GDPR post the migration to Vanilla

It’s been pointed out by Community Manager Niamh that Canada’s data protection is on par with GDPR so it shouldn’t be an issue.

During the outage earlier there was a status page. It showed that the platform was hosted in datacenter in aws availability zones in both ca and us .

Just saying

Why move our data out of Ireland, never mind EU?

This is worrying enough that I'll probably close my account. We need full transparancy on what the decision process was to move hosting outside Ireland/Europe.

Further GDPR non compliance as there is no cookie consent either. Last count, there are 15 cookies, one of which is Google Analytics.

Canada has been deemed to have the same data protections in place as the EU so data can be transferred there without restrictions. However with no privacy notice (Page not found) it is impossible to know who or where the data is now hosted. That is a pretty big GDPR issue for boards and I'm surprised it was missed in the migration.

From the horse's mouth.

https://gdpr.eu/cookies/

Cookie compliance

To comply with the regulations governing cookies under the GDPR and the ePrivacy Directive you must:

• Receive users’ consent before you use any cookies except strictly necessary cookies.
• Provide accurate and specific information about the data each cookie tracks and its purpose in plain language before consent is received.
• Document and store consent received from users.
• Allow users to access your service even if they refuse to allow the use of certain cookies
• Make it as easy for users to withdraw their consent as it was for them to give their consent in the first place.

Where is the consent?

Where can I withdraw consent?

I don't know anything about Canadian data protection laws. There was Privacy Shield in the US which isn't worth the ink on the paper and was proved inadequate some time ago. Standard Contractual Clauses seem to be going the same route. Canada being deemed to have the same data protections in place holds no comfort for me as they are one of the 5 Eyes. Any data protection laws in Canada go out the window when "national security" comes in to play in any of those 5 countries.

Migrating our data from Ireland to Canada is unjustifiable. What was so wrong with hosting in Ireland or another country in Europe?

Or listed Data Protection Officer, that I can['t] find.

To be fair, the mods would be as in the dark as we are, probably all the way up to smods. It's [possibly] the admins, the paid staff, the techincal department who have these answers.

I was wondering how safe and secure the personal details that people may have passed back and forward in p.m. are.

I would think given all the concerns raised above over the last few days that admin should at least come forward to ally any concerns people are having regarding security and gdpr.

I've tried this but don't get anything.

That'd be Cloudflare, which boards has been using for a few years now.

the more that comes out from this move the worse it gets. Brush it off. In the time it took you Niamh to type all that out you could have simply just said the data is currently stored in location.