CC approach to GDPR

Discussion in 'Site Support' started by srw, 19 May 2018.

  1. srw

    srw It's a bit more complicated than that...

    With the new law kicking off next week, it would be helpful to have a statement from the administrators of the forum on the changes that have been made to comply with GDPR.

    This is basically a very useful place, so it would be good to reassure your loyal membership of all the necessary changes that have been made. I would hate to see a cavalier approach resulting in an ICO investigation and the resulting disruption - and my best guess is that hobby forums will be quite high on their radar.
     
    mjr likes this.
  2. Pale Rider

    Pale Rider Guru

    I think the only data @Shaun has on me is my email address from when I signed up.

    Hopefully he won't be staying awake at night worrying about how to look after that crucial piece of information.

    No doubt GDPR is worthwhile in some circumstances, but it's hard to get excited about it for this place.
     
  3. gaijintendo

    gaijintendo Über Member

    Location:
    Scotchland
    He also has a large canon of your writings, your voting, likes and uploads of your photos. Referral links itemise products bought for payment purposes, which is potentially identifiable to that email address, if any effort was to be made.

    That might not be eboeno to swing a referendum, but thatst a few things that definitely could be useful for marketing and so on.
     
  4. Pale Rider

    Pale Rider Guru

    Site rules are clear about content, you effectively donate it so I that's not really a GDPR question.

    Not sure what you mean about 'referral links'.

    Shaun also has the benefit of a good track record, nothing has landed in my email inbox traceable to this site.

    I don't really get the general fuss about personal data anyway - if you tap something into a social media site that something may get about elsewhere.

    If you are bothered about that, don't enter the data in the first place.
     
    Afnug and classic33 like this.
  5. gaijintendo

    gaijintendo Über Member

    Location:
    Scotchland
    I totally agree.

    Most of this stuff is not nefarious. Though Cambridge Analytica have drawn a lot of attention to what your data can do. That data came from thinks like What Pudding Are You? quizzes on Facebook.

    The point is, the is an incredible amount of precise data, about you, which is continually used for marketing, political campaigning, policing, policy making and so on, and as a citizen of the UK, you should be aware, and consent to its use.

    Not specifically CycleChat, but they do have info on you, and the point of this policy is that your consent should not be assumed.
     
  6. Regulator

    Regulator Scourge of stale, pale, male snowflakes.

    The law overrides any site rules. So it does become a GDPR question.

    I am surprised not to have received a communication, either via an email (my inbox has been bursting with them in recent weeks) or via a prominent statement on the forum, about the approach that will be taken to GDPR and - in particular - the retention and deletion of data, and the specific right to be forgotten.

    I’ve had communications from nearly all the other fora I belong to. Interestingly, none of them are taking the approach that the information “belongs’ or was ‘donated’ to the site owner. They all seem to have grasped the very clear, fundamental principle of GDPR - your data is your data.

    A very timely thread @srw given there is less than a week left. I’ve been dealing with GDPR-related issues for the last year and Friday seems to be something of an ending...


    ...although the reality will be very different. I’m expecting our first GDPR-related requests to start hitting us on Monday and, although we now have a DPO in place to lead on it, I’ll be dealing with anything NHS related. It doesn’t help that many of the commissioners and the (supposedly) expert commissioning support teams have little real understanding, and struggle with such basic concepts as Data Controller, Joint Data Controller and Data Processor.
     
    Last edited: 21 May 2018
    User33236 and flake99please like this.
  7. Firestorm

    Firestorm Veteran

    Location:
    Southend on Sea
    I Went to a GDPR lecture on Friday ...
    I would imagine that the authorities would be looking at the big boys and the “quick fixes” first.
    Retention policy , particularly for DMs might be one area of concern
     
    Tin Pot likes this.
  8. OP
    OP
    srw

    srw It's a bit more complicated than that...

    Here's the key ICO definition...

    https://ico.org.uk/for-organisation...a-protection-regulation-gdpr/key-definitions/

    So whether you care or not, and irrespective of what @Shaun plans to do with the data, "Pale Rider", any IP address or location or other data or information collected by the software or input by you, and anything passed to advertisers or to Google who provide the two-factor login service looks to me very like personal data. This isn't about user preferences, this about the site owner avoiding being prosecuted.

    To coin a phrase, I hate to admit it lol, but @Regulator is right. I think we all deserve a clear statement.

    I disagree. The ICO operate on the basis of loud and public investigations to encourage compliance. If they believe forum owners in general are not taking the law seriously they will take action. If that happens to be against him, it will be extremely disruptive to @Shaun and through him the rest of us. Best advice on compliance is always to err on the side of over-compliance.
     
    User65760, Tin Pot, mjr and 2 others like this.
  9. mjr

    mjr Wanting to Keep My EU Citizenship

    I hope that @Shaun's statement will reassure us somehow that any staff members with such attitudes to privacy will have their access to and use of personal data strictly controlled and monitored.
     
  10. OP
    OP
    srw

    srw It's a bit more complicated than that...

    Yes. Basic training in GDPR really should be part of the induction programme for new moderators.

    (He groans, knowing that a GDPR training session is on his agenda for the day).
     
    Tin Pot likes this.
  11. Pale Rider

    Pale Rider Guru

    From your definition link:

    "The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier."

    I think there's a very good argument to say 'Pale Rider' is not an identifiable person in this context.

    You might recall an instruction a while ago that no one on here could register using their real name as a forum name.

    Shaun can speak for himself, but I wonder if that was done to keep the forum out of the clutches of GDPR.

    The point about training for mods is also a questionable one.

    Mods have no access to the member's real name, email address, or private messages.

    There is the disciplinary points system (where used), although i doubt the GDPR Commissar will be awake nights worrying who knows if 'Pale Rider' has three points or four.

    https://ico.org.uk/for-organisation...a-protection-regulation-gdpr/key-definitions/
     
  12. mjr

    mjr Wanting to Keep My EU Citizenship

    Which is nonsense as what's a "real" name anyway? I am extemely rarely referred to by the name on my government -issued papers and both my username here, my previous username and even my usual nickname are all real names to me, used in other places too. It would be onerous and unenforceable to require everyone to use a unique name, unless the site was generating UUIDs somehow that we had to use and that would look pretty silly... plus the GDPR isn't limited to real names. Other identifiers are covered.
     
    theclaud likes this.
  13. cisamcgu

    cisamcgu Veteran

    Location:
    Merseyside-ish
    Mods have access to IP addresses though .... and it is a VERY cavalier attitude from @Pale Rider in this context, the fines can be rather large.

    It is NOT optional, and not only for "The Big Boys" - it is the law.
     
  14. bruce1530

    bruce1530 Über Member

    Location:
    Ayrshire
    The regulations state that email addresses and IP addresses are classed as “personal data”. This forum collects these, so is within scope.
     
  15. Mister Paul

    Mister Paul Legendary Member

    Mods having access to email addresses is an option in the software. I suspect it was deliberately turned off in the short-lived forum that we don't talk about.

    Anyway, you're missing the point. It's possible to identify many people on here with a good read of what they post and a bit of detective work. There are members on here who have done this, which in itself is worrying.

    The question is whether or not the accumulation of soft information, which when put together can lead to the identification of a person, is covered by the new regs.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice