Where is Report Post on mobile? We've made a slight change, see here
Have your say on the future of the 'Save Draft' feature in this poll
MODs please see this information notice in the mod's forum. Thanks!
How to add spoiler tags, edit posts, add images etc. How to - a user's guide to the new version of Boards

GDPR, and Vanilla, how does this work?



  • Sending an email is hardly jumping through hoops.

  • The lack of advanced warning was unfortunate but they still provide a way for you to delete your data or have it anonymised.

  • Can I ask what the concerns are about our data here? I'm not sure what can be used or why.

  • Advertisement

  • How could our data be used though? I know there's our email and IP address, but how would someone accessing these be an issue?

    I'd imagine most don't use an everyday email so spam wouldn't be a huge concern for them, but I have seen some posters say they have used one with that contains their name.

  • Can consent be granted by including a clause in a privacy policy to say that your data may be transferred our of EEA to a 3rd party?

  • I've done the same. I hope the response I get is not as aggressive or condescending. I added screenshots of the responses I got to my complaint.

  • Advertisement

  • Unlikely and it's a very gray area but shouldn't be. Consent must be explicit not implied. Many privacy policies that I have read state that they may send your data to third countries but rarely is this listed as to what data, which third countries, which specific data processors and why.

    But that it moot. Those privacy policy clauses are intended to mean that a subset of data [usually marketing etc] are shipped off to the likes of MailChimp [USA] for targeted marketing, if opted in. They are certainly not intended to migrate all data to be hosted fully in a Third Country. For this, they need explicit consent.

    It should also be noted that most privacy polices and the like are boiler plate texts, sufficient to check a GDPR box. They rarely go into detail or are easily read. Most websites, EU or otherwise, are flagrantly in breach of GDPR as their cookie consent is generally defaulted to include marketing and analytics. Opting out regularly requires multiple, if not tens or hundres of clicks to opt out of every vendor. Marketing "Legitmate Interest" non opt outable is a particular bug bear of mine but this is generally Third Countries and UK sites who do this. A good few Irish sites do this too.

  • It will be interesting to see what the DPC makes of all this.

  • Correct. Our data was shipped off without our required consent.

  • Advertisement

  • Hi Niamh , I do get that things must be rather chaotic at the office at the moment, but can you confirm points 1-4?

  • Another thing I've just thought of, can Vanilla link anonymous posts to usernames? A lot of people have posted very personal information anonymously in PI.

  • Absolutely they can. As could the Boards admins. At a systems level there’s no such thing as anonymous.

  • I had always taken this Boards assurance re PMs on trust (been here more years than my current incarnation) but I should have been more careful anyway. I have learned a big lesson! The Talk To forums used to be a great (sometimes the ONLY) way to engage with some companies to get a solution. Like you say Wibbs, I'd like a response from Boards now with regard to the deletion of these PMs, permanently and irrevocably.

    As others have said, however, the disaster of the whole site transfer and the abysmal results in the very basic structure of the interface means that I will likely be sorely disappointed. I don't want to have to delete my entire profile to get rid of these PMs - even if I do it seems that that's not enough to safeguard my information. It really looks as if the DPC is the only route on this, unfortunately.

  • Some posters have written about getting caught shoplifting and other illegal activities. If that can all be linked with their personally identifiable information it could be used for nefarious reasons.

  • So as an aside, I was speaking to my DPO about certain issues I was working on in work, dealing with the Gards, DSR's etc. I shot the breeze with him about what's going on here. To be succinct, he was more forceful about the issue than I am in this thread. He forsees Boards being in trouble. As a realist, I don't see the Irish DPA doing much.

  • For anyone thinking to themselves that this must have been addressed in advance of migrating our data, you can check back on this here:

    Note that the link to Odhran 's original December announcement doesn't work. Maybe someone else can find a link that works and share it here. Can't see his past posts, unsurprisingly, so maybe someone can oblige.

    You'll note that there's nothing indicating that private messages can be shared with ANY users, it just states that Admins could be added to a private discussion. That's not how it's working. But that's not specifically GDPR, just symptomatic of the the casual approach to user privacy in the context of adopting Vanilla as their new platform of choice at Boards HQ.

    No mention of GDPR in any case.

    Similarly, none when the early excuses were being set out here:

    One of these days it would be nice to hear from Boards staff with something that clearly explains how they have protected our data, as opposed to passing that off to a third country based provider where even a 1 hour review of the legal protections in place in Canada provides ample evidence that it's less than satisfactory. It seems that boilerplate clauses are being relied upon when even the data commissioner in Canada, the guy sitting in charge of the enforcement and compliance authority in that country has said that the laws do not provide protections in line with the interests of Canadian citizens. Let's put it this way, if the Canadian in charge says Canadian laws don't protect Canadian citizens, why would someone at Boards decide it's good enough for your data or mine?

    Pretty inexcusable stuff. I don't expect anyone to step up here and answer these questions, because the simple fact is, there's no good answer they can offer. 3 weeks since 'read only', the basics still aren't in place. Folks, you should all be asking these questions. You really should.

  • Advertisement

  • Something I've just noticed is that this thread is not showing in the 'Latest Posts' tab on the homepage.

    Strange really. It's as though somebody has decided they don't want too many people reading this one.

    Join the conversation and then take a look for yourself.

Leave a Comment

Rich Text Editor. To edit a paragraph's style, hit tab to get to the paragraph menu. From there you will be able to pick one style. Nothing defaults to paragraph. An inline formatting menu will show up when you select text. Hit tab to get into that menu. Some elements, such as rich link embeds, images, loading indicators, and error messages may get inserted into the editor. You may navigate to these using the arrow keys inside of the editor and delete them with the delete or backspace key.