boards.ie privacy policy (lack thereof)

cornbb

Correct me if I'm wrong, but I can't seem to find a boards.ie privacy policy. These days it is the norm for any website that collects a user's information to state a policy on what information is collected, how it may be used, etc etc, I'm sure you get the gist.

I'm not claiming that our fine admins are evil thought police or anything, in fact I'm sure the opposite is true. I'd just like to point out that its the norm for most websites to have such policies these days and now might be a good time to implement one, given the excellent growth of the site and the rise of adverts.ie and social.ie.

Boston

What private information is collated by boards.ie administrative staff.
Theres an email address which isn't published and afaik thats it.

cornbb

Boston wrote: »

What private information is collated by boards.ie administrative staff.

A privacy policy would answer that question

Theres an email address which isn't published and afaik thats it.

There is also the question of cookies, IP addresses etc.

AlmightyCushion

Also the gps tracking anklet the admins make us mods wear at all times.

cornbb

AlmightyCushion wrote: »

Also the gps tracking anklet the admins make us mods wear at all times.

Yeah I was wondering why the jewellery Vexorg gave me starts beeping every time I leave my desk to go to the bathroom

Boston

cornbb wrote: »

A privacy policy would answer that question

I'll be more clear, what data do you feel boards has belonging to you. Outline the problem a privacy policy would solve.

There is also the question of cookies, IP addresses etc.

Do you know what these things are? Do you understand what private data is?

leninbenjamin

AlmightyCushion wrote: »

Also the gps tracking anklet the admins make us mods wear at all times.

I hear they are soon introducing embedded microchips as a replacement.

Boston wrote: »

Do you know what these things are? Do you understand what private data is?

doesn't look like it.

cornbb

Boston wrote: »

Do you know what these things are? Do you understand what private data is?

Yes Boston I do, hence the query...

AlmightyCushion

leninbenjamin wrote: »

I hear they are soon introducing embedded microchips as a replacement.

Yes and no. They were going to but it is far to expensive to implement, so they are going to make us swallow the gps unit now.

Stark

Well the admins have access to our "private" messages. I think the policy there has always been "don't use private messages for anything that you wouldn't choose to make public", although in practice I trust the admins not to actually go reading people's PMs.

There's the IP addresses, which could be considered a privacy risk. Hence vanilla moderators not being allowed access to this piece of information.

Other than that, I don't think there's anything that a member of the public couldn't access and collate...

monkey tennis

cornbb wrote: »

There is also the question of cookies, IP addresses etc.

Neither of these are really private. Plus you have access to any cookies stored on your PC, so you can see exactly what kind of information is stored in them.

cornbb

monkey tennis wrote: »

Neither of these are really private. Plus you have access to any cookies stored on your PC, so you can see exactly what kind of information is stored in them.

True, but they can and have been misused in the past. Here's an excerpt from www.vbulletin.com's privacy policy:

We may place a text file called a "cookie" in the browser files of your computer. The cookie itself does not contain Personal Information although it will enable us to relate your use of this site to information that you have specifically and knowingly provided. But the only personal information a cookie can contain is information you supply yourself. A cookie can't read data off your hard disk or read cookie files created by other sites. VBULLETIN.ORG uses cookies to track user traffic patterns (as described above). Our advertising system delivers a one-time cookie to better track ad impressions and click rates.

You can refuse cookies by turning them off in your browser. If you've set your browser to warn you before accepting cookies, you will receive the warning message with each cookie. You do not need to have cookies turned on to use this site. However, you do need cookies to participate actively in message boards, forums, polling and surveys.

Again I stress that I believe boards.ie and its admins would not use such information for anything sneaky but it is the norm for websites to clarify how such information is used.

Boston

User data as opposed to Private user data tbh.

cornbb

Boston wrote: »

User data as opposed to Private user data tbh.

Still stuff that is covered in every run-of-the-mill privacy policy

Boston

You really need some argument beyond "other people do it"

Hagar

Stark wrote: »

There's the IP addresses, which could be considered a privacy risk. Hence vanilla moderators not being allowed access to this piece of information.

More lies. There's no Vanilla Forum, I checked, can't fool me.

seamus

Privacy policies are pointless on Irish-hosted sites. boards.ie is bound by the data protection act, therefore you can be 100% sure that your information is not being given to 3rd parties nor is it being used for any purpose other than the purpose for which you supplied that information to boards.ie.

I suspect if boards.ie's privacy policy said they were going to use your email address to send you tonnes of ads and sell it to nigerian scammers, it wouldn't be enforceable by law. It's a bit like a prenup - makes some people feel better, but the Irish courts would laugh at it.

Boston

Isn't there something else about having a reasonable expectation to privacy. In that, PM and the like aren't private since you have no expectation of privacy given management can read them.

Nevyn

Stark wrote: »

There's the IP addresses, which could be considered a privacy risk. Hence vanilla moderators not being allowed access to this piece of information.

What there are non kinky mods ?
when did that happen ?

Beruthiel

Thaedydal wrote: »

What there are non kinky mods ?
when did that happen ?

I think he was just talking about himself there Thaed

Pherekydes

AlmightyCushion wrote: »

Yes and no. They were going to but it is far to expensive to implement, so they are going to make us swallow the gps unit now.

Yeah, I got mine in the post, and there's no fcuking way I'm swallowing that thing!

Total Recall, anyone?

Hagar

There is an alternative...

Whistles and walks away...

Pherekydes

*Privacy Policy:

This is a private site. Boards.ie, its owners and agents hereby waive all rights to privacy of its users. This is because this is a privately-owned site open to the public. Why would you expect privacy on a publicly accessible site?









*Not necessarily the views of boards.ie, its owners or agents.




Terms and conditions apply. The value of investments may go down as well as up. You have no privacy.

Jules

Slow coach wrote: »

Yeah, I got mine in the post, and there's no fcuking way I'm swallowing that thing!

Total Recall, anyone?

Well i microchip cats and dogs everyday, so if the admins want i can inject the chips subcutaneously....

For a small fee of course!

/me grabs scanners and large LARGE needle......

Who's first?

Evil Al

Have to say I agree with OP. Some questions a privacy policy could clarify by making clear what cookies and logs are used for:

- Does boards/adverts collate clickstreams and sell them to advertisers (i.e., this guy is obviously a car nut but he also like persnoal ads)?
- Are PMs ever published for all to see? Can mods read them?
- Will boards sell my email address to advertisers or send me lots of ads for Viagra?

Sure most people would know the answer to those, but it might be no harm to clarify...

Regarding data protection, in general the data protection commissioner looks for a statement of how private data is used, and whether that is adhered to. Email addresses *are* considered as personally identifying information, (which is one reason that all ISPs are required by law to register with the Commissioner, even though most don't bother) so the fact that users provide an email when registering (don't they?) means there should at the least be a statement about how these are used by boards.

Just my 2 cents.

cornbb

Boston wrote: »

You really need some argument beyond "other people do it"

Think of it as an extra service for users then. Many people actually read those things. Online privacy is a concern for many people, online giants like Google and Facebook have been criticised for privacy weaknesses which were revealed in their privacy policies. A boards.ie privacy policy would bring peace of mind to many users, although I do realise that the vast majority of users don't give a crap.

seamus wrote: »

Privacy policies are pointless on Irish-hosted sites. boards.ie is bound by the data protection act, therefore you can be 100% sure that your information is not being given to 3rd parties nor is it being used for any purpose other than the purpose for which you supplied that information to boards.ie.

I suspect if boards.ie's privacy policy said they were going to use your email address to send you tonnes of ads and sell it to nigerian scammers, it wouldn't be enforceable by law. It's a bit like a prenup - makes some people feel better, but the Irish courts would laugh at it.

True, I have some vague understanding of Irish privacy laws, AFAIK they are not perfect but are leagues ahead of what has been implemented in the US and some other places. I wasn't even thinking of the legal aspect tbh. I see a lot of privacy policies written in a "plain english" sort of way, I get the impression that these are put in place for the benefit of the many Internet users who would simply like to know exactly how there data may be stored, used, accessed, shared etc etc.

Boston wrote: »

Isn't there something else about having a reasonable expectation to privacy. In that, PM and the like aren't private since you have no expectation of privacy given management can read them.

I have no idea whether admins can read PMs, given the ability I'm sure they wouldn't except in the most extreme circumstances. It would be nice to know for sure though (hint hint)

seamus

- Does boards/adverts collate clickstreams and sell them to advertisers (i.e., this guy is obviously a car nut but he also like persnoal ads)?
- Are PMs ever published for all to see? Can mods read them?
- Will boards sell my email address to advertisers or send me lots of ads for Viagra?

All three of your above items are covered by the data protection act.

boards.ie *cannot* sell your private data to other people without your consent. This would include aggregated advertisement data.
You know you haven't given that consent. Any company who maintains private information about a person are considered data controllers and are bound by the DPA whether or not they register with the Commissioner.
So your first two questions are covered there.

Although PMs are stored on boards.ie's servers, my understanding is that by their nature, there is an expectation of privacy (exactly like email), so to publish these without your consent would be a breach of privacy. boards.ie has never published anyone's PMs and never will. Moderators cannot see PMs. Administrators (who own the data) can, but only if there is a need.

I fail to see what a privacy policy would contain that could provide any new information to you. I also doubt that question such as your one about PMs - a valid query IMO, if only to make it clear - would be spotted by most people in a privacy policy.

Perhaps a thread in the newbies/FAQ forums would be more appropriate.

regi

Hmm, I'm pretty sure we used to have one of these. If not, we'll produce another official privacy statement.

cornbb

seamus wrote: »

I fail to see what a privacy policy would contain that could provide any new information to you. I also doubt that question such as your one about PMs - a valid query IMO, if only to make it clear - would be spotted by most people in a privacy policy.

Perhaps a thread in the newbies/FAQ forums would be more appropriate.

Given most people's lack of familiarity with the DPA, a privacy policy to explain these things would be great. A stickied locked thread somewhere would indeed be useful.

regi wrote: »

Hmm, I'm pretty sure we used to have one of these. If not, we'll produce another official privacy statement.

Cool

/removes tinfoil hat

padser

AFAIK the data protection is very much affected by privacy policies and the like.

The DPA specifies what can and can not be done with 'private data'. Data such as IP addresses and e mail addresses (which are collected by boards) are MOST DEFINITELY private data.

If when you signed up to boards you the T&C stated that the e mail address you were giving was going to be used to send you adverts (or 'newsletters') then there is no reason why this would fall foul of the DPA. This is because (grossly simplified) the DPA states that you can only use information for its intended purpose - thus if I'm told I'm giving my information and it may be passed onto third parties for advertising purposes - then as far as the DPA is concerned there is no problem (makes sense if you think about it).

For example if you read the T&C's of many large companies when you give them information they will often say that they can pass the info onto their subsideraries (terrible spelling). I remember reading one once which said we will pass it onto a dutch company - the reason was this dutch company compiled their customer database.

So then the question arises does boards.ie NEED a data policy. No. AFAIK it's not a requirement that you have a data policy. However it just really good practice. The chances of you being able to defend yourself against a complaint made against you increase drastically if you have a policy and can point to it, and say we followed it. For example you are only allowed to keep data for specified purposes. If you don't have a Data protection policy - its much harder for you to justify the fact that you kept the data - because you can't point to a specific purpose enumerated in the policy.

Tar.Aldarion

cookie.setMaxAge(0);
Session.Invalidate();

faceman

padser wrote: »

AFAIK the data protection is very much affected by privacy policies and the like.

The DPA specifies what can and can not be done with 'private data'. Data such as IP addresses and e mail addresses (which are collected by boards) are MOST DEFINITELY private data.

If when you signed up to boards you the T&C stated that the e mail address you were giving was going to be used to send you adverts (or 'newsletters') then there is no reason why this would fall foul of the DPA. This is because (grossly simplified) the DPA states that you can only use information for its intended purpose - thus if I'm told I'm giving my information and it may be passed onto third parties for advertising purposes - then as far as the DPA is concerned there is no problem (makes sense if you think about it).

thats not correct, you must give your consent. Opt in by default is not allowed.

wrote:

For example if you read the T&C's of many large companies when you give them information they will often say that they can pass the info onto their subsideraries (terrible spelling). I remember reading one once which said we will pass it onto a dutch company - the reason was this dutch company compiled their customer database.

If the subsidiary is in the EU then thats fine but its still subject to DP law governing it's use, the passing of data and who the data is being passed to etc

wrote:

So then the question arises does boards.ie NEED a data policy. No. AFAIK it's not a requirement that you have a data policy. However it just really good practice. The chances of you being able to defend yourself against a complaint made against you increase drastically if you have a policy and can point to it, and say we followed it. For example you are only allowed to keep data for specified purposes. If you don't have a Data protection policy - its much harder for you to justify the fact that you kept the data - because you can't point to a specific purpose enumerated in the policy.

As people can and do post personal information including payment information for subscribers, then DP laws are still relevent and a privacy policy would be a good idea. Im sure the admins have procedures in place to avoid any breachs of DP in place.

Its funny, i was only thinking about DP and boards.ie last night and then i saw this thread. The reason i was thinking about it was in relation to users who dont post anymore. in normal transactions with companies for example, when someone cancels their account there are rules around removing all their detail from the system etc and I was wondering if it is as relevent to boards.ie.

Btw, good post Seamus.

padser

faceman wrote: »

thats not correct, you must give your consent. Opt in by default is not allowed.

True, in attempting to simplify it I did omit to mention that uses like this must be opt in rather then default. I was trying to make the point that the DPA doens't preclude your details from being passed on - it simply regulates how it happens.

faceman wrote: »

If the subsidiary is in the EU then thats fine but its still subject to DP law governing it's use, the passing of data and who the data is being passed to etc

Yup, your details being passed on doesn't suddenly lead to a free for all with them - they are still subject to the same restrictions. AFAIK they can also be transfered outside the EU (this would be important where head offices are located in USA) but additional restrictions apply (I think) to attempt to ensure the same standards of data protection apply.

faceman

padser wrote: »

True, in attempting to simplify it I did omit to mention that uses like this must be opt in rather then default. I was trying to make the point that the DPA doens't preclude your details from being passed on - it simply regulates how it happens.

oops sorry for my misinterpretation of your point. But yes it ultimately boils down to consent.

wrote:

Yup, your details being passed on doesn't suddenly lead to a free for all with them - they are still subject to the same restrictions. AFAIK they can also be transfered outside the EU (this would be important where head offices are located in USA) but additional restrictions apply (I think) to attempt to ensure the same standards of data protection apply.

There is a safe list of countries on the DP website, USA being one of them. Its the call centres in the third world countries Id worried about!! :eek:

Maybe DeV and his team will outsource the Helpdesk forum to India in the future??

seamus

faceman wrote: »

Maybe DeV and his team will outsource the Helpdesk forum to India in the future??

User: Hi, can I change my name to BIGMAN66 please?
Helpdesk guy: OK, what browser are you using please?

Outsourcing to India is the devil's idea.

faceman

seamus wrote: »

User: Hi, can I change my name to BIGMAN66 please?
Helpdesk guy: OK, what browser are you using please?

Outsourcing to India is the devil's idea.

Brilliant!

it could also go like this:

User: "Hi, can I change my name to BIGMAN66 please?"
Helpdesk guy: "have you tried rebooting your computer?"

Stark

Or at my company's helpdesk: "What make and model is your computer?"

regi

thanks for feedback, we'll make it go