GDPR question : What will change here after May 29th, 2018?

GDPR question : What will change here after May 29th, 2018?

Author
Discussion

Benni

Original Poster:

3,510 posts

210 months

Tuesday 24th April 2018
quotequote all
Hello Admins,

On may 28th, the EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years.

https://www.eugdpr.org/

What are the consequences for PH forum users and private car advertisers ?

I have read in some german car & bike forums that they face the danger of switching off, in fear of lawsuits.

mmm-five

11,227 posts

283 months

Tuesday 24th April 2018
quotequote all
I'm guessing PH will comply with regulations in the same timeframe as they have for other regulations...


...so expect compliance sometime after the second coming of Christ!

evil len

4,398 posts

268 months

Tuesday 24th April 2018
quotequote all
25th May.

BlackLabel

13,251 posts

122 months

Thursday 26th April 2018
quotequote all
mmm-five said:
I'm guessing PH will comply with regulations in the same timeframe as they have for other regulations...


...so expect compliance sometime after the second coming of Christ!
hehe

evil len

4,398 posts

268 months

Thursday 26th April 2018
quotequote all
On May 26th, perform a Data Subject Access Request ... and see if they do it within 1 month smile

Sparkyhd

1,792 posts

94 months

Thursday 26th April 2018
quotequote all
Users will have the right to delete their account, a feature conspicuously missing.

Vaud

50,291 posts

154 months

Friday 27th April 2018
quotequote all
Sparkyhd said:
Users will have the right to delete their account, a feature conspicuously missing.
Is forum content "personal data"?

Sparkyhd

1,792 posts

94 months

Friday 27th April 2018
quotequote all
Vaud said:
Sparkyhd said:
Users will have the right to delete their account, a feature conspicuously missing.
Is forum content "personal data"?
My account details are personal data and I can't delete my account.

Google can now be forced to delete searches. I see no difference in asking to remove prior comments.

anonymous-user

53 months

Friday 27th April 2018
quotequote all
Sparkyhd said:
Users will have the right to delete their account, a feature conspicuously missing.
Does that have to be done through a "feature" though? Or can they simply allow you to email them and request deletion which if they do so is then compliant?

Vaud

50,291 posts

154 months

Friday 27th April 2018
quotequote all
Sparkyhd said:
My account details are personal data and I can't delete my account.

Google can now be forced to delete searches. I see no difference in asking to remove prior comments.
«The GDPR applies to 'personal data' meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.»

If they deleted your email/phone/etc attached to the account then they would be compliant IIRC.

Reference: I am not an specialist.

Don1

15,936 posts

207 months

Saturday 28th April 2018
quotequote all
Whilst I am not an expert.... it is part of my world.

Personal data is being defined as anything that can realistically be linked to an individual. That can include email addresses, IPs and the like.

The really interesting part for this is going to be forum names. Some people have names derived from their actual name and have their digital life as the same persona on the areas of the web they frequent. In the profiles people put their names, contact details and the like.

This for me would put PH very squarely in the cross-hairs of GDPR. I would imagine there is going to be a hastily rushed out change in terms and conditions, with some actual dev work to be done (I know, right????), to allow a much better way to remove or update data.

Now if Haymarket are actually going to admit that they are data processors as well as holders (with the advertising crap), we might be getting somewhere....

Vaud

50,291 posts

154 months

Saturday 28th April 2018
quotequote all
Don1 said:
Personal data is being defined as anything that can realistically be linked to an individual. That can include email addresses, IPs and the like.

The really interesting part for this is going to be forum names. Some people have names derived from their actual name and have their digital life as the same persona on the areas of the web they frequent. In the profiles people put their names, contact details and the like.
As I understand it, the identifiable to an individual is the key.

Benni

Original Poster:

3,510 posts

210 months

Tuesday 22nd May 2018
quotequote all
It seems Haymarket has done what is neccessary to keep all services running,
there is a cookie notice on top of the page which leads to an update from May 15th :
http://www.haymarket.com/privacy-policy/#heading-1...

I hope all involved have done their GDPR homework, thanks to the staff !

AndrewEH1

4,917 posts

152 months

Wednesday 23rd May 2018
quotequote all
Benni said:
It seems Haymarket has done what is neccessary to keep all services running,
there is a cookie notice on top of the page which leads to an update from May 15th :
http://www.haymarket.com/privacy-policy/#heading-1...

I hope all involved have done their GDPR homework, thanks to the staff !
TBH I don't think they have compared to other websites that hold user information.

In the past few months I've been bombarded from other websites regarding GDPR and telling me they've either updated their policies or have asked if I want to continue getting their emails.

Not a peep from Pistonheads/Haymarket apart from the usual 'newsletters'

evil len

4,398 posts

268 months

Wednesday 23rd May 2018
quotequote all
They are relying on legitimate interests for marketing. Highly dodgy ground ...

fakenews

452 posts

76 months

Wednesday 23rd May 2018
quotequote all
DELETED: Comment made by a member who's account has been deleted.
But given you advise on GDPR you should be aware of this:

ICO said:
The GDPR does not replace PECR, although it changes the underlying definition of consent. Existing PECR rules continue to apply, but using the new GDPR standard of consent.
We've been advised (employer has large legal team, many advisors etc) that our cookies (except Strictly Necessary ones, e.g. for a website to function) need to be opt-in. That means a cookie (like those for Google Analytics and even the delivery of non-personalised ads) isn't dropped until the user clicks accept or configures them to suit their journey (during which they can change their preferences at any time).

Fortunately there are tools to deal with this (that manage opt-in and prevent the cookie from dropping until consent is given):

https://cookieconsent.insites.com/download/
https://wordpress.org/plugins/gdpr-cookie-complian... (for WordPress CMS)

miniman

24,827 posts

261 months

Wednesday 23rd May 2018
quotequote all
evil len said:
They are relying on legitimate interests for marketing. Highly dodgy ground ...
Third party marketing at that.

fakenews

452 posts

76 months

Wednesday 23rd May 2018
quotequote all
DELETED: Comment made by a member who's account has been deleted.
You're sadly wrong on PECR. GDPR has given PECR teeth where previously it had none (hence the common lack of notices previously).

DELETED: Comment made by a member who's account has been deleted.
DELETED: Comment made by a member who's account has been deleted.
This is also incorrect. Cookie notices can no longer be just notices. Under GDPR you now need to consider the user and their consent. Cookies should be opt-in not 'you accept all cookies by using this website', technically only website critical cookies should fire at all without acceptance. Note, this isn't limited to just cookies holding IDs or other PI (given the wording in the legislation). See how PECR has moved on due to GDPR now? ePrivacy will eventually further clarify cookie use and bring some commonsense to the above.

DELETED: Comment made by a member who's account has been deleted.
Looks like you're the one stuck in 2011! As for my employer, they are compliant and always have been (proper belt and braces).

Once you've finish deflecting, perhaps you could share those tools I kindly posted to help your clients finally get their monies worth...I wouldn't want to bet on their compliance. rolleyes

Ultra Sound Guy

28,616 posts

193 months

Thursday 24th May 2018
quotequote all
Well, judging by the number of emails I've received in the last two weeks asking me if I'd like to stay on their mailing lists, I think my European spam mail is going to be greatly reduced!
Can we ask the UN to make this a world-wide law?

fakenews

452 posts

76 months

Thursday 24th May 2018
quotequote all
DELETED: Comment made by a member who's account has been deleted.
A complement! smile Sadly I've not the status of even doing that - severing that testicle didn't help my prospects - hard to be taken seriously when your scrotum resembles an upside down question-mark. frown