gdpr and fora

Subjects that don't have their own home
Post Reply
User avatar
ed
retired
Posts: 5384
Joined: Thu Jun 21, 2007 4:01 pm
Location: yorkshire
Contact:

#1 gdpr and fora

Post by ed »

I was recently asked a question which caused much head scratching...

from some background on the internet it seems that if a poster can be identified directly or indirectly through a history of posts then it may fall in the jurisdiction of the gdpr. If so, if a poster wishes to leave a forum then all content and data relating to that poster may need expunging.....

I hope I've misunderstood this...

these are strange times we live in.
There's nowhere you can be that isn't where you're meant to be
User avatar
Nick
Site Admin
Posts: 15707
Joined: Sun May 06, 2007 10:20 am
Location: West Yorkshire

#2 Re: gdpr and fora

Post by Nick »

The right to deletion is not as simple as that, there are a number of reasons why information may be retained, some of those may well be applicable to forums.
Whenever an honest man discovers that he's mistaken, he will either cease to be mistaken or he will cease to be honest.
User avatar
jack
Thermionic Monk Status
Posts: 5493
Joined: Wed Dec 29, 2010 8:58 pm
Location: ɐılɐɹʇsnɐ oʇ ƃuıʌoɯ ƃuıɹǝpısuoɔ
Contact:

#3 Re: gdpr and fora

Post by jack »

Indeed, it's extremely complex and far from clear.

There are many self proclaimed experts who don't really have a clue and who are generally wrong. The regulations are subtle and full of detail.

The UK Information Commisionair's Office has a great document highlighting the key aspects of GDPR and how they might apply to you together with action checklists.

The main guide is at:
https://ico.org.uk/for-organisations/gu ... tion-gdpr/ (downloadable as a PDF)

A self-assessment is at:
https://ico.org.uk/for-organisations/re ... ssessment/
Vivitur ingenio, caetera mortis erunt
User avatar
jack
Thermionic Monk Status
Posts: 5493
Joined: Wed Dec 29, 2010 8:58 pm
Location: ɐılɐɹʇsnɐ oʇ ƃuıʌoɯ ƃuıɹǝpısuoɔ
Contact:

#4 Re: gdpr and fora

Post by jack »

I should point out that information you publish in a forum about yourself, or derived from information you publish, is almost certainly not in scope.

The essence of GDPR's personal data requirements are to do with privacy surrounding PII collected by businesses as part of their commercial activitues, and how that data is handled. If you make your PII public, even in a closed forum, it's your problem, not the owner of the forum. There are many subtleties here and I'm not a lawyer, but I have recently spent a lot of time with lawyers over our own GDPR status, so it's an area I'm close to.

My opinion is worth exactly what you have just paid for it :)
Vivitur ingenio, caetera mortis erunt
User avatar
Nick
Site Admin
Posts: 15707
Joined: Sun May 06, 2007 10:20 am
Location: West Yorkshire

#5 Re: gdpr and fora

Post by Nick »

Yep, a good example is if you are in the crowd at a public event and someone takes a picture with you in it, then you have no control over that image of yourself.
Indeed, it's extremely complex and far from clear.
Yep, but I agree that the docs on the ICO website are the best source of clarity, avoid anyone trying to sell you consultancy on the subject.

Compared to PCIDSS GDPR is a gem of clarity.
Whenever an honest man discovers that he's mistaken, he will either cease to be mistaken or he will cease to be honest.
User avatar
ed
retired
Posts: 5384
Joined: Thu Jun 21, 2007 4:01 pm
Location: yorkshire
Contact:

#6 Re: gdpr and fora

Post by ed »

jack wrote: Tue Jun 12, 2018 3:12 am The essence of GDPR's personal data requirements are to do with privacy surrounding PII collected by businesses as part of their commercial activitues, and how that data is handled.
I'm pretty sure it's not just commercial...it looks like any kind of activity, that includes non profit making and charities....

wish I hadn't mentioned it now....what a minefield.
There's nowhere you can be that isn't where you're meant to be
User avatar
ed
retired
Posts: 5384
Joined: Thu Jun 21, 2007 4:01 pm
Location: yorkshire
Contact:

#7 Re: gdpr and fora

Post by ed »

jack wrote: Tue Jun 12, 2018 3:12 am
My opinion is worth exactly what you have just paid for it :)
in that case, I want my money back.
There's nowhere you can be that isn't where you're meant to be
User avatar
Nick
Site Admin
Posts: 15707
Joined: Sun May 06, 2007 10:20 am
Location: West Yorkshire

#8 Re: gdpr and fora

Post by Nick »

I'm pretty sure it's not just commercial...it looks like any kind of activity, that includes non profit making and charities....
Yep, though that doesn't alter what Jack said. The ICO is the best and least excited source of info.
Whenever an honest man discovers that he's mistaken, he will either cease to be mistaken or he will cease to be honest.
User avatar
Nick
Site Admin
Posts: 15707
Joined: Sun May 06, 2007 10:20 am
Location: West Yorkshire

#9 Re: gdpr and fora

Post by Nick »

ed wrote: Tue Jun 12, 2018 9:37 am
jack wrote: Tue Jun 12, 2018 3:12 am
My opinion is worth exactly what you have just paid for it :)
in that case, I want my money back.
Just send me your bank account details, card PIN number and Mothers maiden name and I will refund it all to you.
Whenever an honest man discovers that he's mistaken, he will either cease to be mistaken or he will cease to be honest.
User avatar
jack
Thermionic Monk Status
Posts: 5493
Joined: Wed Dec 29, 2010 8:58 pm
Location: ɐılɐɹʇsnɐ oʇ ƃuıʌoɯ ƃuıɹǝpısuoɔ
Contact:

#10 Re: gdpr and fora

Post by jack »

Nick wrote: Tue Jun 12, 2018 10:06 am
ed wrote: Tue Jun 12, 2018 9:37 am
jack wrote: Tue Jun 12, 2018 3:12 am
My opinion is worth exactly what you have just paid for it :)
in that case, I want my money back.
Just send me your bank account details, card PIN number and Mothers maiden name and I will refund it all to you.
Well, that certainly counts as PII, so I'm reporting you to the ICO... 8)
Vivitur ingenio, caetera mortis erunt
Post Reply