• Had an email today from Google regarding this GDPR. Reading it, unlike what some people have been saying on XenForo thinking that Google will add some new features to AdSense to Opt out certain things with ads to come inline with GDPR. Have a read of this, doesn't look like they're going to change anything really, except for updating their privacy policy in how they use information.


    But this makes me wonder what it's going to mean for Euro users using AdSense because of what GDPR says you can't do.


    Quote from Google

    This month, we’re updating our Privacy Policy to make it easier for you to understand what information we collect and why we collect it. We’ve also taken steps to improve our Privacy Checkup and other controls we provide to safeguard your data and protect your privacy.


    Nothing is changing about your current settings or how your information is processed. Rather, we’ve improved the way we describe our practices and how we explain the options you have to update, manage, export, and delete your data.


    We’re making these updates as the General Data Protection Regulation (GDPR) takes effect across the European Union. Designed to harmonize privacy laws across Europe, the GDPR refines the transparency rules for how companies describe their data processing. We’re making some required updates to our Privacy Policy, and we’re taking the opportunity to make improvements for Google users around the world.

  • I haven't been around in a while, but this topic is one thing I had been thinking about more recently.


    Also with all the privacy issues going on lately in the news, "fake news", terrorism, etc etc. I figured something like this would happen. Further, didn't Adam Howard mention something similar a couple years ago about whois privacy on domains possibly being done away with? Like Netzwerg mentioned basically, if you want to be online, in public doing whatever you're doing, then you shouldn't hide. People need to be held accountable.


    And running sites like forums, or social media scripts you're bound to get A LOT of users from ALL parts of the world no matter what. Even if you make the community "invite only", some American users will bound to invite users from England, Germany, France, Africa, Australia, EU, any country. There's no escape. Laws change all the time as well, still no escape.


    Just sucks for those people that are harassed, stalked, threatened etc. If they have site about "trauma from being raped", or whatever, and have to put their name and address on their site... it's free location giveaway to a past rapist (that was never caught yet) or future rapists to come to their house and rape them again. Or kill them, etc. Damned if do, damned if don't.

    Edited 3 times, last by Smooey ().

  • Just sucks for those people that are harassed, stalked, threatened etc. If they have site about "trauma from being raped", or whatever, and have to put their name and address on their site... it's free location giveaway to a past rapist (that was never caught yet) or future rapists to come to their house and rape them again. Or kill them, etc. Damned if do, damned if don't.

    Its not like you do not have options. Remember, this is only for the provider of the site. Of you provide the site as private person, then yes, it sucks. But founding an Ltd (or GbR in Germany) and having a corporate address isn't that difficult if you are really serious about the site.


    You can see it the other way around, too. Those victims finally get the privacy protection they need to be able to discuss their problems online. The provider of the site has to be very careful to protect those users. And that is a good thing for them, because the last thing you want as a victim of such horrible crimes is your private data leaking, either due to carelessness or malice of the provider.


    The thing is that nobody forces you to provide the service, you do that on your own volition. But if you choose to do so, the protection of your users is weighed more importantly then yours. The good of the many...



    I'm not sure what you all have experienced, but english speaking users are the only ones who are concerned about being harassed as admins. Now, I have consulted big, multi-national sites in the past and have never experienced that, and none of my german customers ever has. So I'm a bit wondering where this fear comes from, to be honest. Since german sites had to put the name and address out there since the 90's, and we never had such problems, I find those fears hard to understand, to be honest.

    "A life is like a garden. Perfect moments can be had, but not preserved, except in memory. LLAP" — Leonard Nimoy

  • Of you provide the site as private person, then yes, it sucks. But founding an Ltd (or GbR in Germany) and having a corporate address isn't that difficult if you are really serious about the site.

    I think that it's more difficult than you think, especially if you used to run internet forums or blogs as a hobby. Having to found a company just to have an online hobby is a ridiculous request in light of how things have functioned on the internet so far and how things continue to function everywhere else outside the EU. In my opinion, saying that private person cannot be serious about your online community as a hobby is rather insulting. There are plenty of people who have run relatively large (active) forums for years, as private individuals, putting a lot of time and effort into creating topics, promoting on social media etc.

  • Having to found a company just to have an online hobby is a ridiculous request in light of how things have functioned on the internet so far and how things continue to function everywhere else outside the EU

    You need to put down literally one Dollar for an Ltd. Not sure why that is a ridiculous request for someone who handles private data of potentially tens of thousands of people.


    In my opinion, saying that private person cannot be serious about your online community as a hobby is rather insulting.

    Please re-read my post. I have not said anything of that kind. But when your hobby impacts so many people in such deep ways, you ought to make some sacrifices.



    Handling private data is a big responsibilty and GDPR finally codifies and regulates it. Yeah sure, the internet has been the wild west for a long time, with very little protection, but that doesn't mean it should stay so forever.

    Adapt and overcome...

    "A life is like a garden. Perfect moments can be had, but not preserved, except in memory. LLAP" — Leonard Nimoy

  • Founding a company involves a lot of bureaucratic work and it takes several visits to various institutions, waiting in line, waiting for the approval etc. If you're a person who can't drive or are house-bound due to chronic illness, then you have to get someone else to do all those things for you. If you have generalized anxiety and you use your internet hobbies as a means of relaxation, then the GDPR just added more stress and anxiety to your life. Launching a forum (from buying the domain and hosting to installing the script) can literally take less than an hour. Founding a company can take up to a month.


    I seriously doubt that a fictional username, an email address (which can be a disposable one, like mailinator) and an IP address constitute "deep ways" in which a forum's members' privacy is impacted. The internet has not been the wild west. People have not been getting killed from using internet forums (4chan had a few incidents, but that place was known for being legally questionable).


    Besides, the GDPR conflicts with American and Asian regulations. According to USA law, the minimum age to be online without written permission from parents is 13. GDPR makes it 16. YouTube allows people over 13 years old to create and upload video content without requiring parental signature. There are forums and websites especially for teenagers. One of them even uses Woltlab software. Woltlab doesn't have all the required features to be GDPR-compliant. I doubt that it's a company that runs that forum. I also doubt that every single member under 16 years old from that forum has sent a document signed by their parents to the owner.


    Adapt and overcome? To what? To the unnecessary confusion and ridiculous requests? I'd rather move to a country outside of the EU and geo-block the entire EU from my forum.

  • Founding a company involves a lot of bureaucratic work and it takes several visits to various institutions, waiting in line, waiting for the approval etc. If you're a person who can't drive or are house-bound due to chronic illness, then you have to get someone else to do all those things for you. If you have generalized anxiety and you use your internet hobbies as a means of relaxation, then the GDPR just added more stress and anxiety to your life. Launching a forum (from buying the domain and hosting to installing the script) can literally take less than an hour. Founding a company can take up to a month.

    I am not sure why you create such edge-cases. Most people who run forums aren't that way, and yes, people who are ill or have disabilities need help, true. But the majority of the population is not ill. Furthermore, you over-estimate the complexity of getting a company up and running.


    The internet has not been the wild west.

    I respectfully disagree.


    Besides, the GDPR conflicts with American and Asian regulations. According to USA law, the minimum age to be online without written permission from parents is 13. GDPR makes it 16.

    GDPR only applies to EU citizens and their data. It does not apply to US citizens or citizens from other parts of the world, so no, there is no conflict.


    I also doubt that every single member under 16 years old from that forum has sent a document signed by their parents to the owner.

    No, and that is not necessary anyways.

    "A life is like a garden. Perfect moments can be had, but not preserved, except in memory. LLAP" — Leonard Nimoy

  • GDPR only applies to EU citizens and their data. It does not apply to US citizens or citizens from other parts of the world, so no, there is no conflict.

    Not so sure about that one. He said the US laws states a person of 13 years-old is allowed on the forum, whereas the GDPR now says 16 years-old. Well, if a person from an EU country goes on a forum hosted outside the EU and is run by somebody not from the EU (such as America). Allowing EU users on their forum still so called means they have to abide by the GDRP laws because they cater to EU users. Well then, how is it not a conflict if that forum is allowing somebody from the EU who is under 16 years-old on it without parental permission.

  • Its not like you do not have options. Remember, this is only for the provider of the site. Of you provide the site as private person, then yes, it sucks. But founding an Ltd (or GbR in Germany) and having a corporate address isn't that difficult if you are really serious about the site.


    You can see it the other way around, too. Those victims finally get the privacy protection they need to be able to discuss their problems online. The provider of the site has to be very careful to protect those users. And that is a good thing for them, because the last thing you want as a victim of such horrible crimes is your private data leaking, either due to carelessness or malice of the provider.


    The thing is that nobody forces you to provide the service, you do that on your own volition. But if you choose to do so, the protection of your users is weighed more importantly then yours. The good of the many...

    Well my example was hypothetical, but I'm sure it did happen though. World full of crazies remember lol. I'm just trying to understand it all better I guess. Because there's a lot of grey area or fine tooth combing that needs addressed in there.


    Another example, I knew a female years ago that was abused by her exhusband and since she and he divorced, filed charges against him etc, she relocated to another State in the USA to get away from him with her kids. Since her ordeal with exhusband the abuser, she's been vocal about it all. Posting anti-abuse memes, and support memes for females etc in her flickr account, facebook, website, etc.


    Now female abuse is global issue, not just America. If she ran a site geared towards anti-abuse and anti-bullying, and wrote about her ordeal with her exhusband. Does she need to disclose her name and address on her site, if females from EU that were also abused and joined her site? Which basically gives her exhusband full access to her new location, address, etc?


    Or if you run a personal rant wordpress blog (where users from globe can join), ranting about how your whore which wife slept with a cousin or brother, or rants in general. Rather than resort to beating up exwife or murdering her for her actions, he voices "verbally online" about the slut she is. Does the site owner have to put full name and address? Of course, the rant blog is only outlet and means for the owner to voice themselves about what was done to them, which was hurtful, and trying to keep anonymity? Guess that's out window too?


    LTDs, or sites that are stores that accept payments for memberships or selling products I can see no problem having your name and address public. But guess main question is about personal /hobby sites, if it's required or not?

    I'm not sure what you all have experienced, but english speaking users are the only ones who are concerned about being harassed as admins.

    Well, it's not me, but again throwing out hypothetical scenarios because it's bound to happen. Trying to understand this a little better. Guess for too many years Americans lived under anonymity, they could do anything they wanted under the name "anonymous" and feel they don't need held accountable for their actions. And this new policy totally goes against it, so of course there's going to be lashing out about it.


    Guess Germans don't attack each other much on hobby forums or person sites because your name and address is out there to public. So live in fear and kept in check on what's written by yourselves online and how you handle yourselves. "Oh noes, I best be good boy/gal, and watch what I say online because otherwise I pay consquences." type thing. In America, um yeah, that didn't happen and no one is really held accountable for nothing.


    Example;


    Ex-abusive-husband's friend - Hey John, your exwife that you abused years ago, started a site and posted about you and your abuse to her for years on her new site. I just googled your exwife's name, and pops up is her site.


    Ex-abusive-husband named John - Thanks buddy for letting me know about her site. I'll check it out, and see where she's currently living now. With new privacy laws in place, it's required she posts her new address and etc. I'll go find her, beat her ass, and silence her for good this time (murder her).


    Victim - I have no voice, I have no way to voice myself, unless it's at expense of my privacy, and location etc. The abuser gets to do what he wants, and I can't say/voice self about it all.. I'm just supposed to be silenced about my ordeal. He wins yet again, and I lost again.

    Edited 3 times, last by Smooey ().

  • Not so sure about that one. He said the US laws states a person of 13 years-old is allowed on the forum, whereas the GDPR now says 16 years-old. Well, if a person from an EU country goes on a forum hosted outside the EU and is run by somebody not from the EU (such as America). Allowing EU users on their forum still so called means they have to abide by the GDRP laws because they cater to EU users. Well then, how is it not a conflict if that forum is allowing somebody from the EU who is under 16 years-old on it without parental permission.

    I do not see the conflict? The US regulations still apply to the US citizens. The EU regulation applies to EU citizens. Yes, you now have to abide to both, but they are not in conflict with each other. You can easily adhere to both, by allowing US citizens register when they are at least 13 and EU citizens when they are at least 16. Laws are considered to be conflicting if you can't adhere to both at the same time. But you can.


    Guess Germans don't attack each other much on hobby forums or person sites because your name and address is out there to public. So live in fear and kept in check on what's written by yourselves online and how you handle yourselves. "Oh noes, I best be good boy/gal, and watch what I say online because otherwise I pay consquences." type thing. In America, um yeah, that didn't happen and no one is really held accountable for nothing.

    Living in fear? Hell, no. On the contrary. I'm not sure what you think is going on in your heads, but its so out of the world its almost amusing.


    All the cases you present or so far fetched and constructed to fit your specific narrative that I doubt they are a problem in the real world, and I really don#t want to discuss contrived hypotheticals. My experience with German law (and most EU states have similar laws, the requirement of having your name attached to stuff you write goes back to a law that was passed in the Holy Roman Empire in 1530, and has since become customary in the EU) simply shows that in the past 20 years, those scenarios you describe simply did not come true, at least not on a wide scale.


    And, you are constantly making the same mistake: if the people in your example post such things as users on other sites, they get the full protection of the GDPR. Its only when they provide the service themselves that they need to be held accountable for the data they collect. Which is a lot, even when you only run WP + GA and maybe AdSense.


    Quote

    I'll go find her, beat her ass, and silence her for good this time (murder her).

    Maybe we are not as concerned with that, because not everyone has a gun? Dunno, but this is what fear looks like, to me.

    "A life is like a garden. Perfect moments can be had, but not preserved, except in memory. LLAP" — Leonard Nimoy

  • I am not sure why you create such edge-cases.

    Let me introduce you to Fredrick Brennan, the founder of 8chan (one of the most popular chan forums on the internet):


    https://vimeo.com/91583460


    https://en.wikipedia.org/wiki/Fredrick_Brennan

    Most people who run forums aren't that way,

    While most people who run forums may not be that way, I think that a lot of people with physical disabilities, who have a less active social life, tend to find refuge in the internet, simply because it's a means of socializing. Alongside social media and blogs, forums constitute a very popular medium for online socialization.

    But the majority of the population is not ill.

    That may be so, but laws have to take into consideration the minorities too and ensure equal opportunity for people with disabilities.

    I do not see the conflict? The US regulations still apply to the US citizens. The EU regulation applies to EU citizens. Yes, you now have to abide to both, but they are not in conflict with each other. You can easily adhere to both, by allowing US citizens register when they are at least 13 and EU citizens when they are at least 16. Laws are considered to be conflicting if you can't adhere to both at the same time. But you can.

    The conflict stems from the fact that you can't verify which users are from where unless you individually check every single IP. You also have to take into consideration that some users may relocate with their families from one continent to the other, so you'd have to constantly have your users inform you about their current location. This causes a lot of problems because they could be lying and using a VPN to fake their location. You'd have to get legal signed consent from their parents every time. How do you verify that the parents' signatures are legitimate? Imagine having thousands of members and constantly having to keep verifying and reverifying them.

  • The conflict stems from the fact that you can't verify which users are from where unless you individually check every single IP.

    You do not have to. Simply let them input their age and their country of origin. You aren't require to check whether the data you got is truthful, or in other words: you may assume that the user is not fraudulent.

    "A life is like a garden. Perfect moments can be had, but not preserved, except in memory. LLAP" — Leonard Nimoy

  • Living in fear? Hell, no. On the contrary. I'm not sure what you think is going on in your heads, but its so out of the world its almost amusing.


    All the cases you present or so far fetched and constructed to fit your specific narrative that I doubt they are a problem in the real world, and I really don#t want to discuss contrived hypotheticals.

    I'd tell that to the 100s of 1,000s of revenge porn victims if I could, if the site "myex.com" was still up and running. As I spent a lot of time messaging the females that had their nudes posted on the site, along with home addresses, landline phone numbers, cell numbers, social media accounts, and work place information.


    I spent a lot of hours forewarning the female victims of that site about what their exes did to them and link them in private messages on facebook the link to the myex.com pages of them. Only difference here is the victims of revenge porn didn't free willingly put their names and addresses on myex.com, like they would have themselves on their own sites privacy policy page, if they started a site warning about revenge porn.


    These women had hundreds of texts of strange perverts sending cock pics to their cell numbers day and night, wanting to hook up for a good time, and had their bosses contacted at work place and the bosses found their nudes and were being perverted to them via comments on the pages. Perverts in comments also found their facebook pages, and sent all male family members, male friends in their friends lists, etc links to their nude pages on myex.com as well.


    So they're protected, I don't see it. Posting your name and address on a privacy policy page is no different than someone posting your name and address on a revenge porn site and being harassed and bombarded with cock pics on your cell or being called at landline phone number being asked for a good time and to hook up. Your information is out there, plain and simple, and you're free willingly giving to whoever sicko pervert or abuser, rapists, murderers roaming the streets.


    Another example from that site is a young newlywed woman was murdered by step-father, because she declined his advances. While the rest of the family was out at jobs, the daughter stopped back at the house for some stuff and step-father showed up as well and tried sleeping with her, she declined his advances and he killed her, buried out back along side the shed in back of house in shallow grave.


    He was given a link to her nudes from myex.com via his facebook page and facebook work place page, and he was posting comments in her page on myex being perverted as well. Not sure what protected bubble you all live in (must be a magical place), but my examples or hypothetical situations aren't as far-fetched as you claim they to be.

    Edited once, last by Smooey ().

  • Smooey I really don't see your point, honestly. You are saying that a 3rd person uploaded damaging material to another site. Well great. Contact the site owner, demand its taken down, done. If you know who is responsible for the site, you can do that. If the site owner refuses to take the content down, go to your lawyer, serve the site owner the court order, done.


    If the site owner is allowed to remain anonymous, this just gets more complicated... I really don't see how any of those women are helped if the operator of the site would be allowed to stay anonymous, on the contrary, it just makes getting their data removed more complicated.


    But we need to distinguish between two different topics here. We are conflating GDPR requirements (which are about *data processing* and responsibility about personal data of users) with the imprint duty, both are two different concepts and are governed by different laws (more on that difference later).

    "A life is like a garden. Perfect moments can be had, but not preserved, except in memory. LLAP" — Leonard Nimoy

  • Well I know revenge porn is different in the sense the damaging material was compiled and put on a different site, versus having own privacy policy page on your own site. Most site owners wouldn't put their nude pics on a privacy policy page lmao. But an example a little more close to home here though, like GTB and his "attackers" or whatever he calls them. If he posted his home address on his policy page, any one could book a round trip ticket to his country, show up at his front door and beat his ass and be on a flight back to their hometown the next day.


    Regarding data processing or whatever, even if one has site hosted in USA, the site owner lives in USA, and made community "invite only". The site owner invites only USA friends to join site, but several of his invited friends invites EU peoples to join the site... how would site owner know it and update their page? Heck, even millions of visitors from other countries (ones in EU) could just visit the site, and the IP be in host server logs...


    Then there's 3rd part image hosts. If I mainly used imgbox.com for myself, but 100 members used 100 different image hosts instead of imgbox.com, I'd have to keep updating privacy page for each image host used as well? Geesh. I liked using image hosts to help cut down on host resource usage, bandwidth, etc. So basically if USA resident, you gotta be compliant with GDPR policy anyway, because you're bound to have visitors from EU to the site. It's inevitable.


  • Very well stated Mistah J !


    You have made several good (and valid) points regarding GDPR; and with your comment to Netzwerg.

    [I especially like your last paragraph!]


    As an individual who has been active on the internet (with a variety of websites and forums since 2003) - as well as an upcoming

    website / forum project to be launched later this year - I can personally "testify" that you are right on!


    Additionally to responding to your post #78, for a "brief moment" I had seriously contemplated replying to posts 76 and 77;

    but giving it a little more thought decided not to - at least for the immediate time.


    However having said that, there were statements in those two posts (76 and 77) which illustrate all too well some past world history which people in general got caught up in - and let themselves be swayed [brainwashed] - by seemingly "harmless" and beneficial changes for the 'good of all' with "movements" and "regulations" which led to a very nasty turn of events affecting adversely the whole world.


    Although on a different "scale" than with reference made in the paragraph above, GDPR is by its own merit (?) of intentions and influence yet another method of indoctrinating society in general for implementing the seemingly harmless but worthwhile cause of: 'for the good of all'.


    DJ

  • I do not see the conflict? The US regulations still apply to the US citizens. The EU regulation applies to EU citizens. Yes, you now have to abide to both, but they are not in conflict with each other. You can easily adhere to both, by allowing US citizens register when they are at least 13 and EU citizens when they are at least 16. Laws are considered to be conflicting if you can't adhere to both at the same time. But you can.

    That would be a bit hard to do with WoltLab or any other forum software. The age limit when set displayed on the registration page, only has one age to set. So if you had EU users coming on your forum, then you'd set the age limit I guess at 16 now with this GDPR increase in age. But then that means if an American user came along age 14 and entered that into the age setting box at registration, they're going to be rejected because of entering an age under 16 years-old. So you can't really cater for both age limits from EU and those outside the EU with a younger age limit allowed. So what you going do if you have EU users coming on your forum and you need to be using the age limit on registration page for them to confirm they're 16 years or over. But then you might have U.S users coming on that should be allowed on it at 13 years-old and finding themselves rejected at registration because it's set at 16 years-old.


    And worse, if you decide to not display the age limit checking. Then you're not "covering yourself" by having new users confirm they are old enough to use the forum.

  • NicoleSophie All true, but just because you do not (yet) have the technical ability, the law itself is not in conflict...


    The site owner invites only USA friends to join site, but several of his invited friends invites EU peoples to join the site... how would site owner know it and update their page?

    He doesn't know, and he doesn't need to. If your sites policy states clear enough that your site is not for EU citizens, that is enough. You are allowed to assume that users who aren't allowed do not fraudulently registers. Don't make this law more complicated then it is.

    And as far as your server logs are concerned yes, you should configure them to not log IPs.

    "A life is like a garden. Perfect moments can be had, but not preserved, except in memory. LLAP" — Leonard Nimoy