Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

GDPR, Boards.ie and Vanilla, how does this work?

  • 26-07-2021 12:05pm
    #1
    Boards.ie Employee Posts: 12,597 ✭✭✭✭✭Boards.ie: Niamh
    Boards.ie Community Manager


    Hi all, 

    We’re aware that the absence of a working Cookie Policy link and Privacy Notice link is justifiably causing some worries and issues. Hands up here, we absolutely should have them up and will do so at the first opportunity - all going well they will be there this week. The only changes on them from our previous policies have been to add Vanilla services to the Third Party Cookies (Cookie Policy) and to Third Parties we work with (on Privacy Notice) but we will get them live asap. 

    GDPR, Boards.ie and Vanilla, how does this work? 

    We have signed a DPA - Data Processing Agreement - with Vanilla. Both parties have agreed to enter into this DPA to ensure adequate safeguards are put in place with respect to protection of everyone’s Personal Data as required by the GDPR.

    “Personal Data” means all data which is defined as ‘personal data’ under EU Data Protection Laws and to which EU Data Protection Laws apply and which is provided by the Customer to Vanilla, and accessed, stored or otherwise processed by Vanilla as a data processor as part of its provision of the Service to Customer (Boards).

    Where and to the extent that Vanilla processes data which is defined as ‘personal data’ under EU Data Protection Laws, Vanilla will comply with applicable EU Data Protection Laws in respect of that processing.

    With respect to all Personal Data, Vanilla warrants that it shall only process Personal Data in order to provide the Service, and shall act only in accordance with: (i) this DPA, (ii) Boards.ie's written instructions, and (iii) as required by applicable laws.

    They will implement appropriate technical and organizational measures to ensure a level of security appropriate to the risks that are presented by the processing of Personal Data, in particular protection against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data. 

    Vanilla will take reasonable steps to ensure that only authorized personnel have access to such Personal Data and that any persons whom it authorizes to have access to the Personal Data are under obligations of confidentiality.

    ------------------

    Some questions answered for us by Vanilla’s Information Security Analyst:

    Vanilla is a processor of our data, what exactly happens with that data? 

    Vanilla will operate as the Data Processor, following the instructions of the Data Controller (Boards) as defined in the DPA or as given in writing. We will use the data only to provide the service. See above re: DPA. 

    When a user signs up with their email address and on a specific IP, what happens to this data, where and how is it stored? 

    Data is stored within Vanilla’s private cloud, operated in a SOC and ISO certified Data Center. This Data Center is located in Canada, a country that has been recognised by the EU as having Adequate Data Protection laws. “The effect of such a decision is that personal data can flow from the EU (and Norway, Liechtenstein and Iceland) to that third country without any further safeguard being necessary. In other words, transfers to the country in question will be assimilated to intra-EU transmissions of data.”

    Further details here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en

    Who has access to the database? 

    Access to all data collected is limited internally to staff who require access in order to provide the service, and is strictly monitored, logged and secured. All staff undergo background checks as allowed by law.

    Is the hosting happening physically with Vanilla or in the cloud? 

    Hosted with a hosting company that provides us dedicated hardware – Vanilla have a DPA in place with them, and include them as one of our Sub Processors under GDPR

    Have Vanilla conducted an audit regarding the data stored and for how long? 

    Vanilla has undertaken internal reviews of data processing and storage – data is stored until contract termination. Our processes involved in this have been audited by external Auditors as part of our SOC 2 Type 1 Certificate. 

    Data security for those of you who want to know these details:

    In transit encryption: All data in transit is encrypted using HTTPS (TLS 1.2 and 1.3), and a secure cipher. 

    Vanilla ourselves are SOC 2 Type 1 audited, and busy finalising our SOC 2 Type 2 Audit. The Data Centers we use are all either SOC audited and/or ISO 27001 certified

    At rest encryption: Data is stored in a physically secured data center with Biometrics, 24/7 Monitoring and security, Background checks on all staff, and man-traps at entrance and exit. 

    ------------------

    Once the Cookie Policy and Privacy Notice are live and the Cookie Consent pop up has been re-enabled, we will update here.



«1345

Comments

  • Posts: 3,801 ✭✭✭ [Deleted User]


    Sounds good. Is the data actually stored in Canada? Or some of it.



  • Registered Users, Registered Users 2 Posts: 1,595 ✭✭✭py


    1 very simple question: Where is our data being hosted?



  • Registered Users, Registered Users 2 Posts: 1,363 ✭✭✭ezra_


    I have a question on this @Boards.ie: Niamh

    How do you account for special categories of data (a lot of user post about, inter alia, health, political and religious information). You have given your sub processors access to this (joining statements with the backend personal data). How do you protect this?



  • Posts: 0 [Deleted User]


    While this statement is welcome, it is worrying that GDPR and privacy issues appear to be an afterthought. I really hope that the following statement is adhered to:

    "Access to all data collected is limited internally to staff who require access in order to provide the service, and is strictly monitored, logged and secured. All staff undergo background checks as allowed by law."

    As per my profile privacy post, what setting on my profile page should I tick to ensure profile privacy - am I better off leaving the 2 options unticked? Who are the authorized users?



  • Registered Users, Registered Users 2 Posts: 6,034 ✭✭✭trellheim


    So the data was moved to Canada without giving users a choice in advance ?



  • Advertisement
  • Registered Users, Registered Users 2 Posts: 40,637 ✭✭✭✭ohnonotgmail




  • Boards.ie Employee Posts: 12,597 ✭✭✭✭✭Boards.ie: Niamh
    Boards.ie Community Manager


    As before, access to user data such as email addresses is restricted to those who need to know it for the purposes of the administration of the site and they are only permitted to use it for that purpose. As part of our Terms of Use:

    In order to allow for the proper administration of boards.ie we make use of third party moderators and administrators. And in order for them to properly carry out their functions as moderators and administrators they require access to personal information concerning you, your boards.ie account and your activity on the site. Such data is only permitted to be used by our third party moderators and administrators for the purposes of administering the site and cannot be used by them for any other purpose.

    This has not changed. The Data Protection Agreement in place with Vanilla ensures that anyone with access to the database from their end also only accesses it in order to provide a service to Boards and for no other reason.



  • Boards.ie Employee Posts: 12,597 ✭✭✭✭✭Boards.ie: Niamh
    Boards.ie Community Manager


    Yes the data is stored in Vanilla’s private cloud which is operated in a SOC and ISO certified Data Centre. The Data Centre is located in Canada, a country that has been recognised by the EU as having Adequate Data Protection laws. As far as GDPR is concerned, there are what are known as 'Third Countries'. Secure third countries are those for which the European Commission has confirmed a suitable level of data protection on the basis of an adequacy decision. In those countries, national laws provide a level of protection for personal data which is comparable to those of EU law. Canada is one of these countries.



  • Posts: 596 ✭✭✭ [Deleted User]


    Now that it has been confirmed that my data has been moved out of Ireland to Canada without informing me of same, I wish to exercise my Article 17 GDPR rights. Please acknowledge receipt of this message soonest.



  • Moderators, Education Moderators, Technology & Internet Moderators, Regional South East Moderators Posts: 24,056 Mod ✭✭✭✭Sully


    Has been said a few times...

    You email your request

    Email hello@boards.ie@Boards.ie



  • Advertisement
  • Posts: 596 ✭✭✭ [Deleted User]


    It hasn't been said in this thread where you might think such a thing would be likely found, and there is no Privacy Policy to consult. GDPR doesn't state what a valid request is, and in view of the lack of any other published method, the above request is a valid request in my view and I expect to have it carried out.



  • Moderators, Education Moderators, Technology & Internet Moderators, Regional South East Moderators Posts: 24,056 Mod ✭✭✭✭Sully


    A search, funnily enough. I've came across it in the main feedback thread but there's also a specific thread..


    As the site is undergoing a pretty big change, they've yet to fix the various links to Privacy Policy etc.



  • Posts: 0 [Deleted User]


    One last power trip eh?


    Delete our data now.



  • Posts: 3,801 ✭✭✭ [Deleted User]


    What all of the data? The website would not work and nobody could login.

    To get your data deleted you would have to delete your account.



  • Registered Users, Registered Users 2 Posts: 7,299 ✭✭✭CantGetNoSleep


    This has been flagged at least a week ago and still is not fixed. Not really acceptable for such a site.



  • Moderators, Education Moderators, Technology & Internet Moderators, Regional South East Moderators Posts: 24,056 Mod ✭✭✭✭Sully


    What are you on about?

    Aye, I understand. I guess there's a lot being pulled from the team and there's very few in said team.



  • Posts: 0 [Deleted User]


    I'm on about wanting my data wiped from this site. I've requested a few times now, and a request is a request.



  • Posts: 0 [Deleted User]


    Making people jump through hoops to access their basic rights is abominable.



  • Registered Users, Registered Users 2 Posts: 1,363 ✭✭✭ezra_


    With respect, that isn't quite an answer.

    I'm not worried about mods, as unless Mod Utils has radically changed in the last while, they can't see my personal information. I've always been comfortable with the Boards.ie team being able to link my identity to the special data categories. Now this Canadian company, along with some other Canadian company have access to this as well? On the basis of 'they promise they won't look'?

    Can you confirm that:

    a) Vanilla have access to user's personal information; and

    b) This un-named third party hosting company also have access to the plain-text of user's personal information;

    c) Assuming a) and b) are correct, you have performed a DPIA with regard to the processing by these parties of both the special categories and ordinary data?

    d) Care to publish this DPIA?



  • Advertisement
  • Registered Users, Registered Users 2 Posts: 7,265 ✭✭✭RangeR


    Agreed with all above. I would also like to re-iterate a question above that has gone unanswered.

    Why was our data moved outside of EU without prior consent?

    Irrespective of the DP laws in Canada [and ignoring Five Eyes for the moment, for pretty must the same reason why Privacy Shield was deemed inadequate], we should have been informed that our data would be migrated to Canada BEFORE it was moved. Giving us time to delete our accounts before hand.

    I think it's poor form on boards stakeholders to make this unnecessary decision without informing it's users. Regardless of the legalities of the law as opposed to the spirit of GDPR, it shows an attitude towards data security that appears to be, at best, a secondary concern.

    I've no doubt that there were/are plenty of hosting solutions in Ireland or wider EU that were as suitable. I'd be very interested in a transparant report detailing why a self hosted solution or even Irish data center hosted solution wasn't deemed preferable over any Third Country.

    Was it just a cost reduction exercise? I'm sure it's cheaper to have a SaaS product than employ a handful or techs to handhold the infrastructure. But why outside EU?



  • Moderators, Education Moderators, Technology & Internet Moderators, Regional South East Moderators Posts: 24,056 Mod ✭✭✭✭Sully


    To be fair, I've only seen your request once. And I wouldn't have considered posting in a random thread the formal way.


    As has been said a few times, email them. And job done. Your data doesn't get wiped though, never has.



  • Boards.ie Employee Posts: 12,597 ✭✭✭✭✭Boards.ie: Niamh
    Boards.ie Community Manager


    Both requests have been added to GDPR account closure requests.

    If anyone else wants to request the same, please email datarequests@boards.ie thanks.



  • Registered Users, Registered Users 2 Posts: 4,200 ✭✭✭shanec1928


    might also remove the lie saying the sites hosted by digiweb at the bottom of the page



  • Posts: 3,801 ✭✭✭ [Deleted User]


    Just to be clear, emailing is now the way to delete an account? Right?



  • Posts: 0 [Deleted User]


    So my email address (with my full name in it) and my IP logs won't be deleted is that right?



  • Registered Users, Registered Users 2 Posts: 6,034 ✭✭✭trellheim


    Dont you need to inform all of us explicitly - i.e. 1:1 under GDPR 13:(1)(f) that you are doing this beforehand ?


    https://gdpr.eu/article-13-personal-data-collected/



  • Moderators, Education Moderators, Technology & Internet Moderators, Regional South East Moderators Posts: 24,056 Mod ✭✭✭✭Sully


    Here, I'm only trying to be helpful. Tone down the bad attitude and relax a little. Its an online forum. Not your bank.


    Send the email and it'll be sorted along with any other questions. I wouldn't want to reply further if that's the tone I'll be treated with for trying to help.



  • Posts: 0 [Deleted User]


    Excuse me but I asked a pertinant question, in text form.. If you have a problem with me asking pertinant questions than that's your problem.



  • Advertisement
  • Posts: 3,637 ✭✭✭ [Deleted User]


    For more information on GDPR and your statutory rights, visit:

    https://www.dataprotection.ie/



  • Posts: 3,637 ✭✭✭ [Deleted User]


    I've raised my concerns with the data protection commissioner regarding the transfer of personal data to a third party without advanced warning and without providing me with an effective mechanism to ensure it was removed before the database was migrated.

    The initial response suggests that Boards can do what they want with their platform and business, but they can't do whatever they like with my data and that my concerns are considered serious.



  • Registered Users, Registered Users 2 Posts: 2,593 ✭✭✭circular flexing


    Sending an email is hardly jumping through hoops.



  • Registered Users, Registered Users 2 Posts: 2,593 ✭✭✭circular flexing



    The lack of advanced warning was unfortunate but they still provide a way for you to delete your data or have it anonymised.



  • Posts: 3,637 ✭✭✭ [Deleted User]


    They provide a way to ask for it. None of the other things they're supposed to have in place are actually in place. Also their DPA is a generic and largely useless document, intended to provide Boards Software Limited with what they need, but not me as a subject with what I need. These are very generic, especially when referring to things like physical security with man-traps and background checks etc. I review these as part of my job. My data was migrated to Canada and it will now exist on Canadian physical infrastructure in backups and snapshots. They may remove it but it will remain and remain available to be restored on request. That's the issue. If they notified the user-base in advance, many would have opted to close their accounts beforehand, but as always the interests are those of the commercial operator and not of the user who has been denied the opportunity to safeguard their personal data. That's the long and short of it. Don't make any excuses for them.



  • Moderators, Social & Fun Moderators Posts: 18,620 Mod ✭✭✭✭Leg End Reject


    Can I ask what the concerns are about our data here? I'm not sure what can be used or why.



  • Advertisement
  • Registered Users, Registered Users 2 Posts: 7,265 ✭✭✭RangeR



    So there are little things like no Privacy Policy, no Cookie Policy, no Cookie Consent, no mention anywhere on how to delete account, no mention of a DPO etc. Those things will come in time but unforgiveable that they weren't thought about prior to migration. EVERY company factors these things into any new website in the EU, unless they don't really care about data security.

    The BIG thing is that they migrated their data hosting from a First Country [Ireland] to a Third Country [Canada] without consent. Now all the talk from Boards so far is that Canada has adequate Data Protection laws in place and that may be. But the BIG law/regulation that Boards broke, and they could be in trouble with this, is that they migrated the data to that Third Country without any prior notice. Consent wasn't asked and certainly not given. At this stage, it's too late as the data is already there. If I was their DPO, I'd be VERY concerned.

    This point has been brought up in Feedback for the past few days and has been overlooked and not answered by Boards staff.



  • Moderators, Social & Fun Moderators Posts: 18,620 Mod ✭✭✭✭Leg End Reject


    How could our data be used though? I know there's our email and IP address, but how would someone accessing these be an issue?

    I'd imagine most don't use an everyday email so spam wouldn't be a huge concern for them, but I have seen some posters say they have used one with that contains their name.



  • Registered Users, Registered Users 2 Posts: 2,593 ✭✭✭circular flexing



    Can consent be granted by including a clause in a privacy policy to say that your data may be transferred our of EEA to a 3rd party?



  • Posts: 0 [Deleted User]


    I've done the same. I hope the response I get is not as aggressive or condescending. I added screenshots of the responses I got to my complaint.



  • Advertisement
  • Registered Users, Registered Users 2 Posts: 856 ✭✭✭RoYoBo


    I am less concerned about what I posted in the open forums than what is contained in my PMs. I gave information there in response to 'Talk To' forums, eg bank and Eir, which include my full name, address, Eircode, phone numbers, account numbers etc.

    This very personal and sensitive information is now 'at risk' to me in a non EU country and I wasn't given any opportunity to delete it in advance. I am not at all happy about this! Whilst I want it deleted now, it seems like too little, too late.



  • Posts: 3,637 ✭✭✭ [Deleted User]


    I suggest anyone who actually cares about their digital privacy in light of the migration of boards to a Canadian platform might want to read the following documentation and articles.

    This PDF is the current security overview from Vanilla for their hosted forums:

    https://vanillaforums.com/legal/VanillaForumsSecurityOverview4.5.pdf

    Note it contains references to Safe Harbour (defunct since 2015) and Privacy Shield (shot down by the EU court of justice in July 2020) and references to EU Clauses during interim periods etc. What that basically means is that PIPEDA is the legislative bill/act applicable in Canada to allow personal data move from the EU to the US.

    This editorial explains very well exactly why PIPEDA isn't up to the task, leaving too many back-doors open and putting at risk personal data of EU citizens:

    This explains in more general terms how PIPEDA, the current data privacy laws effective in Canada, are inadequate:

    So in order to update Canadian privacy laws, Bill C-16 was tabled during a first speed in early winter 2020. Canadas own Data Commissioner has concerns that it's not fit for purpose, so it has been sent back to the drawing board:

    This information is being shared to ensure that boards users are informed and educated about the potential consequences and risks presented following the migration of OUR data to a Canadian provider, despite the rubber stamp assurances included in DPA's and so forth.

    I strongly suggest anyone consenting (or who should be afforded by law the opportunity to withdraw that consent) to process their personal data take the time to review these articles. Most won't, but those who care should take an interest.

    The movement of personal data by Boards Software Limited to Vanilla Forums has not factored in the increased risks associated with moving our data there. This is quite simply a grossly irresponsible action to have taken, particularly given that simple compliance (Privacy Notice, Cookie Policy, Terms of Use are all missing still at time of writing) has not been put in place. If the small things haven't been considered and prepared in time, who can seriously believe that any due diligence has been carried out when it comes to users personal data?

    This is not just noise, pushback and being difficult. It's at the very heart of the matter.



  • Registered Users, Registered Users 2 Posts: 7,265 ✭✭✭RangeR


    Unlikely and it's a very gray area but shouldn't be. Consent must be explicit not implied. Many privacy policies that I have read state that they may send your data to third countries but rarely is this listed as to what data, which third countries, which specific data processors and why.

    But that it moot. Those privacy policy clauses are intended to mean that a subset of data [usually marketing etc] are shipped off to the likes of MailChimp [USA] for targeted marketing, if opted in. They are certainly not intended to migrate all data to be hosted fully in a Third Country. For this, they need explicit consent.

    It should also be noted that most privacy polices and the like are boiler plate texts, sufficient to check a GDPR box. They rarely go into detail or are easily read. Most websites, EU or otherwise, are flagrantly in breach of GDPR as their cookie consent is generally defaulted to include marketing and analytics. Opting out regularly requires multiple, if not tens or hundres of clicks to opt out of every vendor. Marketing "Legitmate Interest" non opt outable is a particular bug bear of mine but this is generally Third Countries and UK sites who do this. A good few Irish sites do this too.



  • Registered Users, Registered Users 2 Posts: 7,265 ✭✭✭RangeR


    As mentioned by others and most recently @RoYoBo, many PM's to other users or the likes to the Talk To company reps include sensitive detail like account numbers, phone numbers, email addresses, even home addresses. This is a huge concern.



  • Moderators, Social & Fun Moderators Posts: 18,620 Mod ✭✭✭✭Leg End Reject


    I hadn't realised that level of personal information was shared, that is a biggie.



  • Registered Users, Registered Users 2 Posts: 4,200 ✭✭✭shanec1928


    It will be interesting to see what the DPC makes of all this.



  • Registered Users, Registered Users 2 Posts: 856 ✭✭✭RoYoBo


    At the very least, Boards users should have been given the option to delete or refuse permission for PMs to be transferred. I had a look through mine and was appalled at how much information I have provided there over time, enough to give a complete personal profile with full name, DOB, address, bank details, account numbers etc. I would NEVER have provided such information at the time if I'd known it was then to be gifted abroad without my permission.

    Anyone who uses these Talk To forums from now on must be made aware of the data risk, which completely hobbles their use. All of the companies there require personal and sensitive information by PM to progress a query or a complaint. More than enough to facilitate identity theft or any other nefarious actions, especially when linked to years of 'anonymous' posts.

    Those of us who have already provided such information that we seemingly cannot now delete ourselves need this to be addressed ASAP.



  • Registered Users, Registered Users 2 Posts: 7,265 ✭✭✭RangeR


    Ok. Wow. A deep dive. I'd also like to reiterate that this is not just noise, pushback and being difficult. It's at the very heart of the matter.

    There are now many more questions than answers. The apparent unwillingness for Boards to be transparent about this move in a GDPR setting is unsettling.


    Picking apart bits of the first PDF link [https://vanillaforums.com/legal/VanillaForumsSecurityOverview4.5.pdf]

    "What kind of data does Vanilla store? Vanilla is a forum, so we store user records and user generated content. Some of it is access-restricted based on application RBAC ACLs. PII can be shielded from accidental access." So, how does Vanilla know where PII is stored? How does it know what is PII if some users put their PII in PM's?

    "Where is Vanilla’s data stored? Vanilla operates private cloud environments in both the US (San Francisco) and Canada (Montreal).". Admittedly, Niamh said that the data is in Canada only.

    "Can this data be encrypted at rest? Yes. Vanilla can use Full Disk Encryption (FDE) on its database servers at higher plan levels."

    "Are any fields encrypted? No. Our data needs to be searchable. When higher data security is required, we make use of Full Disk Encrypted". This one sort of contradicts the one above about FDE and a previous comment [I think] by Boards that data is encrypted at rest. So is it encrypted at rest AND searchable from the forums, or not?

    "Where is backup data stored? We store compressed and encrypted backups in a single-purpose access-controlled Amazon S3 bucket (redundant file storage service).". Where is this bucket located?

    "Server-to-server API communications are secured using SSL". I'll assume this is a typo and they mean https/tls.

    "Are VMs individually firewalled? Yes. Each VM has a stateful software firewall installed which is customized to its workload. Repeated failed SSH access results in throttling." A software firewall? Is this just IPTables on Ubuntu? What if the server is compromised with root access. IPTables can be reconfigured by the bad actor. A hardware firewall should be used for security. Admittedly, many companies use IPTables thinking it's adding full security. It is, until it isn't.

    "Vanilla is willing to sign EU Model Clauses to bridge the gap between Safe Harbor and Privacy Shield, and to reflect the latest “Schrems II” decision." EU Model Clauses are another name for Standard Contractual Clauses. Those that have been keeping up over the past couple of years, especially in light of the recent declaration that Privacy Shield was deemed inadequate, most companies, especially in USA and apparently Vanilla, are relying on SCC's. However, there is little consensus between the various Data Protection Authorities as to the long term legalities of such SCC's but I suppose the CJEU has ordered that they be allowed. It's highly likely that SCC's will come before CJEU at some point soon. Considering that, Vanilla are WILLING to sign an SCC. Have they done that for Boards? What's the effective date on that contract?

    On the subject of PIPEDA... The European Commission’s adequacy decision concerning Canada is restricted to commercial organizations. The reason for this is PIPEDA’s applicability criteria: the law only applies to the collection, use or disclosure of personal information in the course of a commercial activity and includes federally-regulated businesses like banks, airlines and telecommunications companies. Snip taken from [https://www.endpointprotector.com/blog/pipeda-vs-gdpr-the-key-differences/]. The entire article is an interesting read, showing the differences between PIPEDA and GDPR. Specifically with PIPEDA: consent can be implied, no right to be forgotten [or it's implied rather than explicit] so your account may be terminated but your data may exist up to the maximum retention period, no data portability, companies may not need to be PIPEDA complaint if they operate outside of Canada [remember that US hosting center?]

    Post edited by RangeR on


  • Moderators, Science, Health & Environment Moderators, Society & Culture Moderators Posts: 60,217 Mod ✭✭✭✭Wibbs


    On Boards.ie Private messages were just that private and were always considered sacrosanct(DeVore and the other founders were always very clear about this and stood over it too) and unless there was a legal issue or a report of abuse which was sent to admins/the office, were indeed private. Very very few other forums had this culture or even considered it. Now it turns out we can't delete them and more, were transferred out of Ireland and the EU without much in the way of warning and without our permission. Have I got this right? Please tell me I haven't - and no just because Canada is considered "safe" doesn't cut the mustard in this case. Whatever about navigation and other issues that is not on, needs to be fixed PDQ and that's being polite about it.

    Rejoice in the awareness of feeling stupid, for that’s how you end up learning new things. If you’re not aware you’re stupid, you probably are.



  • Registered Users, Registered Users 2 Posts: 4,200 ✭✭✭shanec1928


    Correct. Our data was shipped off without our required consent.



  • Advertisement

Leave a Comment

Rich Text Editor. To edit a paragraph's style, hit tab to get to the paragraph menu. From there you will be able to pick one style. Nothing defaults to paragraph. An inline formatting menu will show up when you select text. Hit tab to get into that menu. Some elements, such as rich link embeds, images, loading indicators, and error messages may get inserted into the editor. You may navigate to these using the arrow keys inside of the editor and delete them with the delete or backspace key.

Advertisement