I was recently asked a question which caused much head scratching...
from some background on the internet it seems that if a poster can be identified directly or indirectly through a history of posts then it may fall in the jurisdiction of the gdpr. If so, if a poster wishes to leave a forum then all content and data relating to that poster may need expunging.....
I hope I've misunderstood this...
these are strange times we live in.
gdpr and fora
#1 gdpr and fora
There's nowhere you can be that isn't where you're meant to be
#2 Re: gdpr and fora
The right to deletion is not as simple as that, there are a number of reasons why information may be retained, some of those may well be applicable to forums.
Whenever an honest man discovers that he's mistaken, he will either cease to be mistaken or he will cease to be honest.
- jack
- Thermionic Monk Status
- Posts: 5504
- Joined: Wed Dec 29, 2010 8:58 pm
- Location: ɐılɐɹʇsnɐ oʇ ƃuıʌoɯ ƃuıɹǝpısuoɔ
- Contact:
#3 Re: gdpr and fora
Indeed, it's extremely complex and far from clear.
There are many self proclaimed experts who don't really have a clue and who are generally wrong. The regulations are subtle and full of detail.
The UK Information Commisionair's Office has a great document highlighting the key aspects of GDPR and how they might apply to you together with action checklists.
The main guide is at:
https://ico.org.uk/for-organisations/gu ... tion-gdpr/ (downloadable as a PDF)
A self-assessment is at:
https://ico.org.uk/for-organisations/re ... ssessment/
There are many self proclaimed experts who don't really have a clue and who are generally wrong. The regulations are subtle and full of detail.
The UK Information Commisionair's Office has a great document highlighting the key aspects of GDPR and how they might apply to you together with action checklists.
The main guide is at:
https://ico.org.uk/for-organisations/gu ... tion-gdpr/ (downloadable as a PDF)
A self-assessment is at:
https://ico.org.uk/for-organisations/re ... ssessment/
Vivitur ingenio, caetera mortis erunt
- jack
- Thermionic Monk Status
- Posts: 5504
- Joined: Wed Dec 29, 2010 8:58 pm
- Location: ɐılɐɹʇsnɐ oʇ ƃuıʌoɯ ƃuıɹǝpısuoɔ
- Contact:
#4 Re: gdpr and fora
I should point out that information you publish in a forum about yourself, or derived from information you publish, is almost certainly not in scope.
The essence of GDPR's personal data requirements are to do with privacy surrounding PII collected by businesses as part of their commercial activitues, and how that data is handled. If you make your PII public, even in a closed forum, it's your problem, not the owner of the forum. There are many subtleties here and I'm not a lawyer, but I have recently spent a lot of time with lawyers over our own GDPR status, so it's an area I'm close to.
My opinion is worth exactly what you have just paid for it
The essence of GDPR's personal data requirements are to do with privacy surrounding PII collected by businesses as part of their commercial activitues, and how that data is handled. If you make your PII public, even in a closed forum, it's your problem, not the owner of the forum. There are many subtleties here and I'm not a lawyer, but I have recently spent a lot of time with lawyers over our own GDPR status, so it's an area I'm close to.
My opinion is worth exactly what you have just paid for it
Vivitur ingenio, caetera mortis erunt
#5 Re: gdpr and fora
Yep, a good example is if you are in the crowd at a public event and someone takes a picture with you in it, then you have no control over that image of yourself.
Compared to PCIDSS GDPR is a gem of clarity.
Yep, but I agree that the docs on the ICO website are the best source of clarity, avoid anyone trying to sell you consultancy on the subject.Indeed, it's extremely complex and far from clear.
Compared to PCIDSS GDPR is a gem of clarity.
Whenever an honest man discovers that he's mistaken, he will either cease to be mistaken or he will cease to be honest.
#6 Re: gdpr and fora
I'm pretty sure it's not just commercial...it looks like any kind of activity, that includes non profit making and charities....
wish I hadn't mentioned it now....what a minefield.
There's nowhere you can be that isn't where you're meant to be
#7 Re: gdpr and fora
in that case, I want my money back.
There's nowhere you can be that isn't where you're meant to be
#8 Re: gdpr and fora
Yep, though that doesn't alter what Jack said. The ICO is the best and least excited source of info.I'm pretty sure it's not just commercial...it looks like any kind of activity, that includes non profit making and charities....
Whenever an honest man discovers that he's mistaken, he will either cease to be mistaken or he will cease to be honest.
#9 Re: gdpr and fora
Just send me your bank account details, card PIN number and Mothers maiden name and I will refund it all to you.
Whenever an honest man discovers that he's mistaken, he will either cease to be mistaken or he will cease to be honest.
- jack
- Thermionic Monk Status
- Posts: 5504
- Joined: Wed Dec 29, 2010 8:58 pm
- Location: ɐılɐɹʇsnɐ oʇ ƃuıʌoɯ ƃuıɹǝpısuoɔ
- Contact:
#10 Re: gdpr and fora
Well, that certainly counts as PII, so I'm reporting you to the ICO...
Vivitur ingenio, caetera mortis erunt