Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

GDPR and Boards.ie post removal policy **update linked in OP 24/5/18**

1141517192022

Comments

  • Registered Users Posts: 136 ✭✭Batzoo


    Batzoo, where does the GDPR say that a data subject can request access via a non-party?
    Who said that, I did not.

    I said the data subject can designate a 3rd party to act on their behalf, but the verification of the data subjects and that consent has to be confirmed. This is bigger than the GDPR. This 3rd party could be representing someone with an impairment, could also be a legal firm authorized to act on behalf of an injured party, could be a son or daughter acting on behalf of an elderly parent or may just be my mate Barry from down the pub who is good at dealing with these things.

    Basically the right of an individual to designate someone as a representative of their interests extend throughout history and is not new or exclusive to the GDPR. But this is not a "non-party" it is a designated 3rd party.


  • Registered Users Posts: 136 ✭✭Batzoo


    As I have been pointing out since the beginning...

    ...But what people here seem to be repeatedly missing is that personal data isn't everything you've ever posted on the internet. It's also not your IP address. Your emails address is personal data if it can be used to identify you. If your email address is asdflaknasdf@spammail.com then no, that's not personal data.

    IP's or email address's in general are considered personally Identifiable information. I have used these many times over the years to identify individuals. These pieces of information are among the first things I would use to identify and profile someone. But even with VPN's and anonymous email servers, the information can be used, especially if they reuse it on other sites which they nearly always do. You may be amazed at how little information is required to open the door on someones life. With that in mind, people tend to re-use usernames across sites. So any post which contains a users name is personal identifiable information as it can be traced back to an individual.


    It is not a stick to beat small businesses that don't process data other than for the purposes it was given with.

    This I will agree on. Many people will abuse the requests, especially since they are free. It would have been wise to charge a token €5 fee for all requests, just to discourage misuse.


  • Closed Accounts Posts: 280 ✭✭Max Prophet


    As I have been pointing out since the beginning of this thread, many people are misunderstanding the purpose and scope of the GDPR.

    It quite clearly does not make data subjects the supreme arbiters of everything like many are suggesting. It gives data subjects rights over their personal data and the treatment of it as against data controllers, yes. It certainly does that.

    But what people here seem to be repeatedly missing is that personal data isn't everything you've ever posted on the internet. It's also not your IP address. Your emails address is personal data if it can be used to identify you. If your email address is asdflaknasdf@spammail.com then no, that's not personal data.

    Also as I have said before, the GDPR does quite an admirable job at providing scope for proportionality and reason when it comes to the obligations on processors and controllers.

    In this post, I'm not targeting anyone specifically but what seems abundantly clear to me is that many of the self-proclaimed GDPR experts haven't read/understood the document. It is quite a remarkable and beneficial step towards protecting individuals against those who would use their personal information against their will and it is to be commended on that basis. It is not a stick to beat small businesses that don't process data other than for the purposes it was given with.

    Your IP address Is considered personal data under GDPR - why do you May such sweeping and incorrect statements like they are facts? Perhaps it’s you that is missing the point ?


  • Administrators, Social & Fun Moderators, Sports Moderators Posts: 78,351 Admin ✭✭✭✭✭Beasty


    Your IP address Is considered personal data under GDPR

    Is, or may be?

    Plenty of us use IPs that are shared, either via wi-fi connections at work, in cafe's or other public areas. Equally some access via mobile phone connection - those IP addresses cannot be traced back to individual users can they?


  • Closed Accounts Posts: 9,057 ✭✭✭.......


    This post has been deleted.


  • Closed Accounts Posts: 280 ✭✭Max Prophet


    Beasty wrote: »
    Is, or may be?

    Plenty of us use IPs that are shared, either via wi-fi connections at work, in cafe's or other public areas. Equally some access via mobile phone connection - those IP addresses cannot be traced back to individual users can they?

    CJEU rules that personal IPs can't be stored, unless to thwart cybernetic attacks or similar. Europe's top court has ruled that dynamic IP addresses can constitute "personal data," just like static IP addresses, affording them some protection under EU law against being collected and stored by websites


  • Administrators, Social & Fun Moderators, Sports Moderators Posts: 78,351 Admin ✭✭✭✭✭Beasty


    CJEU rules that personal IPs can't be stored, unless to thwart cybernetic attacks or similar. Europe's top court has ruled that dynamic IP addresses can constitute "personal data," just like static IP addresses, affording them some protection under EU law against being collected and stored by websites
    The ones I am referring to are not personal, are they?

    There are several thousand people sharing the IP address I am posting from now. I accept an IP address in combination with an e-mail address "can" (not necessarily "will") ID someone. But I'm asking about public/corporate IP addresses not ones that "can" be linked to your home address


  • Registered Users, Registered Users 2 Posts: 10,339 ✭✭✭✭LoLth


    CJEU rules that personal IPs can't be stored, unless to thwart cybernetic attacks or similar. Europe's top court has ruled that dynamic IP addresses can constitute "personal data," just like static IP addresses, affording them some protection under EU law against being collected and stored by websites

    pretty sure the CJEU said dynamic IPs were personal data once some additional criteria were met which pretty much set out that you had to be an ISP (capable to tying a dynamic IP allocated to a customer at that time) or an agency capable of gathering that data through legal meant (LEA etc).

    Where boards may fall under this is if the user provides additional data that identifies them personally alongside the IP (such as a real-name email address or a site-owner email, or even their real name if it is unique enough to combine with an IP to identify the individual). scraping OSINT sources does not fall under this category even though it could be argued that this would be "in combination with other data" but then you could argue that anything can be used in combination and I dont think this has been tested , legally, to that extent yet.

    even then, if the user consents to allow their IP address to be stored then that would allow boards to do so as long as they did not use it for any other purpose other than that which the user has agreed to (post attribution, account services etc). already there under closed accounts, nuisance measures and user accounts.


  • Registered Users, Registered Users 2 Posts: 33,518 ✭✭✭✭dudara


    It will be interesting to see how this plays out as case law and practical application develops. The GDPR is great step forward, but there are areas for intepretation which will be tested. I've personally learned a lot from working with lawyers over the past year and I'll be following this area with interest in the future.


  • Advertisement
  • Closed Accounts Posts: 39,022 ✭✭✭✭Permabear


    This post has been deleted.


  • Administrators, Social & Fun Moderators, Sports Moderators Posts: 78,351 Admin ✭✭✭✭✭Beasty


    dudara wrote: »
    It will be interesting to see how this plays out as case law and practical application develops. The GDPR is great step forward, but there are areas for intepretation which will be tested. I've personally learned a lot from working with lawyers over the past year and I'll be following this area with interest in the future.
    The 6th EU VAT directive was issued around 2006. Tax cases are still being held at both local and EU levels testing the application of a tax that was established over 60 years ago at both levels, as a relatively "simple" tax

    There is arguably less money involved with GDPR (despite the potential penalties), but you can be assured there will be cases going on for many years and probably decades on the topic

    I know a lot of people around here are placing their own legal interpretation on all of this, but the ultimate determination of how the laws should be interpreted sits with the European Court


  • Administrators, Social & Fun Moderators, Sports Moderators Posts: 78,351 Admin ✭✭✭✭✭Beasty


    Permabear wrote: »
    This post had been deleted.
    In my case the IP address I am currently posting from alone cannot be used to determine my ID. In fact some of the other points you mention are much more relevant, but the IP address adds absolutely nothing (and arguably, in my own case, simply adds to potential confusion over who I am)


  • Closed Accounts Posts: 39,022 ✭✭✭✭Permabear


    This post has been deleted.


  • Registered Users, Registered Users 2 Posts: 10,339 ✭✭✭✭LoLth


    Permabear wrote: »
    This post had been deleted.


    while true, this is open to interpretation and also requires proof that the information posted is accurate and does actually contribute to the identification.

    I like ice-cream . this combined with my IP address does not in any way identify me as an individual (unless you are an ISP and can look up my lease, in which case its only useful if the ISP intends to send me a present they think I would like).

    The problem with aggregate information is the interpretation of the "reasonable effort" required to make the connection. If I were to say that there is utility I can use but no-one else has access to it that can ID you from your IP and hair colour, is that enough to make hair colour personal data for everyone?
    At what point does "probably" identify an individual become a concern?

    now, even if you post your home address and phone number, that would not necessarily be enough to identify the owner of the IP address posting that data as it could be your neighbours home address and phone number and not yours at all.

    it is way too soon to be stating any certainties other that "we dont know yet". The closest thing we have so far is a German case from 2016 (breyer vs germany, where despite the Irish AG previously stating that IP addresses were personal because they could be combined with data to ascertain a users identity (eircom case and available through an Anton Pillar order) , the CJEU ruled that it required certain circumstances to make an IP address personal data (usually that the searcher was an ISP with access to the account info).

    link to breyer vs germany discussion: https://www.whitecase.com/publications/alert/court-confirms-ip-addresses-are-personal-data-some-cases

    link to data privacy legal opinion from an irish source: initial: https://www.mhc.ie/latest/blog/are-dynamic-ip-addresses-personal-data

    revised after Breyer:
    https://www.mhc.ie/latest/blog/what-constitutes-personal-data-europes-highest-court-considers-dynamic-ip-addresses


  • Closed Accounts Posts: 39,022 ✭✭✭✭Permabear


    This post has been deleted.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 22,584 ✭✭✭✭Steve


    Permabear wrote: »
    This post had been deleted.
    Everyone has a right to believe what they want. However, unless you are member of the judiciary, that belief is just that, a personal belief. It holds no greater sway in a court of law than anyone else's personal belief.
    Information that makes a person indirectly identifiable falls as much under the purview of the GDPR as an email address or PPS number. And yes, that even includes the color of a person's hair! That can be defined as a factor specific to a person's physical identity.

    If it comes down to individuals trying to protect their privacy by invoking their legal right to erasure, and Boards trying to protect its business model by deleting as little content as possible, I can virtually guarantee that the courts will side with the individual now that the GDPR is in effect. But we'll have to wait and see, I guess.
    Yes, wait and see, virtual guarantees are as useful as reading tea leaves imo. Legal professionals are offering their advice to all and sundry, however, I can (non virtually) guarantee that they are also waiting for the first precedent to be set before they nail any colours to the mast on it.


  • Closed Accounts Posts: 5,017 ✭✭✭tsue921i8wljb3


    I'm seeing a few
    This post has been deleted.

    popping up around the site, including from the OP here, who I believe stated he was not going to delete his posts in this very thread. I assume this is the result of GDPR deletions. Are there any statistics available of how many users have availed of the regulations to delete posts?


  • Registered Users, Registered Users 2 Posts: 10,905 ✭✭✭✭Bob24


    including from the OP here, who I believe stated he was not going to delete his posts in this very thread. I assume this is the result of GDPR deletions.

    Interesting. Looks like the OP actually tried the process and got all the posts on their account deleted, there is nothing left. I can also see that when the posts where quoted, you can still see there was a quote but it also just says that the original post has been deleted as deleted.


  • Posts: 0 [Deleted User]


    How can it be a good idea to allow the deletion of so much history on the site.

    The posts on here, especially from such a prolific and knowledgeable poster like the OP, are a good barometer of the issues of the time. E.g the economic crash and elections.


  • Closed Accounts Posts: 26,658 ✭✭✭✭OldMrBrennan83


    This post has been deleted.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 9,488 ✭✭✭TheChizler


    Gosh that's made the thread a little confusing.


  • Registered Users Posts: 2,748 ✭✭✭Pelvis Parsley


    Another nail in the coffin.


  • Posts: 0 [Deleted User]


    It's so ridiculous.

    Surely if they need to delete data to comply with the law and protect personal data, then logically everyone's data needs to be deleted.

    Laws apply to all people, not just those that request it.

    If this catches on and more and more posts are removed, it will destroy boards.


  • Closed Accounts Posts: 26,658 ✭✭✭✭OldMrBrennan83


    This post has been deleted.


  • Registered Users, Registered Users 2 Posts: 7,524 ✭✭✭the_pen_turner


    salonfire wrote: »
    It's so ridiculous.

    Surely if they need to delete data to comply with the law and protect personal data, then logically everyone's data needs to be deleted.

    Laws apply to all people, not just those that request it.

    If this catches on and more and more posts are removed, it will destroy boards.

    the law does apply evenly. post what you want within the rules. delete if you want afterwards


  • Registered Users, Registered Users 2 Posts: 7,524 ✭✭✭the_pen_turner


    RIP boards and other forums.


  • Registered Users Posts: 1,913 ✭✭✭Pintman Paddy Losty


    This post has been deleted.


  • Registered Users, Registered Users 2 Posts: 10,462 ✭✭✭✭WoollyRedHat


    This post has been intercepted.


  • Registered Users, Registered Users 2 Posts: 10,462 ✭✭✭✭WoollyRedHat


    Patww79 wrote: »
    Mind your own.

    This post has been deleted.


  • Registered Users, Registered Users 2 Posts: 10,462 ✭✭✭✭WoollyRedHat


    Why have some posts quoting Permadelete been removed and some left alone in this thread?


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 33,518 ✭✭✭✭dudara


    Why have some posts quoting Permadelete been removed and some left alone in this thread?

    Can you give me an example so I can look at it? Thanks


  • Closed Accounts Posts: 26,658 ✭✭✭✭OldMrBrennan83


    This post has been deleted.


  • Registered Users, Registered Users 2 Posts: 10,462 ✭✭✭✭WoollyRedHat


    dudara wrote: »
    Can you give me an example so I can look at it? Thanks

    Hi Dudara, im mobile and cant see post ids but theres examples on last few pages of this thread (I have max posts per thread displayed).

    ETA: 21 pages on the thread currently for me.. there's two posts on previous page, one with quote contents containing `This Post has been deleted`and in another one, content of post that has since been deleted, remains in the poster who is quoting them.


  • Posts: 0 [Deleted User]


    Can the name attached to the post not be deleted, but leave the post? Otherwise it's messy. This thread being a perfect example. The opening post should be displayed.


  • Closed Accounts Posts: 26,658 ✭✭✭✭OldMrBrennan83


    This post has been deleted.


  • Posts: 0 [Deleted User]


    Patww79 wrote: »
    This post has been deleted.

    Only if it contains personal information.


  • Closed Accounts Posts: 26,658 ✭✭✭✭OldMrBrennan83


    This post has been deleted.


  • Registered Users, Registered Users 2 Posts: 10,462 ✭✭✭✭WoollyRedHat


    Patww79 wrote: »
    People are within their rights to have the posts deleted.

    Every single post regardless of whether it reveals personal or sensitive information? In this very thread the initial context of the topic has been lost because the person was able to have every single post removed. I feel this stretches GDPR to it's very limit.


    Also is it now policy to delete contents of a now deleted post from a quoted reply, even if there was no personal or revealing information. I have issue with that, as once again it then makes other people's posts unreadable..


  • Closed Accounts Posts: 26,658 ✭✭✭✭OldMrBrennan83


    This post has been deleted.


  • Advertisement
  • Posts: 0 [Deleted User]


    Patww79 wrote: »
    This post has been deleted.


    I never said I wanted my posts deleted.:confused: I was making a suggetion for feedback.

    You seem very angry.


  • Registered Users, Registered Users 2 Posts: 10,905 ✭✭✭✭Bob24


    salonfire wrote: »
    It's so ridiculous.

    Surely if they need to delete data to comply with the law and protect personal data, then logically everyone's data needs to be deleted.

    Laws apply to all people, not just those that request it.

    If this catches on and more and more posts are removed, it will destroy boards.

    The law says your posts belong to you and you can request their deletion anytime you want. It also says my posts belong to me and I can request their deletion anytime I want.

    So it absolutely applies equally to both of us, and it is up to each of us to decide if we want to use that right.


  • Registered Users, Registered Users 2 Posts: 10,462 ✭✭✭✭WoollyRedHat


    Patww79 wrote: »
    No, it's all one part of a big jigsaw and there are some very stalky people out there. You had your chance to oppose this at the time so why pipe up and try **** it up for the rest of us now?

    If you want your posts left then don't have them deleted.

    ... the point is other posters posts are being in esesence deleted if the main context of the reply has been removed. Your reply as being part of a big jigsaw is a sweeping and asinine statement.


  • Posts: 0 [Deleted User]


    Are boards working on a better deletion policy? As in, deleting only posts that have personal information attached.

    What are other sites doing?


  • Closed Accounts Posts: 26,658 ✭✭✭✭OldMrBrennan83


    This post has been deleted.


  • Closed Accounts Posts: 26,658 ✭✭✭✭OldMrBrennan83


    This post has been deleted.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 10,462 ✭✭✭✭WoollyRedHat


    Patww79 wrote: »
    Someone's information is more important than your feelings on the structure of a thread.

    What information is important enough in this thread, to warrant being deleted, on the basis that it invades your right to privacy. This is general discussion on a topic about GDPR where people are using pseudonyms to interact.


  • Posts: 0 [Deleted User]


    Patww79 wrote: »
    This post has been deleted.


    You are missing the point entirely with anger and negative hostility.


  • Closed Accounts Posts: 26,658 ✭✭✭✭OldMrBrennan83


    This post has been deleted.


  • Posts: 0 [Deleted User]


    What information is important enough in this thread, to warrant being deleted, on the basis that it invades your right to privacy. This is general discussion on a topic about GDPR where people are using pseudonyms to interact.

    Interested to hear what other sites are doing.

    Surely posts with no personal information in them can be kept.


  • Registered Users, Registered Users 2 Posts: 16,713 ✭✭✭✭osarusan


    RoboKlopp wrote: »
    Are boards working on a better deletion policy? As in, deleting only posts that have personal information attached.
    Who decides that though?

    The point has been made that a post containing mention of something as innocuous as hair colour could, in combination with numerous other minor pieces of info in other posts, be used to identify a poster.

    Anyway, I doubt Boards staff have the time or inclination to start debating single posts with posters on that point.

    The deletion of the OP's entire post history, which was many thousands of posts, and some of which most likely were posts with just a couple of words like 'Me too' or 'I don't think so', suggests to me that any request for deletion will just be accepted.


  • Advertisement
This discussion has been closed.
Advertisement