03-30-2018, 05:43 AM | #16 | |||
Wizard
Posts: 3,108
Karma: 60231510
Join Date: Nov 2011
Location: Australia
Device: Kobo Aura H2O, Kindle Oasis, Huwei Ascend Mate 7
|
This is Article 4(1):
Quote:
Quote:
Quote:
|
|||
03-30-2018, 06:12 AM | #17 |
Evangelist
Posts: 482
Karma: 2267928
Join Date: Nov 2015
Device: none
|
|
03-30-2018, 07:17 AM | #18 | |
Wizard
Posts: 3,108
Karma: 60231510
Join Date: Nov 2011
Location: Australia
Device: Kobo Aura H2O, Kindle Oasis, Huwei Ascend Mate 7
|
Quote:
I have no official position at Mobileread. I am a member only. I use the words "we" and "us" simply because I feel I have a stake in the forum operating and wish to help out if I can. I'm not sure exactly what information Mobileread collects. However, you may recall that when you signed up you were asked to provide an email address and some other details, which I presume you did willingly. As far as I'm aware limited information is simply collected and stored for purposes of the operation of the forums. I have certainly never received marketing emails or other spam as a result of my Mobileread membership, so my information does not appear to have been sold. Most sites you visit will log the ip address you are apparently visiting the site from, for valid reasons. IP addresses do not usually identify a person. They may identify the owner of a particular account with an ISP, but only if you are able to legally compel the ISP to hand over the information. They do not establish which particular person accessed the site. Like many Government initiatives the EU has sought to address a very real problem with a ridiculously over-reaching piece of legislation, complete with vague drafting to encourage uncertainties and give it the widest possible reach. They are obviously taking the view that even the smallest online forum which requires registration is caught, and must bear the compliance costs. If they could actually enforce this outside the EU I suspect many forums would close. Last edited by darryl; 03-30-2018 at 07:26 AM. |
|
04-02-2018, 02:04 PM | #19 |
Grand Sorcerer
Posts: 11,470
Karma: 13095790
Join Date: Aug 2007
Location: Grass Valley, CA
Device: EB 1150, EZ Reader, Literati, iPad 2 & Air 2, iPhone 7
|
When I looked at the description of the legislation it talked a lot about collecting information that the user doesn't authorize. We do not do any of that. All information about a user is directly submitted by the user. Most is optional. The only statistic that we generate is the number of posts and that is clearly displayed. I think a typical forum doesn't collect things the user would be worried about.
|
04-02-2018, 07:02 PM | #20 | |
Addict
Posts: 281
Karma: 7724454
Join Date: Sep 2017
Location: Bethesda, MD, USA
Device: Kobo Aura H20, Kobo Clara HD
|
Quote:
And at that point you must scrub that info from all databases, server logs, backups, etc in a timely fashion. Lots of out of the box setups aren't designed to (for instance) go through all the Apache logs and eliminate IP addresses, or go through and delete first/last names from not just the main user records but debug logs, change history, quotations in messages, etc. Some systems are smart enough that some of that is stored as pointers into the main record (especially quotes), but some aren't and some of that (change history) is inherently stored as copies for good reason. So compliance becomes a bit of a PITA to dot all the i's and cross the t's. |
|
04-03-2018, 01:58 PM | #21 |
Grand Sorcerer
Posts: 11,470
Karma: 13095790
Join Date: Aug 2007
Location: Grass Valley, CA
Device: EB 1150, EZ Reader, Literati, iPad 2 & Air 2, iPhone 7
|
Wow, going back after the fact and undoing stuff that was there for eons is totally unreasonable IMHO. There are archive sites that collect pages and those won't go away even if the main site does. What is it that they say? You can't change history.
Dale |
04-07-2018, 06:04 PM | #22 |
Zealot
Posts: 108
Karma: 2245322
Join Date: Sep 2013
Location: Pennsylvania, U.S.A.
Device: Kindle Oasis 3 and iPad Air 5
|
This European law may have a chilling effect on the Internet as a whole. Most smaller and non-commercial websites simply do not have the manpower or capacity to comply with it, at least not completely. Sites owned and operated outside of Europe may simply decide to block European users as a whole, leaving Europe only with access to sites owned by companies large enough to supply the manpower and capacity to comply with GDPR.
"The road to Hell is paved with good intentions." |
04-08-2018, 03:32 AM | #23 |
Addict
Posts: 306
Karma: 4508151
Join Date: Aug 2008
Location: Scandinavia
Device: Kobo Libra, Oasis 1&2 and others
|
A site (or business) can store personal information based on the individual’s consent. This consent is given when the person enters the info.
The problem is if the person changes their mind - then the lawful basis of data processing is gone. Anonymizing (is that a word?) the data could be the best way to solve this after someone requests account deletion. So best would be if one could argue ANOTHER basis for the processing, not consent. From memory some grounds for data processing are: it is necessary for performing the request/contract, certain interests etc. others are related to public interest, legal requirements etc. The other possibility MIGHT be that the consent could be written in a way to enable deactivating accounts while info remains (posts, stats) etc. this could also be sensible since there is the conflicting side of the coin of keeping records and not destroying possible evidence etc. I would aim to have a consent that basically states that anything done while an active member remains on public side and IP etc is inaccessible to admins (is it?) after deactivating the account. The right to be forgotten/anonymize could maybe be done by admins by changing the user name to a random string when deactivating the account. Anonymized data can be stored and processed. So it is a question of wether the user info is obscured enough “behind the scenes” for full compliance with the regulation this way. Since we don’t have any case law yet, it will not be possible to say with certainty how these purposes will be interpreted. But the aim of the legislation is to ensure privacy and secure data processing, not to hinder normal accepted activities... that said, it is a mess until we get case law or country specific legislation in EU. Disclaimer: I’m a lawyer and have attended a few courses on this, but don’t have my material with me when writing. This is not legal advice, etc Last edited by June; 04-08-2018 at 03:38 AM. |
04-08-2018, 05:06 AM | #24 |
null operator (he/him)
Posts: 20,572
Karma: 26954694
Join Date: Mar 2012
Location: Sydney Australia
Device: none
|
@June - Good to hear from European member who knows what they're talking about.
I've read the following elsewhere: given GDPR is an EU Regulation, as opposed to to Directive, country specific legislation as such isn't necessary. Curious as to whether you have any thoughts on that? BR |
04-08-2018, 07:53 AM | #25 |
Wizard
Posts: 3,108
Karma: 60231510
Join Date: Nov 2011
Location: Australia
Device: Kobo Aura H2O, Kindle Oasis, Huwei Ascend Mate 7
|
Agreed. Being a lawyer in one country certainly helps, but it is still far better to hear from a local lawyer bearing in mind always that lawyers expressing their views on forums like this one does not constitute legal advice which can be relied upon, and is all care but no responsibility.
|
04-08-2018, 01:04 PM | #26 | |
Addict
Posts: 306
Karma: 4508151
Join Date: Aug 2008
Location: Scandinavia
Device: Kobo Libra, Oasis 1&2 and others
|
Quote:
That said, the EU regulation is the one that is valid and has to be applied in all member countries. https://www.eugdpr.org |
|
04-09-2018, 07:25 AM | #27 |
Grand Sorcerer
Posts: 27,551
Karma: 193191846
Join Date: Jan 2010
Device: Nexus 7, Kindle Fire HD
|
I hereby grant Mobileread the right to ignore any of Future Me's potential demands to delete, obscure, or anonymize any of Past (or Current) Me's consensually given data.
|
04-29-2018, 09:03 AM | #28 | |
Chocolate Grasshopper ...
Posts: 27,600
Karma: 20821184
Join Date: Mar 2008
Location: Scotland
Device: Muse HD , Cybook Gen3 , Pocketbook 302 (Black) , Nexus 10: wife has PW
|
Quote:
Chuckles..... By my reading of the issue, even on vbulletin.org, is that every member would be required to say same, or similar. Storing IP addresses is an interesting one, especially when quite a few folk use virtual IPs that won't link back to them personally, so too for email addresses. Mind, knowledge of IP addresses on a Forum like vbulletin help identify and nullify spambots. PITA and molehills spring to mind, I don't envy Alex in trying to sort this issue out on a site as large as MR. I'm, like I guess many others, in similar boats even with smaller Forums..... |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Delete Obreey account | mpcww | PocketBook | 0 | 04-21-2014 02:20 AM |
delete gmail account? | zeroh | Nook Developer's Corner | 12 | 12-29-2010 03:47 PM |
Delete Email Account | veronica0406 | enTourage Archive | 2 | 11-24-2010 03:29 AM |
Delete a book from Sony account? | jharrison | Sony Reader | 0 | 12-17-2009 03:20 PM |