It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
GDPR Compliance which come into effect on the 28th of May 2018?
page: 4share:
originally posted by: BlueAjah
a reply to: studio500
I believe that when we first created our profiles we accepted the Terms and Conditions as part of the sign up process. It was a long time ago when I signed up, but I am pretty sure that counts as a legal opt-in.
From SO's explanation above, and viewing ATS Privacy Policy, I am confident they are doing what they need to do.
Your scenario above about removing all posts is not actually something that would be required under GDPR. Posted material is not personally identifying information as defined by the law. However, UserIDs or identifiers are considered personal information. So, if a user requested that their personal information be removed, I think perhaps ATS could get around that by removing all info in the profile and changing the UserID to something random.
Under GDPR all previous assumed compliance or so called opt ins are no longer valid.
Post GDPR implementation date the user must be given the ability to provide explicit consent which should not be in the form of implied consent or pre ticked boxes.
As for forum posts, yes, some information can be retained as you state, but any identifying information must be removed.
The problem here is who would want to search through thousands of posts or replies to identify such data.
I know I wouldn't.
...........................................................................................................................................
Moving on,
Let me once again reiterate that I was only trying to be helpful here.
I'm certainly not banging any drums saying to anyone I'm right, you're wrong etc etc.
I posted firstly to give ATS the heads up and secondly to help avoid any problems to the management.
I run my own Architectural forum, it doesn't sell anything. is non commercial and in many ways is much like ATS and I'm doing everything possible to cover my legal obligations as required by the GDPR legislation.
I am however, located in the EU and that is a big difference.
ATS have made their stance clear and I am acutely aware that if i try to provide any further insight or assistance in this matter through genuine concern for a community that I love and appreciate, that my comments may not be viewed in the helpful way they are intended.
I have no intention of getting into a verbal disagreement with anyone over a matter that doesn't really affect me, other than denying me and other EU nationals of certain data and privacy rights that the GDPR provides.
I can live with that though. It doesn't really change anything for me and I'm sure ATS keeps all our data safe as responsible forum site owners.
In relation to GDPR in general though and moving away from ATS.
One of the biggest misconceptions here is the idea that the GDPR relates only to businesses when in fact it relates to any website storing personal information belonging to EU nationals. That's is where many websites will fall foul of this legislation.
Personal data don't forget, can be as minute as an ip address or Username.
But for me personally, that's the end of my input and may I thank management for their response.
Have a great day everyone
a reply to: studio500
That's not entirely accurate.
Previous consents are valid as long as the previous consents followed the explicit consent rules of the GDPR. If ATS had such explicit opt-ins in place at the time users created an account, then they would be valid now, even if they were originally pre-GDPR.
The only time new consents are required are if the previous consents were implicit or non-existent, or otherwise did not clearly state how information would be used.
Also, since these forums are scripted and posts are in a database, it should not be difficult to do a programmatic find-and-replace to replace to replace user names in post content (such as quoted posts). Since the UserNames themselves are in a database, one replacement should automatically update all user posts. There should be no other Personally Identifying information in posts, unless someone was stupid and posted such things.
That's not entirely accurate.
Previous consents are valid as long as the previous consents followed the explicit consent rules of the GDPR. If ATS had such explicit opt-ins in place at the time users created an account, then they would be valid now, even if they were originally pre-GDPR.
The only time new consents are required are if the previous consents were implicit or non-existent, or otherwise did not clearly state how information would be used.
Also, since these forums are scripted and posts are in a database, it should not be difficult to do a programmatic find-and-replace to replace to replace user names in post content (such as quoted posts). Since the UserNames themselves are in a database, one replacement should automatically update all user posts. There should be no other Personally Identifying information in posts, unless someone was stupid and posted such things.
new topics
-
Maetaquest 3S
Video Games: 1 hours ago -
Final jobs report before Nov 5th is a bad one lowest since Dec 2020
US Political Madness: 1 hours ago -
Early voting results
2024 Elections: 4 hours ago -
Project Redsun: NASA's Secret Manned Missions to Mars The Why Files
Space Exploration: 10 hours ago -
President BIDEN Approved Omitting from the Transcript That He Called Trump Supporters GARBAGE.
2024 Elections: 10 hours ago