Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi all,
Vanilla are planning an update to the site on April 24th (next Wednesday). It is a major PHP8 update which is expected to boost performance across the site. The site will be down from 7pm and it is expected to take about an hour to complete. We appreciate your patience during the update.
Thanks all.

GDPR and Boards.ie post removal policy **update linked in OP 24/5/18**

Options
1192022242536

Comments

  • Options
    #632
    oscarBravo
    Technology & Internet Moderators Posts: 28,791 Mod ✭✭✭✭oscarBravo


    Sleeper12 wrote: »
    Scanning through random Irish we & I'm finding more than half don't have the EU cookie notification let alone a privacy policy posted on the website

    Those cookie notifications drive me scatty. "This site uses cookies" - no fkin sht sherlock. Why not have a notification saying "this site uses HTML"?

    I know it's a legal requirement, but it's one of the stupider things to come out of the EU.


  • Options
    #633
    seamus
    Registered Users Posts: 68,317 ✭✭✭✭seamus


    Sleeper12 wrote: »
    I'm just saying that they haven't notified me yet of any change to how they handle & store my data.
    There may be no change :)

    Boards has a privacy policy. If it's already GDPR compliant, then no notification is required.

    They would be in a minority, but it's possible...
    Scanning through random Irish we & I'm finding more than half don't have the EU cookie notification let alone a privacy policy posted on the website
    Because nobody cares.

    You'll find GDPR is largely the same. Unless the website is being underpinned by a limited company with audited accounts and a legal team, nobody is going to pay a blind bit of notice to GDPR.

    If someone raises a query and the DPC comes in, they'll get a warning, some helpful tips on how to fix their issue, and then that'll be it. Big companies with lots of staff and spare money will get treated more harshly for ignorance of the rules, but Jimmy who runs a karate school with 30 members isn't going to be fined for GDPR failures.


  • Options
    #634
    Sleeper12
    Registered Users Posts: 16,878 ✭✭✭✭Sleeper12


    oscarBravo wrote: »
    Those cookie notifications drive me scatty. "This site uses cookies" - no fkin sht sherlock. Why not have a notification saying "this site uses HTML"?

    I know it's a legal requirement, but it's one of the stupider things to come out of the EU.


    On some sites you've to click several boxes to clear these. These are starting to annoy me. I don't go to sites that have pop up ads yet this EU law that's protecting me has pop ups that I don't want to see.


  • Options
    #635
    Sleeper12
    Registered Users Posts: 16,878 ✭✭✭✭Sleeper12


    My favorite privacy statement so far :D


  • Options
    #636
    Hurrache
    Registered Users Posts: 10,148 ✭✭✭✭Hurrache


    Sleeper12 wrote: »
    I think everyone has a few weeks grace

    They've had 2 years grace. It was ratified 2 years ago but a 2 year lead in period was granted.


  • Advertisement
  • Options
    #637
    Permabear
    Closed Accounts Posts: 39,022 ✭✭✭✭Permabear


    This post has been deleted.


  • Options
    #638
    Sleeper12
    Registered Users Posts: 16,878 ✭✭✭✭Sleeper12


    Permabear wrote: »
    This post had been deleted.


    I didn't say that. I said all they have to do for now is state that they will remove private data under GDPR guidelines. That in itself gives them another month or so to decide what they are going to do.


    I don't for a second expect Boards to break the law. I have no doubt once they get legal guidance they will follow GDPR to the fullest. If that means deleting entire threads then that is what they will do. However they might get legal advice saying that not all post need to be deleted. No one knows yet


  • Options
    #639
    Permabear
    Closed Accounts Posts: 39,022 ✭✭✭✭Permabear


    This post has been deleted.


  • Options
    #640
    Sleeper12
    Registered Users Posts: 16,878 ✭✭✭✭Sleeper12


    Permabear wrote:
    This post had been deleted.

    You continue to post as if it is fact that these posts need to be removed. While I'm not looking for you to identify yourself can I assume that you are qualified to make this judgement? Or is it just your own personal opinion?

    What you seem to be saying is that boards.ie don't need to take expensive legal advice. Just listen to you instead?

    I'd have thought that if the answer was as simple as you say then this shouldn't be going on weeks.


  • Options
    #641
    Bob24
    Registered Users Posts: 10,905 ✭✭✭✭Bob24


    Permabear wrote: »
    This post had been deleted.

    I agree they need to amend or remove that phrase - it is clearly at odds with GDPR as it is.

    Now I guess what Sleeper12 is also saying is that they can go for the lazy option: just remove it and replace by a vague statement saying hey data removal will be done in line with the GDPR.

    I personally don’t think it is very satisfactory ans it is probably completely GDPR compliant to be that vague, plus it is just kicking the can down the road. But realistically in practice it would probably put boards off the hook for a few weeks as this type of thing won’t be a priority for the regulator intitially.


  • Advertisement
  • Options
    #642
    Permabear
    Closed Accounts Posts: 39,022 ✭✭✭✭Permabear


    This post has been deleted.


  • Options
    #643
    Fred Swanson
    Closed Accounts Posts: 21,730 ✭✭✭✭Fred Swanson


    This post has been deleted.


  • Options
    #644
    Sleeper12
    Registered Users Posts: 16,878 ✭✭✭✭Sleeper12


    Bob24 wrote:
    Now I guess what Sleeper12 is also saying is that they can go for the lazy option: just remove it and replace by a vague statement saying hey data removal will be done in line with the GDPR.


    I only suggest that vague statement temporarily till they get a full meaningful statement in place once they get correct legal advice. Right now they don't seem to know if they will have to delete the posts or not.

    The lazy statement meets the policy requirements and would buy them another few weeks to get things right

    I have no doubt if the legal advice says remove where they say they won't remove posts then they will. It could be removed altogether or changed to "posts will be removed under the GDPR guidelines only"

    None of us know


  • Options
    #645
    Boards.ie: Sean
    Closed Accounts Posts: 212 ✭✭Boards.ie: Sean


    Please see this post for the Boards.ie updated GDPR effective from December 2018 ~Niamh

    Given that GDPR comes into effect on 25 May we wanted to give you a quick update on how this will impact Boards and our community and what changes we are making to the site and our procedures and processes in order to be compliant with the new regulations.

    Policies

    We are currently updating our Terms of Use, Privacy Notice and Cookies Policy in light of GDPR. There are some final clarifications that we are awaiting feedback on from our lawyers but we expect the updated policies to be live on the site on 25 May.

    Personal Data

    Boards processes personal data of its registered users. This applies to anyone who has a Boards account (that has not subsequently been closed). Boards does not process personal data for people who visit the site and have not registered for a Boards account.

    Data Access Requests

    Under GDPR users have the right to request access to any of their personal data that is held by Boards. In order for Boards to process a data access request from a registered user of the site we need to verify the identity of the person making the request. Therefore, the process for requesting your personal data is as follows:
    • For identity verification purposes the data access request must be sent via a Private Message (PM) to the following recipient Boards.ie: GDPR (if for any reason you are unable to access or send a PM please email datarequests@boards.ie and we will get back to you with further instructions).
    • Data access requests will only be processed for the user account from which the PM was sent. We will not process data access requests for personal data related to 3rd party accounts
    • Once processed, an encrypted zip file containing the personal data will be sent to the email address associated with the user account
    • The password required to decrypt the zip file will separately be PM’d to the user making the data access request
    • If for any reason you cannot log onto to your Boards account you should follow the standard password reset procedures

    We will begin processing data access requests from 25 May onwards and will respond with 30 days.

    Account Closure / Erasure of Personal Data

    Users have the option to close their Boards account. This option is available in User Control Panel / User Settings. If this option is selected all personal data will be permanently deleted. Your Boards username will be retained but this will not be associated with any other information relating to an identified or identifiable natural person and therefore will no longer be considered personal data.

    In specific instances where a person could reasonably or easily be identified from their Boards username we will consider requests to change the username; these will be dealt with on a case-by-case basis.

    Should you wish that all your personal data be erased from Boards systems you should choose to close your Boards account.

    Inactive Accounts

    Under the GDPR principle of not retaining personal data longer than is required we intend to email all inactive users (users who have not logged onto Boards for 6 years or more) to see if they still want to remain a member of Boards. Inactive users will have 30 days to log onto the site. If they do so within the 30 days we will remove them from the inactive user list. If they do not we will assume that they no longer wish to retain their Boards account and we will begin the process of closing their accounts.

    User Posts

    For users with an active Boards account, posts made by a user can be associated with other information held by Boards that relates to an identified or identifiable natural person (for example a post can be associated with a user’s email address and/or real name). Therefore, posts made by a user with an active Boards account are considered personal data and GDPR regulations apply to these posts, including the right of erasure. As such, from 25 May we will begin to process requests for erasure of posts from users with an active Boards account. These requests must be sent via a Private Message (PM) to the following recipient Boards.ie: GDPR (if for any reason you are unable to access or send a PM please email datarequests@boards.ie and we will get back to you with further instructions).

    For closed accounts all personal data (other than users’ posts) will be deleted. Therefore, posts made by users whose accounts were subsequently closed cannot be associated with other information held by Boards that relates to an identified or identifiable natural person and as such are not considered personal data and GDPR does not apply to this data.

    In specific instances where the content of a post contains sensitive data or data that could be used to identify an individual we will consider requests to edit or delete the post; these will be dealt with on a case-by-case basis.


  • Options
    #646
    Star Lord
    Registered Users Posts: 30,123 ✭✭✭✭Star Lord


    Permabear wrote: »
    This post had been deleted.

    The difference lies in what qualifies as "information relating to an identifiable natural person". Some people seem to be operating under the assumption that this includes all posts under their pseudonym, which it does not. It relates to information that identifies the person. Information that the admins have access to, which identifies accounts or the IP address from which an account posts, is not personally identifiable information, but rather suggests links between accounts, as do the forums in which they post, the way they conduct themselves, and the language they use. If the users name and email address are removed from the account, as they are upon closing an account, and they haven't posted any personally identifiable information (which, as always, is removed upon request where it has been posted) then Boards doesn't have any information that qualifies as "information relating to an identifiable natural person".


  • Options
    #647
    Beasty
    Administrators, Social & Fun Moderators, Sports Moderators Posts: 75,290 Admin ✭✭✭✭✭Beasty


    Boards.ie: Sean wrote: »
    Given that GDPR comes into effect on 25 May we wanted to give you a quick update on how this will impact Boards and our community and what changes we are making to the site and our procedures and processes in order to be compliant with the new regulations.
    I've provided a link to Sean's post in the OP if anyone is trying to find it, and reflected that in the thread title


  • Options
    #648
    s3rtvdbwfj81ch
    Closed Accounts Posts: 1,691 ✭✭✭s3rtvdbwfj81ch


    Are IP addresses not retained for posts by anonymous posters in the likes of PI then? They'd be non-registered users.


  • Options
    #649
    Permabear
    Closed Accounts Posts: 39,022 ✭✭✭✭Permabear


    This post has been deleted.


  • Options
    #650
    Bob24
    Registered Users Posts: 10,905 ✭✭✭✭Bob24


    Boards.ie: Sean wrote: »
    Personal Data

    Boards processes personal data of its registered users. This applies to anyone who has a Boards account (that has not subsequently been closed). Boards does not process personal data for people who visit the site and have not registered for a Boards account.

    Thanks for the update.

    Just a clarification on the above: does this mean that boards see itself as a data processor solely for registered users and will therefore only process GDPR related requests from registered users?

    (the underlying question being: if a post contains personal information about someone who is not a registered user, will boards treat that person as a data subject in the sense of the GDPR?)


  • Options
    #651
    Sleeper12
    Registered Users Posts: 16,878 ✭✭✭✭Sleeper12


    Boards.ie: Sean wrote:
    Data access requests will only be processed for the user account from which the PM was sent. We will not process data access requests for personal data related to 3rd party accounts

    Am I right in thinking that John Smith requests for his posts to be deleted but if I have quoted some of his posts that he cannot request that they are deleted?


  • Advertisement
  • Options
    #652
    Permabear
    Closed Accounts Posts: 39,022 ✭✭✭✭Permabear


    This post has been deleted.


  • Options
    #653
    IRE60
    Registered Users Posts: 1,880 ✭✭✭IRE60


    Bob24 wrote: »

    (the underlying question being: if a post contains personal information about someone who is not a registered user, will boards treat that person as a data subject in the sense of the GDPR?)


    They are not processing that data. A post containing 'personal data' ie the name of someone - they are not 'processing' it. They are displaying it or publishing it, no processing. If that were the case then the media would be unable to operate as of midnight!



    I think we are reaching here.


  • Options
    #654
    uck51js9zml2yt
    Closed Accounts Posts: 18,268 ✭✭✭✭uck51js9zml2yt


    Permabear wrote: »
    This post had been deleted.

    All someone needs to do is request deletion of posts and then close their account.


  • Options
    #655
    Fred Swanson
    Closed Accounts Posts: 21,730 ✭✭✭✭Fred Swanson


    This post has been deleted.


  • Options
    #656
    Fred Swanson
    Closed Accounts Posts: 21,730 ✭✭✭✭Fred Swanson


    This post has been deleted.


  • Options
    #657
    Creative83
    Closed Accounts Posts: 353 ✭✭Creative83


    So the can of worms has been opened...


    From tomorrow I could request that every single one my posts be deleted is my understanding judging by Seans post :eek:


  • Options
    #658
    Franz Von Peppercorn
    Closed Accounts Posts: 7,070 ✭✭✭Franz Von Peppercorn


    seamus wrote: »
    There may be no change :)

    Boards has a privacy policy. If it's already GDPR compliant, then no notification is required.

    They would be in a minority, but it's possible...

    Because nobody cares.

    You'll find GDPR is largely the same. Unless the website is being underpinned by a limited company with audited accounts and a legal team, nobody is going to pay a blind bit of notice to GDPR.

    If someone raises a query and the DPC comes in, they'll get a warning, some helpful tips on how to fix their issue, and then that'll be it. Big companies with lots of staff and spare money will get treated more harshly for ignorance of the rules, but Jimmy who runs a karate school with 30 members isn't going to be fined for GDPR failures.

    That’s right. The DPC say themselves they will give companies time to comply after the first warning. Court cases are for the last resort.

    Individuals can bring a court case against boards but that case will not be private.


  • Options
    #659
    LoLth
    Moderators, Technology & Internet Moderators Posts: 10,339 Mod ✭✭✭✭LoLth


    another reason to protect the security of access to your account


  • Options
    #660
    Franz Von Peppercorn
    Closed Accounts Posts: 7,070 ✭✭✭Franz Von Peppercorn


    Permabear wrote: »
    This post had been deleted.

    You continue to beat your well beaten drum.

    No software provider for forums agrees with you. And as I said already users can be annoymised per thread on deletion.


  • Advertisement
  • Options
    #661
    Sleeper12
    Registered Users Posts: 16,878 ✭✭✭✭Sleeper12


    Fred Swanson wrote:
    How do I prove I am Fred Swanson? This will be an issue for those that post under a pseudonym. How does a person prove that they posted under a pseudonym?

    My real name isn't Sleeper12 but it is linked to my email address and IP address. I assume that's enough information.

    I can't remember what information I gave when I joined . I possibly /probably gave my name then


This discussion has been closed.
Advertisement