gdpr and fora

Subjects that don't have their own home
Post Reply
User avatar
ed
retired
Posts: 3617
Joined: Thu Jun 21, 2007 4:01 pm
Location: yorkshire
Contact:

gdpr and fora

Post by ed » Mon Jun 11, 2018 11:25 am

I was recently asked a question which caused much head scratching...

from some background on the internet it seems that if a poster can be identified directly or indirectly through a history of posts then it may fall in the jurisdiction of the gdpr. If so, if a poster wishes to leave a forum then all content and data relating to that poster may need expunging.....

I hope I've misunderstood this...

these are strange times we live in.
There's nowhere you can be that isn't where you're meant to be

User avatar
Nick
Site Admin
Posts: 11304
Joined: Sun May 06, 2007 10:20 am
Location: West Yorkshire

Re: gdpr and fora

Post by Nick » Mon Jun 11, 2018 12:54 pm

The right to deletion is not as simple as that, there are a number of reasons why information may be retained, some of those may well be applicable to forums.
Resistance isn't futile it's V / I.

User avatar
jack
Shed dweller
Posts: 2867
Joined: Wed Dec 29, 2010 8:58 pm
Location: Somewhere getting hotter with no possibility of rain.
Contact:

Re: gdpr and fora

Post by jack » Mon Jun 11, 2018 10:47 pm

Indeed, it's extremely complex and far from clear.

There are many self proclaimed experts who don't really have a clue and who are generally wrong. The regulations are subtle and full of detail.

The UK Information Commisionair's Office has a great document highlighting the key aspects of GDPR and how they might apply to you together with action checklists.

The main guide is at:
https://ico.org.uk/for-organisations/gu ... tion-gdpr/ (downloadable as a PDF)

A self-assessment is at:
https://ico.org.uk/for-organisations/re ... ssessment/

User avatar
jack
Shed dweller
Posts: 2867
Joined: Wed Dec 29, 2010 8:58 pm
Location: Somewhere getting hotter with no possibility of rain.
Contact:

Re: gdpr and fora

Post by jack » Tue Jun 12, 2018 3:12 am

I should point out that information you publish in a forum about yourself, or derived from information you publish, is almost certainly not in scope.

The essence of GDPR's personal data requirements are to do with privacy surrounding PII collected by businesses as part of their commercial activitues, and how that data is handled. If you make your PII public, even in a closed forum, it's your problem, not the owner of the forum. There are many subtleties here and I'm not a lawyer, but I have recently spent a lot of time with lawyers over our own GDPR status, so it's an area I'm close to.

My opinion is worth exactly what you have just paid for it :)

User avatar
Nick
Site Admin
Posts: 11304
Joined: Sun May 06, 2007 10:20 am
Location: West Yorkshire

Re: gdpr and fora

Post by Nick » Tue Jun 12, 2018 8:46 am

Yep, a good example is if you are in the crowd at a public event and someone takes a picture with you in it, then you have no control over that image of yourself.
Indeed, it's extremely complex and far from clear.
Yep, but I agree that the docs on the ICO website are the best source of clarity, avoid anyone trying to sell you consultancy on the subject.

Compared to PCIDSS GDPR is a gem of clarity.
Resistance isn't futile it's V / I.

User avatar
ed
retired
Posts: 3617
Joined: Thu Jun 21, 2007 4:01 pm
Location: yorkshire
Contact:

Re: gdpr and fora

Post by ed » Tue Jun 12, 2018 9:34 am

jack wrote:
Tue Jun 12, 2018 3:12 am
The essence of GDPR's personal data requirements are to do with privacy surrounding PII collected by businesses as part of their commercial activitues, and how that data is handled.
I'm pretty sure it's not just commercial...it looks like any kind of activity, that includes non profit making and charities....

wish I hadn't mentioned it now....what a minefield.
There's nowhere you can be that isn't where you're meant to be

User avatar
ed
retired
Posts: 3617
Joined: Thu Jun 21, 2007 4:01 pm
Location: yorkshire
Contact:

Re: gdpr and fora

Post by ed » Tue Jun 12, 2018 9:37 am

jack wrote:
Tue Jun 12, 2018 3:12 am

My opinion is worth exactly what you have just paid for it :)
in that case, I want my money back.
There's nowhere you can be that isn't where you're meant to be

User avatar
Nick
Site Admin
Posts: 11304
Joined: Sun May 06, 2007 10:20 am
Location: West Yorkshire

Re: gdpr and fora

Post by Nick » Tue Jun 12, 2018 10:04 am

I'm pretty sure it's not just commercial...it looks like any kind of activity, that includes non profit making and charities....
Yep, though that doesn't alter what Jack said. The ICO is the best and least excited source of info.
Resistance isn't futile it's V / I.

User avatar
Nick
Site Admin
Posts: 11304
Joined: Sun May 06, 2007 10:20 am
Location: West Yorkshire

Re: gdpr and fora

Post by Nick » Tue Jun 12, 2018 10:06 am

ed wrote:
Tue Jun 12, 2018 9:37 am
jack wrote:
Tue Jun 12, 2018 3:12 am

My opinion is worth exactly what you have just paid for it :)
in that case, I want my money back.
Just send me your bank account details, card PIN number and Mothers maiden name and I will refund it all to you.
Resistance isn't futile it's V / I.

User avatar
jack
Shed dweller
Posts: 2867
Joined: Wed Dec 29, 2010 8:58 pm
Location: Somewhere getting hotter with no possibility of rain.
Contact:

Re: gdpr and fora

Post by jack » Tue Jun 12, 2018 11:30 am

Nick wrote:
Tue Jun 12, 2018 10:06 am
ed wrote:
Tue Jun 12, 2018 9:37 am
jack wrote:
Tue Jun 12, 2018 3:12 am

My opinion is worth exactly what you have just paid for it :)
in that case, I want my money back.
Just send me your bank account details, card PIN number and Mothers maiden name and I will refund it all to you.
Well, that certainly counts as PII, so I'm reporting you to the ICO... 8)

Post Reply