, 04:43:34 AM »
I have done this, I have spoken at great lengths with the ICO, the U.K. equivalent. And they are not so asinine about it.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Online Aleksi "Lex" Kilpinen

  • A Peculiar Finn
  • Lead Support Specialist
  • SMF Super Hero
  • *
  • Posts: 17,374
  • Gender: Male
  • Don't worry, I'm n00b friendly
    • Aleksi.Kilpinen on Facebook
    • aleksi-kilpinen on LinkedIn
Re: About the GDPR
« Reply #25 on: August 09, 2018, 04:47:51 AM »
So far I have yet to see a very extreme approach to this in Finland too, so far the local interpretation seems almost reasonable.
A Finnish Support Specialist
 Happily running multiple SMF 2.0 installations.

How you can help SMF

"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum.
 Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

Offline feline

  • SMF Hero
  • ******
  • Posts: 1,638
  • Gender: Female
Re: About the GDPR
« Reply #26 on: August 09, 2018, 07:18:10 AM »
If the Forum in "Maintenace Modus" not Userdate is Handled or Saved, because he can simple not login.
So I think, this can simple ignored ...

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 69,274
    • StoryBB/StoryBB on GitHub
Re: About the GDPR
« Reply #27 on: August 09, 2018, 08:00:51 AM »
The user still gets entered into the access log and therefore apparently all the privacy notices have to be shown.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline feline

  • SMF Hero
  • ******
  • Posts: 1,638
  • Gender: Female
Re: About the GDPR
« Reply #28 on: August 09, 2018, 08:41:07 AM »
The user still gets entered into the access log and therefore apparently all the privacy notices have to be shown.
Well .. I just have implemented this feature ...
It's very simple to handle that  ;)

In the index.php just before this
Code: [Select]
return 'InMaintenance';
check if the request the impressum or the gdpr policy  ;)

Easy to handle that ..