GDPR post the migration to Vanilla

ohnonotgmail · 20-07-2021 11:19am #1

Can someone at Boards.e confirm that the site is on the hosted version of Vanilla? If it is can boards.ie confirm how that affects their GDPR obligations given that Vanilla host their sites outside the EU.

EmmetSpiceland · 20-07-2021 1:06pm

It’s been pointed out by Community Manager Niamh that Canada’s data protection is on par with GDPR so it shouldn’t be an issue.

brimal · 20-07-2021 2:31pm

https://boards.ie/discussion/comment/117637224#Comment_117637224

Just because Canada's laws are on par with GDPR, doesn't mean Boards is GDPR compliant.

And going by what we have seen over the past few weeks should we really trust Boards have done their research into this?

[Deleted User] · 20-07-2021 2:34pm

https://boards.ie/discussion/2058199747/gdpr-post-the-migration-to-vanilla

Unfortunately that would be a breach of GDPR.

itchyfinger · 20-07-2021 10:23pm

Canada is part of five eyes, so i doubt your data is GDPR compliant

https://en.wikipedia.org/wiki/Five_Eyes

Ljmscooter · 20-07-2021 10:31pm

During the outage earlier there was a status page. It showed that the platform was hosted in datacenter in aws availability zones in both ca and us .

Just saying

markodaly · 21-07-2021 2:54am

If you click on the 'Terms of Use', 'Privacy Notice' and 'Cookie Policy', you get a page not found response.

That is a clear breach of GDPR by one of Ireland's most popular websites.

If I am wrong, tell me how?

RangeR · 21-07-2021 8:14am

Why move our data out of Ireland, never mind EU?

This is worrying enough that I'll probably close my account. We need full transparancy on what the decision process was to move hosting outside Ireland/Europe.

Further GDPR non compliance as there is no cookie consent either. Last count, there are 15 cookies, one of which is Google Analytics.

RangeR · 21-07-2021 8:18am

.can't delete.

FitzElla · 21-07-2021 8:39am

Canada has been deemed to have the same data protections in place as the EU so data can be transferred there without restrictions. However with no privacy notice (Page not found) it is impossible to know who or where the data is now hosted. That is a pretty big GDPR issue for boards and I'm surprised it was missed in the migration.

markodaly · 21-07-2021 8:41am

Yeap, never mind the cluster **** of the migration, that was meant to take 48 hours but took a week, they then didn't even bother to test much of what the new platform would be like from a user experience.

Basic stuff like the ability to change your password or even close your account is not available or at best is hidden behind secret links.

To top it all off, there appear's on the surface blatant issues with GDPR.

Can any of the Mods or Admins actually stand over this?

markodaly · 21-07-2021 8:42am

From the horse's mouth.

https://gdpr.eu/cookies/

Cookie compliance

To comply with the regulations governing cookies under the GDPR and the ePrivacy Directive you must:

Receive users’ consent before you use any cookies except strictly necessary cookies.
Provide accurate and specific information about the data each cookie tracks and its purpose in plain language before consent is received.
Document and store consent received from users.
Allow users to access your service even if they refuse to allow the use of certain cookies
Make it as easy for users to withdraw their consent as it was for them to give their consent in the first place.

Where is the consent?

Where can I withdraw consent?

Kimbot · 21-07-2021 8:44am

https://boards.ie/discussion/comment/117640273#Comment_117640273

Personally speaking, the mods and admins dont have a say in the matter. Its up to the owners of the site to stand over.

ohnonotgmail · 21-07-2021 8:46am

https://boards.ie/discussion/comment/117640280#Comment_117640280

well then perhaps one of the admins or employees would care to comment on the thread? the silence is deafening.

markodaly · 21-07-2021 8:53am

https://boards.ie/discussion/comment/117640280#Comment_117640280

Fair enough, but why the silence from the admin's on a site that is in blatant breach of GDPR?

Was this stuff even in consideration when they migrated the site? One thing I have noticed is that there deafening silence from the admins and senior mods about all this. Usually, when there is an issue the admins and senior mods are usually quick to jump in and give their version, but their silence this time around is telling.

I can imagine the discussions being had behind closed doors and the mod-only forums.

RangeR · 21-07-2021 8:54am

https://boards.ie/discussion/comment/117640264#Comment_117640264

I don't know anything about Canadian data protection laws. There was Privacy Shield in the US which isn't worth the ink on the paper and was proved inadequate some time ago. Standard Contractual Clauses seem to be going the same route. Canada being deemed to have the same data protections in place holds no comfort for me as they are one of the 5 Eyes. Any data protection laws in Canada go out the window when "national security" comes in to play in any of those 5 countries.

Migrating our data from Ireland to Canada is unjustifiable. What was so wrong with hosting in Ireland or another country in Europe?

FitzElla · 21-07-2021 8:58am

https://boards.ie/discussion/comment/117640339#Comment_117640339

I agree with you, would much rather my data stored within the EU. Just pointing out that a company can move data to Canada under GDPR. It is incredibly bad that boards.ie have not clarified this and then went live with a website with no terms of use, cookie policy or privacy notice when these are simple static links.

RangeR · 21-07-2021 9:05am

https://boards.ie/discussion/comment/117640362#Comment_117640362

Or listed Data Protection Officer, that I can['t] find.

seamus · 21-07-2021 9:06am

https://boards.ie/discussion/comment/117640276#Comment_117640276

You can log out and wipe your cookies and then you'll be prompted for consent again.

Tbh, the broken privacy policy and terms of use links are not "pretty big" GDPR issues. They're minor oversights at worst. Going live without them isn't a huge issue.

"Pretty big" GDPR issues include selling users' data to 3rd parties without consent, or allowing personal data to be freely accessed by individuals who are not authorisied to do so.

A couple of broken links is not a big issue. At most it would prompt an email from the DPC saying, "Please fix your broken links".

People need to have some chill.

RangeR · 21-07-2021 9:07am

https://boards.ie/discussion/comment/117640336#Comment_117640336

To be fair, the mods would be as in the dark as we are, probably all the way up to smods. It's [possibly] the admins, the paid staff, the techincal department who have these answers.

Jim2007 · 21-07-2021 9:26am

https://boards.ie/discussion/comment/117640336#Comment_117640336

What breach are you talking about? Which pieces of your personal data does the boards collect that is covered by the GDPR to start with. Your name, your address, your social security number….. nope. Only your email address and unless you have a very unique name and use it as your address it does not make you clearly identifiable.

if the data is being moved to Canada it is within the rules provided for under GDPR and we don’t have confirmation that that has happened.

So what would the nature of a complaint you would file with the commission look like?

K.Flyer · 21-07-2021 9:42am

I was wondering how safe and secure the personal details that people may have passed back and forward in p.m. are.

I would think given all the concerns raised above over the last few days that admin should at least come forward to ally any concerns people are having regarding security and gdpr.

markodaly · 21-07-2021 9:56am

https://boards.ie/discussion/comment/117640497#Comment_117640497

I already linked it. There is no Terms of Use, there is no Cookie Policy, there is no Privacy notice.

There is no consent given to the cookie information they have nor the ability to withdraw that consent.

If I am wrong, let me know.

markodaly · 21-07-2021 10:04am

https://boards.ie/discussion/comment/117640402#Comment_117640402

I've tried this but don't get anything.

seamus · 21-07-2021 11:14am

https://boards.ie/discussion/comment/117640674#Comment_117640674

I was convinced it popped up for me the first time I loaded the new site on mobile. Just ran in incognito mode now and nothing, so obviously I'm mistaken.

Another one for the bug list, I guess.

Hotblack Desiato · 21-07-2021 1:44pm

https://boards.ie/discussion/comment/117639515#Comment_117639515

That'd be Cloudflare, which boards has been using for a few years now.

Boards.ie: Niamh · 21-07-2021 3:07pm

Hello all. Apologies for not getting to this thread before now, our primary focus has been on bugs and missing features so far.

We're working on a post re: GDPR and data processing on the new site. We are also working on getting the Cookie Policy and Privacy Notice back up as soon as we can. Vanilla were added to the list of third party cookies being used on Cookie Policy and to the list of Third Parties we work with on the Privacy Notice, I don't think anything else has changed from our previous Cookie Policy or Privacy Notice.

When we have a comprehensive post for you about data, hosting, GDPR, we'll post it here and in the other thread re Privacy or post in one, link in the other.

Thanks!

ohnonotgmail · 21-07-2021 3:10pm

Dont take this the wrong way Niamh but that should have been ready on day 1 of go live.

21-07-2021 3:18pm

https://boards.ie/discussion/comment/117642059#Comment_117642059

Cloudflare doesn't use AWS.

shanec1928 · 21-07-2021 3:21pm

https://boards.ie/discussion/comment/117642584#Comment_117642584

the more that comes out from this move the worse it gets. Brush it off. In the time it took you Niamh to type all that out you could have simply just said the data is currently stored in location.

ohnonotgmail · 21-07-2021 3:28pm

https://boards.ie/discussion/comment/117642629#Comment_117642629

That's a good point. Niamh could have just answered the part of my post that she does know the answer to.

GDPR post the migration to Vanilla

Comments

Cookie compliance