• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

GDPR and a US hosted site

Last edited:
I am quite the skeptic in regards to these things. Ultimately I believe the GDPR will generate a lot of work for web designers, network engineers, database administrators and lawyers, while doing very little to protect anyone's privacy.
 
lunatic59 said:
I am quite the skeptic in regards to these things. Ultimately I believe the GDPR will generate a lot of work for web designers, network engineers, database administrators and lawyers, while doing very little to protect anyone's privacy.
Click to expand...
My fear is the FUD surrounding it will crush small sites or even deter them from starting. The compliance cost is minor for big companies. But for a small business it could be too big, especially if it doesn't truly apply to them.
 
I'm pretty sure that the popular frameworks like Wordpress, Joomla, Drupal, etc. and forum platforms like Xenforo and vBulletin already have solutions for compliance. It might take an upgrade or a plugin, but as @psionandy stated, it's not that hard. It's just another level of ineffective bureaucracy that your everyday entrepreneur has to me marginally aware of.
 
Some of the big multinationals will follow suit here. It wouldn't pay to keep 2 sets of the same service.

Big marketing will have a fit.

Looks like MS and probably Facebook will comply all over.

http://www.dslreports.com/forum/r31...t-key-GDPR-rights-globally-not-just-in-Europe

We had a similar situation when the Norwegian Browser company Opera sued MS in the EU about users having trouble installing/using Opera. Opera won in the EU.
 
Last edited:
@Rob already did that, although I don't know if that filtered all the way down to changing user names in quoted text. Most of it is probably just changing the site's privacy statement and sending corresponding emails to members that the privacy statement has changed. I know I've got a bucketful of those recently.
 
Usernames are not changed at the moment when a user requests that their account is deleted. I think they should be.. and that is specifically @staz1000 was asking for.

essentially that would anonymize the data,. Many people will/may use the same username on different sites leaving usernames in place along side the posts doesn't do a lot for the user who wants to quit.
 
That's the point where I'm fuzzy on the GDPR, does it require that users have ACCESS to the tools required to remove their personal information? or only the right to request it and have it done within a reasonable time?
 
lunatic59 said:
That's the point where I'm fuzzy on the GDPR, does it require that users have ACCESS to the tools required to remove their personal information? or only the right to request it and have it done within a reasonable time?
Click to expand...

Most of the time the user will not have access to the tools.. (in some cases it may even involve getting paper out of filing cabinets... ) Facebook /Google/Xenforums are providing a user tool simply because its easier and cheaper for them to provide a self service tool.
 
So just for excrement and involuntary humorous response ($h!ts and giggles ;) ) let's say I put in a request at joe's forum and grille for my personal information to be removed. Does the GDPR set a requirement for the maximum time I must wait before Joe is not compliant?
 
The ICO (Information Commissioner's Office) is the regulatory authority in the UK that deals with this for UK companies and individuals... so the following is the advice that they are giving for companies who recieve these requests. They also give advice to individuals who want to make them

The advice below is for companies who are facing a request
https://ico.org.uk/for-organisation...tion-gdpr/individual-rights/right-to-erasure/
-------------------------

How long do we have to comply?
You must act on the subject access request without undue delay and at the latest within one month of receipt.

You should calculate the time limit from the day after you receive the request (whether the day after is a working day or not) until the corresponding calendar date in the next month.

Example

An organisation receives a request on 3 September. The time limit will start from the next day (4 September). This gives the organisation until 4 October to comply with the request.

If this is not possible because the following month is shorter (and there is no corresponding calendar date), the date for response is the last day of the following month.

If the corresponding date falls on a weekend or a public holiday, you have until the next working day to respond.

This means that the exact number of days you have to comply with a request varies, depending on the month in which the request was made.


Can we extend the time for a response?
You can extend the time to respond by a further two months if the request is complex or you have received a number of requests from the individual. You must let the individual know without undue delay and within one month of receiving their request and explain why the extension is necessary.

However, it is the ICO's view that it is unlikely to be reasonable to extend the time limit if:

  • it is manifestly unfounded or excessive;
  • an exemption applies; or
  • you are requesting proof of identity before considering the request.
 
We'll soon be pushing an update to XF that will have improved account delete features. Most noticeable will be the option to set the deleted member's user name to a new user name at the time of delete. I believe it will suggest something such as "Member281"(probably putting them in chronological order starting at Member1 if I had to guess).

Not sure when this will go live but will let you guys know.

We've got to make some other changes to our privacy policy, signup flow, and other things and I'm going to need to think about it in much more detail. Yay! So fun! LOL :(
 
Rob said:
We'll soon be pushing an update to XF that will have improved account delete features. Most noticeable will be the option to set the deleted member's user name to a new user name at the time of delete. I believe it will suggest something such as "Member281"(probably putting them in chronological order starting at Member1 if I had to guess).
Click to expand...

Will that be restricted to Admins, or can Mods do it?
 
Good luck with the budget smart-lights, and possibly other cheapo IoT from China....
export.png

AFAiK Yeelight products are only sold online, and the company has no presence in the EU at all.
 
Last edited:
Hmm this is a very fascinating and what looks like a very important little piece of legislation from what I am trying to gather here.

I like this law / legislation.

Yes there is a possibility it might create another annoying layer of beaurocracy but I believe it will be far more beneficial / positive rather than counter productive.

That scum bag Zuckerberg is most probably coughing and spluttering over this law as it prevents him from stealing everyone's information without their consent and then selling it for profit to advertising companies.

Looks very positive all round.

Very cool :)
 
Whoa... wait a second! Are you saying I have the power now to be fully nuked even if android forums says no to me?

Maybe I can finally have the privacy I crave and give my entire account a real serious full nuke?

I don't want to be known at all any more too many crazy people out there.

I am starting to love privacy more and more these days :)

This law sounds freakin awesome!!!

And preferably a full hard core nuke that leaves nothing behind!

I would absolutely love this if it could be done.

Have I understood this law correctly?
 
You must log in or register to reply here.
Back
Top Bottom