Posts by Netzwerg

    I was just about to answer on some post here, and copied some text to my own post to better answer on it, specifically the phrase


    As you can see, it is formatted using italics.

    If you try to apply inline code formatting to it, the following happens:


    So far, so good. However, due to WSC always marking one extraneous character (yes I know this is intended, I still disagree with the usefulness), you can not type just away. removing the whitespace yields:


    Now its strike-through and the whitespace is still there, still formatted as inline code.

    Whenever something is wrong, Redactor seems to fall back to strikethrough...

    Expected behavior: Applying inline-Code BBCode removes all pre-existing formatting, removing formatting from part of a phrase should not magically turn it into strikethrough.

    /edit: After sending it, the strike-through is gone. Still, its easily repoducible.

    The light gray look of the calendarPastDay class comes from this:

    @media screen and (min-width: 769px), print
        .calendarFullMonthView .calendarPastDay::after {
            background-color: rgba(255, 255, 255, .4);

    In a way, you are correct, there is an overlay. The :after pseudo class is used here to lay an semi-transparent color over the past days. Below 769px, this view completely collapses responsively.

    /edit: Ah, Alexander was faster then me :D. Still; I'll leave this as elaboration

    What reason would their own country have to take action against that person, when the legal system in that country is not bound by the GDPR laws

    The principle of reciprocity.

    Some treaties to enforce foreign judgments already exist:…ment_of_foreign_judgments

    You could probably write volumes of books about international diplomacy just to get to the bottom of how exactly GDPR enforcement will be implemented world-wide. Again, I am not able to judge which existing treaties might cover GDPR (or parts of it), and neither do I know whether new treaties specifically relating to GDPR have already been signed or are in the works. This would be an interesting topic to explore, though, and if you find good reference sources feel free to share them, I'd be delighted to get some more concrete, well-sourced information on that.

    ONE: What would happen if my partner and I just ignore the GDPR? - (Or to put it another way, we DO NOT comply with the GDPR Ruling) !

    Thats too early to say at this point, and I doubt you'll get a definite answer on an online board, since it involves international law and that can be quite convoluted. If you read the topic, this has already been answered, btw, with the relevant articles from GDPR quoted. Basically, the answer boils down to that how exactly violations are handled is not part of GDPR, but is regulated by bi- and multilateral treaties and then boils down to how local authorities implement those.

    Do forums with a few dozen members around the world (including the EU) and not set up as a business, fall under this new law?

    TWO: Since both my partner and I live in the U.S., and our joint forum project will be based in the U.S., but Hosted by a company who is in a country other than the U.S., are we legally bound to comply with GDPR?

    Yes to both - if you have users from within the EU or have users from a state that falls under GDPR, according to Article 3 (which I already linked on the first page of this topic). Note that hosting a forum is "offering a service" in this context. If you do not with to be bound to GDPR, you have to exclude EU members from usage of your site (not offering it to them).


    This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:

    1. the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or
    2. the monitoring of their behaviour as far as their behaviour takes place within the Union.

    That can be anything really, such as email address you list as contact details. It's not being specific about what kind of contact details is required.

    Be aware that the legal definition of contact information is used here. IANAL, but the ones I have asked say that a postal address is required. That doesn't necessarily mean your home address, but it has to be a legal postal address (the german term is "ladungsfähige Anschrift", I have no idea how that translate in lawyer speak to english).

    some are even saying that small sites don't even need follow the GDPR.

    Some parts about record-keeping only apply to enterprises with more then 250 employes, yes. But most of the parts are relevant for everyone. If they think most parts don#t apply, they are grossly mistaken.

    Article 13, especially 1a).


    Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with all of the following information:

    1. the identity and the contact details of the controller and, where applicable, of the controller’s representative;

    You'll be hard pressed to run a website without collecting personal data, even the IP address stored in your server log counts. Controller means you as service provider here (its defined earlier in the text more precise).

    Article 12 (1) states:


    The controller shall take appropriate measures to provide any information referred to in Articles 13 and 14 and any communication under Articles 15 to 22 and 34 relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child. 2The information shall be provided in writing, or by other means, including, where appropriate, by electronic means. 3When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.

    Which is odd if true that they want every site owner to list their name and address on a privacy policy page. How is that protecting a users privacy?

    Because as a website owner, you are a service provider. You are not merely a user. The users of your website actually get protection from you in that case.

    But we don't all live in Germany and have also managed the way things are for us quite happily, without your laws or this GDPR. ;)

    You'll get used to it.

    The GDPR is protection of privacy for users. The current debate about Facebook shows how necessary this is. Providers (Collectors or Processors in GDPR speech) of services on the other hand are held accountable. While we certainly "managed" without such a law, that doesn't mean everything worked out well. The problems with big data are ubiquitous, and this is a good first step in the right direction.

    The GDPR applies not only to online data - it pertains to all data (medical records, genetic information and much more), so it covers a whole range of things and improves privacy in many aspects of daily life, not only online communication.

    Its not the holy grail, far from it, and I do have my fair share of critique for it.

    It's great that they think everyone is going to be upfront and post their name and address on their site.

    Its already a reality in certain countries. In Germany, you have the so called "Impressumspflicht" / "Anbieterkennzeichnung". If you want to run a website in Germany, you already have to do this. This isn't some dream world, its already a tried and true practice. One that works.

    But the reality is though, anyone who's used the web for long enough knows it's a bad idea.

    Is it, though? Experience from my own country show that is not. It works, and has for a very long time. The original law from 1530 (yes, the original law dates back to the Reichstag of the Holy Roman Empire) was made more concrete for online communication on 22th July, 1997 as "Teledienstgesetz" and was reformed on March 1st, 2007 by the "Telemediengesetz". For More then two decades now Germans have had to have their names on the legal notice if they wanted to run a website. Experience shows that it is absolutely possible to so so without getting stalked and harassed. Abuse of the information provided in the legal notice is a crime.


    New forums gets started "everyday" on the web, do you think they can keep up with that, or even have the manpower to check every site on the web.

    They don't have to. Do you think every cars is constantly checked for driving violations? They aren't. Random controls paired with actions when violations are reported are more then enough incentive for most providers to adhere to the law.

    Because as you have pointed out, if you ban someone from your forum, the last thing you want is that he sues you for GDPR violations. That is just an attack vector you don't want to have.

    Getting a search warrant does not involve big court sessions. It just has to be signed by a judge. That how legal systems work, law enforcement does not simply do their bidding, they observe due process. Doesn't mean that there is a big deliberation at court.

    I disagree with your assessment that its only going to happen when something bad is going to happen. When the TMG (a privacy law) was adopted in Germany, many lawyers would just search websites that did not comply with it (had an incomplete legal notice) to issue written warnings, often quite costly for the site owner. There are a lot of reasons people just want to piss on someone else, and not complying with the GDPR will mean you are an easy target for anyone who wants to piss on your parade.

    Looks like they don't even know how they plan to enforce it yet on site owners.

    That will be up to local authorities.


    What if I posted I'm homeless with no fixed address - can they prove otherwise when they have no idea who I am because the sites domain uses whois protection?

    A judge will likely compel your provider / domain registrar to hand out your payment details to local law enforcement.

    And I can see that happening too. I don't think it will be long before other countries take it onboard like the U.S. Just a matter of time I think.

    Well, there are already numerous treaties in place about international enforcement of jurisdictions. I am not versed enough in international law to judge whether or to what extend already existing treaties apply. Some procedure to collect internationally already exist.

    The principle of reciprocity will also apply here - I suspect many countries, including the US, will be interested in enforcing the GDPR just because they are interested in the fact that EU courts also enforce certain US laws (EU courts usually hate punitive damages, btw).

    But I am not sure whether treaties specific to the GDPR have already been signed between the US and EU, and to what extend existing treaties apply. International law can be very messy :/, and I haven't really kept an eye on this (I'm more concerned with how to comply with it then with the question of who has to comply with it internationally).

    A question about this. When the UK leaves the Euro. Will the UK be except from this GDPR.

    It is too early to say. If a "hard" Brexit occurs, the will no longer be bound by it, but might choose to make it national law. If a "soft" Brexit occurs, then it will be impossible to tell in advance which EU laws still apply. if GB wants to retain access to the free market, they will likely be forced to adopt it as one of the stipulations to retain access to the free market.

    Also, what if your site is hosted from the U.S, which isn't covered by the GDPR. It's a European law only.

    Chapter 5, Article 50 of the GDPR states:


    In relation to third countries and international organisations, the Commission and supervisory authorities shall take appropriate steps to:

    1. develop international cooperation mechanisms to facilitate the effective enforcement of legislation for the protection of personal data;
    2. provide international mutual assistance in the enforcement of legislation for the protection of personal data, including through notification, complaint referral, investigative assistance and information exchange, subject to appropriate safeguards for the protection of personal data and other fundamental rights and freedoms;
    3. engage relevant stakeholders in discussion and activities aimed at furthering international cooperation in the enforcement of legislation for the protection of personal data;
    4. promote the exchange and documentation of personal data protection legislation and practice, including on jurisdictional conflicts with third countries.

    Article 3 defines the territorial scope, which basically says that it applies to all data sourced within the EU, no matter where it is processed.

    Article 27 "Representatives of controllers or processors not established in the Union" deals with how non-EU entities will be handled. They will be forced to establish a representative, who is subject to compliance (and fines) within at least one EU member where they source data from.

    Treaties with various nations have already been made as far as I know, and Article 50 says that its an ongoing effort to establish more treaties that ensure the GDPR can be enforced internationally. So it basically boils down to bi- or multilateral treaties (Article 50), and then, after tose have been signed, companies will be forced to create representatives under Article 27, for all data that is in scope according to Article 3.

    Notably, how the GDPR will be enforced in 3rd party countries is not part of the GDPR itself (except that they will have to establish a representative, but how the 3rd parties enforces that is not specified), that is open to the treaties which have been/will be made under Article 50.

    You don't see their home address being given away.

    No, but the Radio or TV Stations address is known. The radio or TV station being the service provider here. If someone publicly spurs racial slurs (or does whatever is deemed illegal), you sue the TV/Radio station.

    If you are a user on another website, you are not the service provider. But as soon as you run your own website, you become the service provider - you become the TV/Radio station in this analogy. And their addresses *are* known.

    Look at it another way also. You can make enemies on the web, there are plenty idiots out there that may join your forums looking to cause trouble with you. Try having a few web stalkers, and you're expected to list you name and address on your site's policy for page for them to grab easy and use against you. It happens and this is why I would never show it.

    Yes, but to be fair, this is what people who are public figures have to deal with on a daily basis, also. Do you think TV or radio stations do not get crappy hate-mail on a daily basis? They do.

    If you want to be a service provider, instead of a consumer of a service someone else provides, that is the cost you have to pay.

    Lets say someone else is telling blatant lies about you on his very own blog - destroying your reputation. You would really want to be able to do something about it, and having a legal address available so you can readily sue him is an important first step for that.

    If he does it on another blogging platform, you just contact the platform provider (or have your lawyer contact them), and they will deal with it and likely remove the offending content.

    You have accountability in both scenarios, but in the latter the offender also has anonymity. Can you sue him for damages? You still can't, unless the platform provider has his legal contact info, which he more then likely hasn't.

    So yeah, there is a big difference between being the user of a service or being the provider of one, and as I have shown above, even having a blog is providing a service. accountability is important to be able to uphold the law.