Topic: FAO: r04r
Anonymous A started this discussion 8 years ago #76,204
Is Minichae GDPR compliant?
Anonymous B joined in and replied with this 8 years ago, 6 minutes later[^] [v] #896,781
You mean like Matts out of proportion head, in the Rolls Photoshop?
Anonymous A (OP) replied with this 8 years ago, 43 minutes later, 49 minutes after the original post[^] [v] #896,788
Anonymous C joined in and replied with this 8 years ago, 13 minutes later, 1 hour after the original post[^] [v] #896,790
@OPenisAnonymous D joined in and replied with this 8 years ago, 4 hours later, 5 hours after the original post[^] [v] #896,830
Anonymous A (OP) replied with this 8 years ago, 6 minutes later, 5 hours after the original post[^] [v] #896,833
Anonymous E joined in and replied with this 8 years ago, 16 minutes later, 5 hours after the original post[^] [v] #896,847
What does FAO mean?
Anonymous A (OP) replied with this 8 years ago, 1 minute later, 6 hours after the original post[^] [v] #896,849
@previous (E)
Fetish for Autistic Organisms, it's the name of a secretive sex community. This topic is, in fact, two topics!
Fetish for Autistic Organisms, it's the name of a secretive sex community. This topic is, in fact, two topics!
Omen !!gg89Kgn2v joined in and replied with this 8 years ago, 34 seconds later, 6 hours after the original post[^] [v] #896,850
Anonymous A (OP) replied with this 8 years ago, 1 day later, 1 day after the original post[^] [v] #897,193
Bump
tteh !MemesToDNA joined in and replied with this 8 years ago, 2 hours later, 1 day after the original post[^] [v] #897,197
We talked about this a few months ago and more recently. There's not really anything for us to comply with. You can already view the only real data we hold about you (post history), and you've always been able to request specific posts be removed (with a valid reason).Anonymous A (OP) replied with this 8 years ago, 54 minutes later, 1 day after the original post[^] [v] #897,205
Anonymous A (OP) double-posted this 8 years ago, 4 minutes later, 1 day after the original post[^] [v] #897,208
idk you know more than me (probably()
(Edited 12 seconds later.)
tteh !MemesToDNA replied with this 8 years ago, 4 hours later, 1 day after the original post[^] [v] #897,221
@897,205 (A)
Regarding consent for storing the posts a user submits, the GDPR does accept implicit consent as part of a "clear, affirmative action":
Regarding consent for storing the posts a user submits, the GDPR does accept implicit consent as part of a "clear, affirmative action":
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. (Source.)
Submitting a post to a forum is consenting to that information being processed and stored for the purpose of displaying it. The ICO's GDPR consent guidance has a relevant example:The idea of an affirmative act does still leave room for implied consent in some circumstances, particularly in more informal offline situations. The key issue is that there must be a positive action that makes it clear someone is agreeing to the use of their information for a specific and obvious purpose. However, this type of implied consent would not extend beyond what was obvious and necessary. Example An individual submits an online survey about their eating habits. By submitting the form they are clearly indicating consent to process their data for the purposes of the survey itself. (Source.)
Regarding consent for IP addresses, consent isn't necessary for the way we handle them. The GDPR says:Processing shall be lawful only if and to the extent that at least one of the following applies: ... (f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
And in Recital 49:The processing of personal data to the extent strictly necessary and proportionate for the purposes of ensuring network and information security [...] by providers of electronic communications networks [...] constitutes a legitimate interest of the data controller concerned. This could, for example, include preventing unauthorised access to electronic communications networks and malicious code distribution and stopping ‘denial of service’ attacks and damage to computer and electronic communication systems. (Source.)
Regarding cookies, we do need to implement a cookie notification with an explicit yes/no option. The GDPR requires the ability to 'opt-out' even after accepting cookies, too, and while we do sort of have this ability with the Drop ID function, that could be improved.tteh !MemesToDNA double-posted this 8 years ago, 3 minutes later, 1 day after the original post[^] [v] #897,222
@897,208 (A)
I've had to look into it quite extensively for various reasons, so I do know a fair bit. Mostly I just know where to find the relevant parts!
I've had to look into it quite extensively for various reasons, so I do know a fair bit. Mostly I just know where to find the relevant parts!
Anonymous A (OP) replied with this 8 years ago, 29 minutes later, 2 days after the original post[^] [v] #897,227
@897,221 (tteh !MemesToDNA)
I meant for like cookie identifiers which I thought uids were but still interesting reply thanks
I meant for like cookie identifiers which I thought uids were but still interesting reply thanks
Anonymous B replied with this 8 years ago, 13 minutes later, 2 days after the original post[^] [v] #897,230
@previous (A)
You can simply block all cookies. Each browser Chrome, Firefox etc, have a privacy feature, so you have the choice to not accept a cookie.
On MC - TC if you do this do not expect voting privileges in polls.
You can simply block all cookies. Each browser Chrome, Firefox etc, have a privacy feature, so you have the choice to not accept a cookie.
On MC - TC if you do this do not expect voting privileges in polls.
Anonymous A (OP) replied with this 8 years ago, 39 minutes later, 2 days after the original post[^] [v] #897,232
tteh !MemesToDNA replied with this 8 years ago, 12 minutes later, 2 days after the original post[^] [v] #897,238
Syntax replied with this 8 years ago, 1 minute later, 2 days after the original post[^] [v] #897,239
@897,232 (A)Ur of course mistraken - That said, I did research GDPR with a fast skim and found a word Mark Twain wood enjoy
Pseudonymization
Pseudonymization is a data management and de-identification procedure by which personally identifiable information fields within a data record are replaced by one or more artificial identifiers, or pseudonyms. A single pseudonym for each replaced field or collection of replaced fields makes the data record less identifiable while remaining suitable for data analysis and data processing.
The European Union's new General Data Protection Regulation demands that stored data on people within the EU undergo either pseudonymization or complete data anonymization. Pseudonymized data can be restored to its original state with the addition of information which then allows individuals to be re-identified, while anonymized data can never be restored to its original state.
Data fields
The European Union's new General Data Protection Regulation demands that stored data on people within the EU undergo either pseudonymization or complete data anonymization. Pseudonymized data can be restored to its original state with the addition of information which then allows individuals to be re-identified, while anonymized data can never be restored to its original state.
Data fields
Anonymous A (OP) replied with this 8 years ago, 7 minutes later, 2 days after the original post[^] [v] #897,242
@897,238 (tteh !MemesToDNA)
I suggest a purge ID option which works like a self-ionization for the opt out
I suggest a purge ID option which works like a self-ionization for the opt out
tteh !MemesToDNA replied with this 8 years ago, 4 minutes later, 2 days after the original post[^] [v] #897,245
@previous (A)
Do you mean something that would erase the user's posts? Or just remove all cookies from their browser? The former seems rather heavy-handed, and the latter already exists (/drop_ID).
Do you mean something that would erase the user's posts? Or just remove all cookies from their browser? The former seems rather heavy-handed, and the latter already exists (/drop_ID).
Anonymous A (OP) replied with this 8 years ago, 59 minutes later, 2 days after the original post[^] [v] #897,266
@previous (tteh !MemesToDNA)
Yeah a full erase, might be easier to have it so you can automate the article 17 compliance structure rather than making mods do it and it would probably be similar to currently existing functionality(?)
Yeah a full erase, might be easier to have it so you can automate the article 17 compliance structure rather than making mods do it and it would probably be similar to currently existing functionality(?)
tteh !MemesToDNA replied with this 8 years ago, 14 minutes later, 2 days after the original post[^] [v] #897,269
@previous (A)
As far the GDPR is concerned, as I understand, user generated content containing no personally identifiable information (i.e. 99.9% of Minichan posts) isn't covered by the right to erasure. Plus, if the data is anonymised, then there's no obligation to remove even personal data. Far easier for Minichan to just manually remove IPs associated with UIDs, remove the username from their posts, and ban the UIDs indefinitely, I think. Allowing users to remove all of their posts is probably not a good thing for an online forum, especially allowing that process to be automatically performed.
Also I think the ionise feature is absent from TinyBBS, now, but deleting a UID's posts is obviously just a few SQL commands.
As far the GDPR is concerned, as I understand, user generated content containing no personally identifiable information (i.e. 99.9% of Minichan posts) isn't covered by the right to erasure. Plus, if the data is anonymised, then there's no obligation to remove even personal data. Far easier for Minichan to just manually remove IPs associated with UIDs, remove the username from their posts, and ban the UIDs indefinitely, I think. Allowing users to remove all of their posts is probably not a good thing for an online forum, especially allowing that process to be automatically performed.
Also I think the ionise feature is absent from TinyBBS, now, but deleting a UID's posts is obviously just a few SQL commands.
(Edited 2 minutes later.)
r04r joined in and replied with this 8 years ago, 58 seconds later, 2 days after the original post[^] [v] #897,270
@897,242 (A)
People are welcome to email [email protected] for any special requests. The discussion can go from there. These measures do not need to be automated.
People are welcome to email [email protected] for any special requests. The discussion can go from there. These measures do not need to be automated.