GDPR and Boards.ie post removal policy **update linked in OP 24/5/18**

Esel

I thought backed up data only has to be deleted at the point of restore?

Bob24

Esel wrote: »

I thought backed up data only has to be deleted at the point of restore?

I think there is no full legal clarity on this yet but yes this is what I meant by backups being GDPR compliant. But identifying subsequently deleted data which is present in a backup and making sure you don’t restore that data is not straight forward at all, and it likely requires specific processes and technical implementation for the backup process to support it (which most organisations wouldn’t have had before GDPR).

Sleeper12

Chorus_suck wrote:

This post has been deleted.

They didn't have to remove anything at the time. They had the rule covering themselves & removed what they saw as genuine cases. I've been pulled up by mods from time to time but I have never come across one that wouldn't help on a reasonable request.

Under the new laws they might or might not have to remove stuff if your IP & email are removed. Id imagine that if someone lists 500 different posts then they will have to go through the 500 posts and decide how many, if any actually identify the person & delete them.

Another easier option in some cases might be to delete all of their posts or whole threads. It might be possible if I want all of my data removed for them to delete my email address & IP & change my user name from sleeper to elvis or 12345.

Imo as few posts as possible should be removed as removing tons of posts can make older threads unreadable & pointless even keeping them. Then you will have someone with a grudge demanding all be deleted when they get banned just for revenge

Beasty

Bob24 wrote: »

I think there is no full legal clarity on this yet.

I think there is a lack of legal clarity on many aspects of this law. I suspect much of this will only become clarified as people and businesses work through its practical implementation/application

Equally there are plenty of views expressed in this thread that appear to have little if any legal standing. I know of one lawyer who has posted here but suspect most contributors, including myself, have little or no legal training.

I'm as interested as anyone in seeing what the official Boards line is.

Dravokivich

Does it really refer to content on a discussion forum? Do you force people you forget something you've said to them? I think a lot of what's being said here is a bit of a leap from the intentions of gdpr. The data is primarily refers to would be your name, address, d.o.b and such. Posting in a Liverpool thread saying you secretly prefer man United isn't personal data.

BowSideChamp

Dravokivich wrote: »

Does it really refer to content on a discussion forum? Do you force people you forget something you've said to them? I think a lot of what's being said here is a bit of a leap from the intentions of gdpr. The data is primarily refers to would be your name, address, d.o.b and such. Posting in a Liverpool thread saying you secretly prefer man United isn't personal data.

Let's say you post in the swimming forum that you came 3rd in the NAC Masters Gala in 2016. You have now identified yourself. Every post about your politics, sexual exploits/orientation, work problems etc is now identifiable and can be exploited.

Sleeper12

Bob24 wrote:

Anyone saying that the existing practice of admins and mods “deleting†posts upon request when they contain private information is enough to be GDPR compliant (and I have seen a few posts making that argument) is probably making that confusion. This is unless when a mod deletes a post from the website it is completely deleted from any server/database boards operates and backups of these servers/databases are GDPR compliant, but my understanding is that this is not the case.

I'm not sure why you quoted me in that as I never made that point.

You are confusing two separate things. There is the way things are run now & the way things will be run when the new law kicks in. The mods have behaved perfectly by hiding the posts up until now. In the future any data that needs to be removed will be totally deleted. Boards.ie like my own site will have software installed, if they haven't already, to do this at the touch of a button. There will be a dedicated member of staff to handle this as detailed in the legislation. They will need a new privacy statement detailing how data is used, stored & backed up. There is a whole list of things that need to be included in the privacy policy.

I don't think any of the above is in question. What no one really knows is will posts be deleted if the account, IP address & email address etc are totally deleted. Will posts made anonymously fall under the new law? These are the questions.

hullaballoo

Chorus_suck wrote: »

This post has been deleted.

Admin: This is a serious allegation.

Point me directly to where this happened so that I can review your allegation.

Bob24

Sleeper12 wrote: »

I'm not sure why you quoted me in that as I never made that point.

You are confusing two separate things. There is the way things are run now & the way things will be run when the new law kicks in. The mods have behaved perfectly by hiding the posts up until now. In the future any data that needs to be removed will be totally deleted. Boards.ie like my own site will have software installed, if they haven't already, to do this at the touch of a button. There will be a dedicated member of staff to handle this as detailed in the legislation. They will need a new privacy statement detailing how data is used, stored & backed up. There is a whole list of things that need to be included in the privacy policy.

I don't think any of the above is in question. What no one really knows is will posts be deleted if the account, IP address & email address etc are totally deleted. Will posts made anonymously fall under the new law? These are the questions.

You said you don't think there is confusion on this thread about logical deletion of a post on the website and physical deletion of that post from backend servers.

I quoted you and replied with an exemple of how posters her have made that confusion. There is no confusion on my end between the existing process and what will be the process going forward as I have not made any assumption about what a future process might be. But as I said some posters have implied that the current process will be satisfying to be GDPR compliant which it probably won't as my understanding is that it doesn't involve physical deletion (thus my point that some posters on the thread are unclear about what "deletion" means in the context of GDPR - I have not said this is your case).

Sleeper12

Dravokivich wrote:

Does it really refer to content on a discussion forum? Do you force people you forget something you've said to them? I think a lot of what's being said here is a bit of a leap from the intentions of gdpr. The data is primarily refers to would be your name, address, d.o.b and such. Posting in a Liverpool thread saying you secretly prefer man United isn't personal data.

I personally believe people are expecting too much from the legislation. I'm not saying that it doesn't cover public forums but it's primarily to ensure businesses treat your data in a good manner. If they are going to sell or share your data it must be in the privacy policy. They must state how they will store your data and for how long. You have a right to request /demand that your personal data, name address email etc are totally deleted. It may not be deleted. I have to keep details of sales from my site for revenue for I think 7 years. A request for it to be deleted before this time will be refused.

I think it's a huge stretch to say that information you put out in a public forum falls into this law at all. This isn't secret information held by a company. Its not even Facebook where you only post to your friends. This is a public forum. It's a public conversation.

If I won the swimming race mentioned in another post & I was asked how did it feel to win the race & my response was put up on the school website I honestly don't think I would have a hope of forcing them to delete it under the new laws.

That's my take on it anyway. We'll see in the next few weeks how it all pans out

Dravokivich

BowSideChamp wrote: »

Let's say you post in the swimming forum that you came 3rd in the NAC Masters Gala in 2016. You have now identified yourself. Every post about your politics, sexual exploits/orientation, work problems etc is now identifiable and can be exploited.

I dont think thats the intention behind gdpr. I thought It's down to how systems identify us and how that information is controlled. Your content on a discussion forum should not be someone else's problem. That's fairly unreasonable.

retro:electro

My uneducated two cents worth: I think there are a range of differences between the kinds of info you share on Facebook compared to Boards. Facebook and Twitter I view as personal diaries, where you the user are very much the subject and content of what you post; and thus you should be in control of that data.

Boards is more of a community, where discussion is collaborative as you are participating and contributing in discourse with other users. That said, I have had to ask admins on numerous occasions to remove a few personal bits; on each occasion they were more than happy to, no questions asked. I cannot even imagine the mind fcuk and man hours that would go into deleting an entire users post history. It just does not seem feasible on a site that relies on collaborative discussion.

There is also a certain irony in users who have spammed the site with personal details for years, now crying that they may be identifiable and want more control over their history.
The purpose of Boards is underpinned by a community posting effort. Mass deletion of posts seems adverse and destructive to a site that relies on community engagement for it to function and make sense.
It will be interesting to see how the site interprets the GDPR and how it will affect the sites workability as a whole.

Hurrache

2 things, it can be automated so the man hours are front loaded. After that it's a click of a button if it ever was required.

Second, what users who spammed the forum with personal info are now crying on this thread?

Chorus_suck

This post has been deleted.

Franz Von Peppercorn

Hurrache wrote: »

This post had been deleted.

The solution to delete threads is simple technically but massively destructive.

Second, what users who spammed the forum with personal info are now crying on this thread?

Permabear has participated in a AMA for one.

Hurrache

Franz Von Peppercorn wrote: »

The solution to delete threads is simple technically but massively destructive..

Yes, we've been over it, it's irrelevant if it's a requirement.

And the poster you claim is crying is not actually crying or doing whatever else you claim he is, he's partaking in an interesting debate. Big difference.

oscarBravo

Hurrache wrote: »

...he's partaking in an interesting debate.

How interesting would the debate be if half the posts were deleted from it?

Franz Von Peppercorn

Hurrache wrote: »

Yes, we've been over it, it's irrelevant if it's a requirement.

And the poster you claim is crying is not actually crying or doing whatever else you claim he is, he's partaking in an interesting debate. Big difference.

Nobody has proven it’s a requirement. Lots of whiny nonsense presuming the conclusion.

There’s no way the spirit of the GPDR was meant to be for destroying the content of internet discussion boards. It’s to stop the sale or transfer of users data through the web without consent. Hence the cookie requests.

If a complaint is made here or any other forum re deletion the courts or the local country’s data officers will decide.

I didn’t say PB was crying. You did in your question.

However there’s something odd about participating in an AMA and a few months later getting into a huff about personal identifying posts on the same site.

Sleeper12

oscarBravo wrote:

How interesting would the debate be if half the posts were deleted from it?

So long as my posts aren't deleted it'll be riveting reading.

Hurrache

oscarBravo wrote: »

How interesting would the debate be if half the posts were deleted from it?

Repeating myself here, again. Nobody said otherwise.

Franz Von Peppercorn wrote: »

I didn’t say PB was crying. You did in your question.

You answered the question asked below.

What's your real problem though? You offer nothing constructive to the thread but childish comments, you seem to be personally offended by this thread because all you have to offer is childish smart arsed responses and it's obvious you don't want it discussed.

Nobody has come to any conclusions despite your attempted protestations in order for your weirdly odd attempt to shut discussion down.

retro:electro wrote: »

There is also a certain irony in users who have spammed the site with personal details for years, now crying that they may be identifiable and want more control over their history.

Hurrache wrote: »

Second, what users who spammed the forum with personal info are now crying on this thread?

Franz Von Peppercorn wrote: »

Permabear has participated in a AMA for one.

RHJ

This post has been deleted.

beauf

Beasty wrote: »

...
Equally there are plenty of views expressed in this thread that appear to have little if any legal standing. I know of one lawyer who has posted here but suspect most contributors, including myself, have little or no legal training.

I'm as interested as anyone in seeing what the official Boards line is.

I expect many will have already had legal advice and meetings and briefings through work, perhaps for months. Especially if they work in IT.

Boards may of course do something different to every where else.

All these test cases may not materialise. That's also a possibility.

Sleeper12

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Above is from my privacy policy. It has been designed by WordPress (the biggest Web site platform in the world) to meet my legal requirements. It says that you can request us to erase any "personnel data we hold about you". That's my legal responsibility. Personal data that I hold is names, address, email address, and details of the order from the store. Personal data isn't any comments left in the public forum on the site.

Hurrache

beauf wrote: »

I expect many will have already had legal advice and meetings and briefings through work, perhaps for months. Especially if they work in IT.

For those working in IT you can be sure training of some sort is probably mandatory for most.

Dravokivich

RHJ wrote: »

Exactly sites like Reddit function perfectly fine even though users can delete their posts.

Discussions on reddit don't tend to be linear.

Permabear

This post has been deleted.

Franz Von Peppercorn

Hurrache wrote: »

Repeating myself here, again. Nobody said otherwise.



You answered the question asked below.

I answered the question asked by you about who was crying? That’s not me saying he was crying.

What's your real problem though? You offer nothing constructive to the thread but childish comments, you seem to be personally offended by this thread because all you have to offer is childish smart arsed responses and it's obvious you don't want it discussed.

I’ve offered a technical solution. I’m opposed to the idea of posts being deleted en mass from Internet forums because of the general effect this would have on the internet. None of my posts are childish, that’s a generalised ad hominem.

Nobody has come to any conclusions despite your attempted protestations in order for your weirdly odd attempt to shut discussion down.

You are clear that you think closed accounts neeed to have removed and/or are agreeing with the poster(s) who suggest that.

Disagreeing with you (or anybody here) isn’t shutting discussion down. It’s the way discussion forums work. However deleting posts could shut down discussion.

BowSideChamp

Sleeper12 wrote: »

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Above is from my privacy policy. It has been designed by WordPress (the biggest Web site platform in the world) to meet my legal requirements. It says that you can request us to erase any "personnel data we hold about you". That's my legal responsibility. Personal data that I hold is names, address, email address, and details of the order from the store. Personal data isn't any comments left in the public forum on the site.

No personal data is defined as ANY INFORMATION on a identifiable person. It specifically includes sensitive information like political views, views on sex, religious beliefs etc. You keep ignoring this.

Franz Von Peppercorn

Sleeper12 wrote: »

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Above is from my privacy policy. It has been designed by WordPress (the biggest Web site platform in the world) to meet my legal requirements. It says that you can request us to erase any "personnel data we hold about you". That's my legal responsibility. Personal data that I hold is names, address, email address, and details of the order from the store. Personal data isn't any comments left in the public forum on the site.

Yes. I looked at some software I used to use in a forum I hosted (now defunct) and the update to that package has added the ability to delete all posts or anonymise the usernames. That’s their best guest at what GDPR is.

Most posts, the vast majority, on this forum are not personally identifying so the idea that all posts need to be deleted is just something some people ran away with.

Franz Von Peppercorn

BowSideChamp wrote: »

No personal data is defined as ANY INFORMATION on a identifiable person. It specifically includes sensitive information like political views, views on sex, religious beliefs etc. You keep ignoring this.

You keep ignoring the personally identifiable qualifier.

The views themselves don’t necessarily make the natural person’s identifiable, it is only in the rare case where the views do so that GPDR could be invoked. However even there there’s a grey area and it’s clearly going to be decided on a case by case basis.