*

Offline AATW

  • *
  • Posts: 6488
    • View Profile
GDPR
« on: May 29, 2018, 01:01:10 PM »
Have you guys done anything about GDPR? Not 100% sure you have to, asking because I run a similar board and am not clear if I need to do something.
Tom: "Claiming incredulity is a pretty bad argument. Calling it "insane" or "ridiculous" is not a good argument at all."

TFES Wiki Occam's Razor page, by Tom: "What's the simplest explanation; that NASA has successfully designed and invented never before seen rocket technologies from scratch which can accelerate 100 tons of matter to an escape velocity of 7 miles per second"

*

Offline xasop

  • Administrator
  • *****
  • Posts: 9776
  • Professional computer somebody
    • View Profile
Re: GDPR
« Reply #1 on: May 29, 2018, 04:24:25 PM »
No, we haven't.

If anyone needs clarification on how we use your data: Your posts go into a database and are then displayed when somebody reads the threads you posted in later.
when you try to mock anyone while also running the flat earth society. Lol

*

Offline Pete Svarrior

  • e
  • Planar Moderator
  • *****
  • Posts: 16073
  • (◕˽ ◕ ✿)
    • View Profile
Re: GDPR
« Reply #2 on: May 29, 2018, 05:14:20 PM »
That's not an ideal answer, but... uh, ultimately not a strictly incriminating one, I guess?

Since you said you're asking to figure out how to act yourself (though in that case I would argue this is a T&I thread, not S&C), I'll briefly elaborate on the things that matter:

First of all, let's consider what personal data a forum like ours collects. The most obvious examples are IP addresses (linked to individual posts) and e-mail addresses. There is also data collected by Google Analytics and actual posts. To be compliant with the GDPR, each of these should be justified with a lawful basis. In our case, those could be:

  • IP addresses: compliance with legal requirements (if for some reason Interpol asked us for Intikam's IP address history, we'd be obliged to comply, and thus we must store it), but also the nebulous legitimate interests clause. A forum like ours needs to be able to employ some measure of restricting abusive users, and IP addresses are a good way of doing that. An individual could object to us storing this data, but they'd have to provide a good reason for their data protection to override our legitimate interest.
  • E-mail address: again, this falls under legitimate interests - bans, password reminders, etc. We have a decent enough reason to store your e-mail address, and while as an individual you can make a case to object, we're not under any immediate threat
  • Google Analytics - we should do a better job at disclosing that Google Analytics is active on the website, but the standards of pseudonymisation used by Google are sufficient to be acceptable under the GDPR, so long as we don't send them any data we shouldn't be passing along. Again, an individual has the right to object, yadda yadda. Once again, we can claim legitimate interest, since this information enables us to better cater our media activity to the demographics that visit us, and our GA setup is fairly minimalist.
  • Posts - the most obvious of legitimate interests. It's the forum's literal purpose. As always, a user can object to their data being stored, but in this instance this would trigger an immediate removal of their account and all associated posts, for obvious reasons.

Ultimately, the thing to remember is that the GDPR is there to protect the user, but not beyond the realms of reason. As long as the data we collect is proportionate and measured to the goals we want to achieve, there is nothing to worry about.

More information about those LI words I keep using: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/legitimate-interests/
« Last Edit: May 29, 2018, 05:22:53 PM by Pete Svarrior »
Read the FAQ before asking your question - chances are we already addressed it.
Follow the Flat Earth Society on Twitter and Facebook!

If we are not speculating then we must assume

*

Offline AATW

  • *
  • Posts: 6488
    • View Profile
Re: GDPR
« Reply #3 on: May 29, 2018, 07:51:11 PM »
No, we haven't.

If anyone needs clarification on how we use your data: Your posts go into a database and are then displayed when somebody reads the threads you posted in later.

Database? Well la-di-daa.
On my board we just write them down and then when someone requests a page we have to type them up again.

Thanks Pete. Tbh, my board is so tiny and under the radar I don't think in practice I need to do anything.
Tom: "Claiming incredulity is a pretty bad argument. Calling it "insane" or "ridiculous" is not a good argument at all."

TFES Wiki Occam's Razor page, by Tom: "What's the simplest explanation; that NASA has successfully designed and invented never before seen rocket technologies from scratch which can accelerate 100 tons of matter to an escape velocity of 7 miles per second"