• Am I reading this right posted here about the GDPR policy.


    That you will have to provide your Name and Address as site owner in the privacy policy.





    If I'm reading that right. What's the point in anyone buying WhoIs Protection with a domain name then to hide your personal home details. I doubt many are going to do that, not if already using WhoIs protection to hide their personal details on a domain used from others on the web. That to me, I'm gobsmacked at them expecting everyone to do that and give their home personal details away to everfy Tom, Dick and Harry that reads your sites privacy policy. Yeah, right!

  • I would have thought providing a Name and Address would only be forced on those selling goods, or a service etc. Frankly, I have read next to nothing about this GDPR but that section caught my eye. So was wondering if they sort of expect that everyone running a site will provide their personal details on a Privacy Policy page.


    I don't really know, which is why I asked. If this is going to be expected from every site owner?

  • If this going to be expected from every site owner?


    The GDPR is an european thing and all european site owners (or most of them) have to provide that, yes. In germany for example, you have to provide a legal notice including all your contact informations, too. Additionally, you must provide a contact in germany as domain owner.


    Oh and: In germany, you must not combine the legal notice and the privacy policy. They have to be separate links and they have to be reachable with a single click (not hidden behind X other sites).

  • Ha! Reading the big topic about this GDPR posted over on XenForo also, where they are making a "big thing" out of it all. I don't think they realise this about the personal home details having to be listed.

  • This is actually a big thing in the EU. It's not just about revealing your personal informations. It's about what you can do with the data of your users and what not. That is a shitload of work for most of us. It starts on saving ip addresses and ends on using services from 3rd parties (e.g. using Google Fonts or embedding Media from external content providers, etc.).

  • Not being funny, but I see this as a breach of privacy. You can buy whois protection on some domains you use for a good reason, not all domains allow it. So you can protect your home personal information from others on the web. Now, they are basically trying to force people to provide that information (like it or not), which I think is dead wrong if you're not selling goods, or offering a paid service. Why should that information be supplied if you only run a hobby site making nothing from other people with it.


    I will never post my personal details on any privacy policy page running a hobby site.

  • I love the bit about embedding images from other sites on yours, the passing of information between both sites by doing it. Sounds like you might as well scrap having the IMG tag now.^^

  • Not being funny, but I see this as a breach of privacy. You can buy whois protection on some domains you use for a good reason, not all domains allow it. So you can protect your home personal information from others on the web. Now, they are basically trying to force people to provide that information (like it or not), which I think is dead wrong if you're not selling goods, or offering a paid service. Why should that information be supplied if you only run a hobby site making nothing from other people with it.


    I will never post my personal details on any privacy policy page running a hobby site.

    Let me offer another perspective.


    Lets step back a bit and recall the situation prior to the internet. You want to publish information for the whole world to see. Before radio and Tv, you did so in writing. if you published in a newspaper, the newspaper had a legal address, and the editor would know your address. So, if you wrote utter crap and anyone would want to sue you, they would sue he newspaper, who were responsible for the content.


    if you wanted to distribute flyers, you had to print a legally binding address on it to be allowed to do that, again, the person who provided the content was accountable and known.

    Enter radio and TV. The rules did not change, radio stations have legal addresses and TV stations have, too. They are responsible and are held accountable for what they are doing.


    Enter the internet age. Suddenly everyone wants to be able to distribute his opinion without being able to be held accountable. In germany, you have to provide your contact info on a separate legal notice ("Impressum") for quite some time. If you want to distribute information, you must be able to be held accountable for it.


    There is some legitimate concern about anonymity. But the other concern is accountability. And given the way the internet moves more and more to hate-speech, dissemination of fake news and what not, actually holding people accountable for what they do or say is a good thing.


    I am not sure the way the GDPR solves this is the best way to solve it, but its a practical way. And for Europeans, having to provide your contact info in your legal notice is a common thing, we already have had that for quite some time through various national laws, its just now codified in EU law and thus gains more reach.


    It used to be absolutely normal that when you want to disseminate information, you can be held accountable for it. The thinking that you have the right to say anything to the whole world anonymously is a very, very recent one (20 years, tops). Newspapers still will not print letters they get from readers unless they know the identity of the one who wrote the letter. Yet on the internet, a lot of people just assume they should have this right, and I don't really understand why.


    On the other hand, anonymity is a legitimate concern in some areas. For some topics, you simply want discretion. For example lets say you are member of a swinger club. As long as you only visit your local club, you mostly have discretion (but not total anonymity , either - on the contrary, most people will know you). lets say you want to share experiences etc. with other, online. Now, I absolutely understand that you might not want the whole world to know your private preferences. So I absolutely think that you should have the right to register on such a site to share this with a pseudonym. But in this case, you are only a user of a service, you are not the one providing the service. And in fact, the GDPR improves your protection and your privacy in such cases, because it limits what the one running that platform can do with your data, and what data he is allowed to collect in the first place. For users, the GDPR is a blessing (its still not optimal, but it is a step in the right direction).


    But as soon as you become a service provider - and yes, sharing information on your blog is providing a service - you have to be able to be held accountable. If you use another blogging platform and spur racial slurs, the platform provider is responsible and will likely take down your blog as soon as he gets the letter from a lawyer that tells him to do so. But the point is: the service provider is accountable and his legal address is known. The same applies to your private page, a legal address for the one responsible has to be known.


    I am not saying the GDPR is perfect, far from it. I think some stipulation in it are utterly ridiculous, and I think especially the people running small, non-commercial hobby sites are hit especially hard with this. But its a step in the right direction.


    So tl;dr: The GDPR improves privacy for users and makes it easier to hold service providers accountable.

    "A life is like a garden. Perfect moments can be had, but not preserved, except in memory. LLAP" — Leonard Nimoy

  • Lets step back a bit and recall the situation prior to the internet. You want to publish information for the whole world to see. Before radio and Tv, you did so in writing. if you published in a newspaper, the newspaper had a legal address, and the editor would know your address. So, if you wrote utter crap and anyone would want to sue you, they would sue he newspaper, who were responsible for the content.

    Look at it another way also. You can make enemies on the web, there are plenty idiots out there that may join your forums looking to cause trouble with you. Try having a few web stalkers, I already have some stalkers - and you're expected to list you name and address on your site's policy page for them to grab easy and use against you. It happens and this is why I would never show it.


    Is the GDPR taking things like that into consideration, do they think everyone on the web are good as gold angels you can trust showing your personal details too?


    Like I said, I can understand it being a requirement if you sell items or offer a paid service. But don't understand why hobby site owners who make no money from anyone on the web with their site should be expected to show that information. Why don't they also ask that all members who join your forum "trolling" show their personal details as well.

  • Look at it another way also. You can make enemies on the web, there are plenty idiots out there that may join your forums looking to cause trouble with you. Try having a few web stalkers, and you're expected to list you name and address on your site's policy for page for them to grab easy and use against you. It happens and this is why I would never show it.

    Yes, but to be fair, this is what people who are public figures have to deal with on a daily basis, also. Do you think TV or radio stations do not get crappy hate-mail on a daily basis? They do.

    If you want to be a service provider, instead of a consumer of a service someone else provides, that is the cost you have to pay.


    Lets say someone else is telling blatant lies about you on his very own blog - destroying your reputation. You would really want to be able to do something about it, and having a legal address available so you can readily sue him is an important first step for that.

    If he does it on another blogging platform, you just contact the platform provider (or have your lawyer contact them), and they will deal with it and likely remove the offending content.


    You have accountability in both scenarios, but in the latter the offender also has anonymity. Can you sue him for damages? You still can't, unless the platform provider has his legal contact info, which he more then likely hasn't.


    So yeah, there is a big difference between being the user of a service or being the provider of one, and as I have shown above, even having a blog is providing a service. accountability is important to be able to uphold the law.

    "A life is like a garden. Perfect moments can be had, but not preserved, except in memory. LLAP" — Leonard Nimoy

  • Yes, but to be fair, this is what people who are public figures have to deal with on a daily basis, also. Do you think TV or radio stations do not get crappy hate-mail on a daily basis? They do.

    You don't see their home address being given away.


    They are in the public eye, sure. They earn millions doing high profile public jobs, that's why. But even still, you don't see newspapers and 'whatever' publicly posting their house number and street they live in. Go on IMDB and look at actors descriptions, same thing - but you won't find their home address listed because it's their privacy they are entitled to keep from others.


    And all because you run some silly little website, they say you must provide that personal information. Really?

  • You don't see their home address being given away.

    No, but the Radio or TV Stations address is known. The radio or TV station being the service provider here. If someone publicly spurs racial slurs (or does whatever is deemed illegal), you sue the TV/Radio station.


    If you are a user on another website, you are not the service provider. But as soon as you run your own website, you become the service provider - you become the TV/Radio station in this analogy. And their addresses *are* known.

    "A life is like a garden. Perfect moments can be had, but not preserved, except in memory. LLAP" — Leonard Nimoy

  • A question about this. When the UK leaves the Euro. Will the UK be exempt from this GDPR.


    Also, what if your site is hosted from the U.S, which isn't covered by the GDPR. It's a European law only.

  • NicoleSophie


    First question: In my opinion it depends on the deal between EU and the U.K.

    If they terminate the GDPR, you may just apply your local laws.

    If they don't terminate, you have to apply the EU wide regulation.


    Second: Have a look at the territorial scope: https://gdpr-info.eu/art-3-gdpr/

    Even if your site is hosted outside of the Union, as you, the provider are sitting in the union, you have to apply the regulations.


    Greetings

    Michael

  • Even if your site is hosted outside of the Union, as you, the provider are sitting in the union, you have to apply the regulations.

    I thought that might be the case. As my site is hosted from the U.S and I don't use a Euro domain name as well. But suspected they would do things like that, if you live in a Euro country then it still applies no matter where your site is hosted from

  • A question about this. When the UK leaves the Euro. Will the UK be except from this GDPR.

    It is too early to say. If a "hard" Brexit occurs, the will no longer be bound by it, but might choose to make it national law. If a "soft" Brexit occurs, then it will be impossible to tell in advance which EU laws still apply. if GB wants to retain access to the free market, they will likely be forced to adopt it as one of the stipulations to retain access to the free market.

    Also, what if your site is hosted from the U.S, which isn't covered by the GDPR. It's a European law only.

    Chapter 5, Article 50 of the GDPR states:

    Quote

    In relation to third countries and international organisations, the Commission and supervisory authorities shall take appropriate steps to:

    1. develop international cooperation mechanisms to facilitate the effective enforcement of legislation for the protection of personal data;
    2. provide international mutual assistance in the enforcement of legislation for the protection of personal data, including through notification, complaint referral, investigative assistance and information exchange, subject to appropriate safeguards for the protection of personal data and other fundamental rights and freedoms;
    3. engage relevant stakeholders in discussion and activities aimed at furthering international cooperation in the enforcement of legislation for the protection of personal data;
    4. promote the exchange and documentation of personal data protection legislation and practice, including on jurisdictional conflicts with third countries.

    Article 3 defines the territorial scope, which basically says that it applies to all data sourced within the EU, no matter where it is processed.


    Article 27 "Representatives of controllers or processors not established in the Union" deals with how non-EU entities will be handled. They will be forced to establish a representative, who is subject to compliance (and fines) within at least one EU member where they source data from.


    Treaties with various nations have already been made as far as I know, and Article 50 says that its an ongoing effort to establish more treaties that ensure the GDPR can be enforced internationally. So it basically boils down to bi- or multilateral treaties (Article 50), and then, after tose have been signed, companies will be forced to create representatives under Article 27, for all data that is in scope according to Article 3.


    Notably, how the GDPR will be enforced in 3rd party countries is not part of the GDPR itself (except that they will have to establish a representative, but how the 3rd parties enforces that is not specified), that is open to the treaties which have been/will be made under Article 50.

    "A life is like a garden. Perfect moments can be had, but not preserved, except in memory. LLAP" — Leonard Nimoy

  • Article 50 says that its an ongoing effort to establish more treaties that ensure the GDPR can be enforced internationally

    And I can see that happening too. I don't think it will be long before other countries take it onboard like the U.S. Just a matter of time I think.

  • And I can see that happening too. I don't think it will be long before other countries take it onboard like the U.S. Just a matter of time I think.

    Well, there are already numerous treaties in place about international enforcement of jurisdictions. I am not versed enough in international law to judge whether or to what extend already existing treaties apply. Some procedure to collect internationally already exist.


    The principle of reciprocity will also apply here - I suspect many countries, including the US, will be interested in enforcing the GDPR just because they are interested in the fact that EU courts also enforce certain US laws (EU courts usually hate punitive damages, btw).


    But I am not sure whether treaties specific to the GDPR have already been signed between the US and EU, and to what extend existing treaties apply. International law can be very messy :/, and I haven't really kept an eye on this (I'm more concerned with how to comply with it then with the question of who has to comply with it internationally).

    "A life is like a garden. Perfect moments can be had, but not preserved, except in memory. LLAP" — Leonard Nimoy

  • Quote

    Notably, how the GDPR will be enforced in 3rd party countries is not part of the GDPR itself (except that they will have to establish a representative, but how the 3rd parties enforces that is not specified)

    Looks like they don't even know how they plan to enforce it yet on site owners. It's going to be interesting to see how they try and do so. What if I posted I'm homeless with no fixed address - can they prove otherwise when they have no idea who I am because the sites domain uses whois protection?