Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

GDPR post the migration to Vanilla

  • 20-07-2021 11:19am
    #1
    Registered Users Posts: 40,060 ✭✭✭✭


    Can someone at Boards.e confirm that the site is on the hosted version of Vanilla? If it is can boards.ie confirm how that affects their GDPR obligations given that Vanilla host their sites outside the EU.

    Post edited by Spear on


«13

Comments

  • Registered Users Posts: 10,432 ✭✭✭✭EmmetSpiceland


    It’s been pointed out by Community Manager Niamh that Canada’s data protection is on par with GDPR so it shouldn’t be an issue.

    The tide is turning…



  • Registered Users Posts: 1,216 ✭✭✭brimal


    Just because Canada's laws are on par with GDPR, doesn't mean Boards is GDPR compliant.

    And going by what we have seen over the past few weeks should we really trust Boards have done their research into this?



  • Posts: 0 [Deleted User]




  • Registered Users Posts: 10 itchyfinger


    Canada is part of five eyes, so i doubt your data is GDPR compliant

    https://en.wikipedia.org/wiki/Five_Eyes



  • Registered Users Posts: 700 ✭✭✭Ljmscooter


    During the outage earlier there was a status page. It showed that the platform was hosted in datacenter in aws availability zones in both ca and us .


    Just saying



  • Advertisement
  • Registered Users Posts: 13,679 ✭✭✭✭markodaly


    If you click on the 'Terms of Use', 'Privacy Notice' and 'Cookie Policy', you get a page not found response.

    That is a clear breach of GDPR by one of Ireland's most popular websites.

    If I am wrong, tell me how?



  • Registered Users Posts: 7,265 ✭✭✭RangeR


    Why move our data out of Ireland, never mind EU?

    This is worrying enough that I'll probably close my account. We need full transparancy on what the decision process was to move hosting outside Ireland/Europe.

    Further GDPR non compliance as there is no cookie consent either. Last count, there are 15 cookies, one of which is Google Analytics.



  • Registered Users Posts: 7,265 ✭✭✭RangeR


    .can't delete.



  • Registered Users Posts: 126 ✭✭FitzElla


    Canada has been deemed to have the same data protections in place as the EU so data can be transferred there without restrictions. However with no privacy notice (Page not found) it is impossible to know who or where the data is now hosted. That is a pretty big GDPR issue for boards and I'm surprised it was missed in the migration.



  • Registered Users Posts: 13,679 ✭✭✭✭markodaly


    Yeap, never mind the cluster **** of the migration, that was meant to take 48 hours but took a week, they then didn't even bother to test much of what the new platform would be like from a user experience.

    Basic stuff like the ability to change your password or even close your account is not available or at best is hidden behind secret links.

    To top it all off, there appear's on the surface blatant issues with GDPR.


    Can any of the Mods or Admins actually stand over this?



  • Advertisement
  • Registered Users Posts: 13,679 ✭✭✭✭markodaly


    From the horse's mouth.

    https://gdpr.eu/cookies/

    Cookie compliance

    To comply with the regulations governing cookies under the GDPR and the ePrivacy Directive you must:

    • Receive users’ consent before you use any cookies except strictly necessary cookies.
    • Provide accurate and specific information about the data each cookie tracks and its purpose in plain language before consent is received.
    • Document and store consent received from users.
    • Allow users to access your service even if they refuse to allow the use of certain cookies
    • Make it as easy for users to withdraw their consent as it was for them to give their consent in the first place.


    Where is the consent?

    Where can I withdraw consent?



  • Moderators, Computer Games Moderators, Social & Fun Moderators Posts: 18,390 Mod ✭✭✭✭Kimbot


    Personally speaking, the mods and admins dont have a say in the matter. Its up to the owners of the site to stand over.



  • Registered Users Posts: 40,060 ✭✭✭✭ohnonotgmail


    well then perhaps one of the admins or employees would care to comment on the thread? the silence is deafening.



  • Registered Users Posts: 13,679 ✭✭✭✭markodaly


    Fair enough, but why the silence from the admin's on a site that is in blatant breach of GDPR?

    Was this stuff even in consideration when they migrated the site? One thing I have noticed is that there deafening silence from the admins and senior mods about all this. Usually, when there is an issue the admins and senior mods are usually quick to jump in and give their version, but their silence this time around is telling.

    I can imagine the discussions being had behind closed doors and the mod-only forums.



  • Registered Users Posts: 7,265 ✭✭✭RangeR


    I don't know anything about Canadian data protection laws. There was Privacy Shield in the US which isn't worth the ink on the paper and was proved inadequate some time ago. Standard Contractual Clauses seem to be going the same route. Canada being deemed to have the same data protections in place holds no comfort for me as they are one of the 5 Eyes. Any data protection laws in Canada go out the window when "national security" comes in to play in any of those 5 countries.

    Migrating our data from Ireland to Canada is unjustifiable. What was so wrong with hosting in Ireland or another country in Europe?



  • Registered Users Posts: 126 ✭✭FitzElla


    I agree with you, would much rather my data stored within the EU. Just pointing out that a company can move data to Canada under GDPR. It is incredibly bad that boards.ie have not clarified this and then went live with a website with no terms of use, cookie policy or privacy notice when these are simple static links.



  • Registered Users Posts: 7,265 ✭✭✭RangeR


    Or listed Data Protection Officer, that I can['t] find.



  • Registered Users Posts: 68,317 ✭✭✭✭seamus


    You can log out and wipe your cookies and then you'll be prompted for consent again.

    Tbh, the broken privacy policy and terms of use links are not "pretty big" GDPR issues. They're minor oversights at worst. Going live without them isn't a huge issue.

    "Pretty big" GDPR issues include selling users' data to 3rd parties without consent, or allowing personal data to be freely accessed by individuals who are not authorisied to do so.

    A couple of broken links is not a big issue. At most it would prompt an email from the DPC saying, "Please fix your broken links".

    People need to have some chill.



  • Registered Users Posts: 7,265 ✭✭✭RangeR


    To be fair, the mods would be as in the dark as we are, probably all the way up to smods. It's [possibly] the admins, the paid staff, the techincal department who have these answers.



  • Moderators, Business & Finance Moderators Posts: 9,921 Mod ✭✭✭✭Jim2007


    What breach are you talking about? Which pieces of your personal data does the boards collect that is covered by the GDPR to start with. Your name, your address, your social security number….. nope. Only your email address and unless you have a very unique name and use it as your address it does not make you clearly identifiable.

    if the data is being moved to Canada it is within the rules provided for under GDPR and we don’t have confirmation that that has happened.

    So what would the nature of a complaint you would file with the commission look like?



  • Advertisement
  • Registered Users Posts: 8,565 ✭✭✭K.Flyer


    I was wondering how safe and secure the personal details that people may have passed back and forward in p.m. are.

    I would think given all the concerns raised above over the last few days that admin should at least come forward to ally any concerns people are having regarding security and gdpr.



  • Registered Users Posts: 13,679 ✭✭✭✭markodaly


    I already linked it. There is no Terms of Use, there is no Cookie Policy, there is no Privacy notice.

    There is no consent given to the cookie information they have nor the ability to withdraw that consent.

    If I am wrong, let me know.



  • Registered Users Posts: 13,679 ✭✭✭✭markodaly




  • Registered Users Posts: 68,317 ✭✭✭✭seamus


    I was convinced it popped up for me the first time I loaded the new site on mobile. Just ran in incognito mode now and nothing, so obviously I'm mistaken.

    Another one for the bug list, I guess.



  • Registered Users Posts: 33,650 ✭✭✭✭Hotblack Desiato
    Restaurant at the End of the Universe


    That'd be Cloudflare, which boards has been using for a few years now.

    It took a while but I don't mind. How does my body look in this light?



  • Boards.ie Employee Posts: 12,597 ✭✭✭✭✭Boards.ie: Niamh
    Boards.ie Community Manager


    Hello all. Apologies for not getting to this thread before now, our primary focus has been on bugs and missing features so far.

    We're working on a post re: GDPR and data processing on the new site. We are also working on getting the Cookie Policy and Privacy Notice back up as soon as we can. Vanilla were added to the list of third party cookies being used on Cookie Policy and to the list of Third Parties we work with on the Privacy Notice, I don't think anything else has changed from our previous Cookie Policy or Privacy Notice.

    When we have a comprehensive post for you about data, hosting, GDPR, we'll post it here and in the other thread re Privacy or post in one, link in the other.

    Thanks!



  • Registered Users Posts: 40,060 ✭✭✭✭ohnonotgmail


    Dont take this the wrong way Niamh but that should have been ready on day 1 of go live.



  • Posts: 596 [Deleted User]




  • Registered Users Posts: 4,120 ✭✭✭shanec1928


    the more that comes out from this move the worse it gets. Brush it off. In the time it took you Niamh to type all that out you could have simply just said the data is currently stored in location.



  • Advertisement
  • Registered Users Posts: 40,060 ✭✭✭✭ohnonotgmail


    That's a good point. Niamh could have just answered the part of my post that she does know the answer to.



Advertisement