GDPR and Boards.ie post removal policy **update linked in OP 24/5/18**

Zaph

Just out of curiosity, if GDPR never came along would people still be happy with standing over whatever they've posted on Boards in the past? Lots of us have posted all sorts of things over the years, some nonsense and trivial, some maybe quite serious and revealing personal things that maybe in hindsight we wouldn't have posted. But at the same time we've probably never given any of those posts a single thought in the intervening period. So imagining a world where GDPR never existed, would any of us ever be having a discussion about deleting posts that we've long since forgotten about, no matter how personally identifying they may be? That's what confuses me most about a lot of this thread, why those posts suddenly become so important when there is potentially the ability to have them removed, but they weren't a couple of years ago before GDPR was ever mentioned.

Steve

Permabear wrote: »

This post had been deleted.

Contrary to what I have posted before, I actually think you have a very valid position. I will still choose to defend boards status quo though because I believe it always has been a very fair and level headed approach to balancing the rights of privacy versus the (perceived) rights of trolls who come here with nothing to do but upset and disrupt the otherwise amicable day-to-day discussion that boards facilitates.

My name in real life is Steve by the way, that identifies me, and I demand boards deletes this post and all others of mine but not before I have stuck my oar in and caused disruption.. no worries tho, I will create a new account tommorrow and do the exact same..... :rolleyes:

The above is not how I want boards to end up.

I know this may be at odds with GDPR, I don't have an answer, it is a sad day though that genuine folk will suffer because of the cries of a few trolls and a law that enables them to wreak their havoc of sites like this and then disappear into the ether with no consequences.

Max Prophet

Steve wrote: »

Contrary to what I have posted before, I actually think you have a very valid position. I will still choose to defend boards status quo though because I believe it always has been a very fair and level headed approach to balancing the rights of privacy versus the (perceived) rights of trolls who come here with nothing to do but upset and disrupt the otherwise amicable day-to-day discussion that boards facilitates.

My name in real life is Steve by the way, that identifies me, and I demand boards deletes this post and all others of mine but not before I have stuck my oar in and caused disruption.. no worries tho, I will create a new account tommorrow and do the exact same..... :rolleyes:

The above is not how I want boards to end up.

I know this may be at odds with GDPR, I don't have an answer, it is a sad day though that genuine folk will suffer because of the cries of a few trolls and a law that enables them to wreak their havoc of sites like this and then disappear into the ether with no consequences.

Life is hard, deal with it.

Steve

Max Prophet wrote: »

Life is hard, deal with it.

Indeed it is, and I am.

Thank you for your contribution, not sure where we'd be without you.

Sleeper12

Sleeper12 wrote:

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

BowSideChamp wrote:

No personal data is defined as ANY INFORMATION on a identifiable person. It specifically includes sensitive information like political views, views on sex, religious beliefs etc. You keep ignoring this.

Read the privacy policy above. If you have an account or left comments you can request an exported file. Then you can request any personal data we hold about you. That's personal data that we required for you to setup the accounts. That clearly does not include any comments that you may have left on the public forum. Even if you post personal data. That's not data that we require or hold. It's information that you decide of your own free will to make public.

If you make your views known on sex or race that has nothing to do with the data I hold in private. What's in the public domain is public. If you are gay & you come out of the closest there's no going back in.

The legislation has nothing to do with your views. It is all about the data I make you give me when you place an order on my site. The law is very clear about what is required. Looking for data to be deleted is only a tiny part of the directive. It's about what I do with your data. Do I sell it? Do I use your email address outside of the original traction. For example shops offering to email you your receipt will no longer be able to send you newsletters without your permission.

Requesting data to be deleted won't get an automatic result. In most cases the data has to be held for a number of years for revenue. Request all you want but it won't be deleted.

There is a huge difference between data held & data posted anonymously on a public forum.

Permabear

This post has been deleted.

Bob24

Permabear wrote: »

This post had been deleted.

And actually I would reverse the inference.

It is not because of GDPR that people will want the option to have more control over their online/digital footprint.

It is rather because people already want the option to have more control over their online/digital footprint that something like GDPR has been created.

Esel

Steve wrote: »

Contrary to what I have posted before, I actually think you have a very valid position. I will still choose to defend boards status quo though because I believe it always has been a very fair and level headed approach to balancing the rights of privacy versus the (perceived) rights of trolls who come here with nothing to do but upset and disrupt the otherwise amicable day-to-day discussion that boards facilitates.

My name in real life is Steve by the way, that identifies me, and I demand boards deletes this post and all others of mine but not before I have stuck my oar in and caused disruption.. no worries tho, I will create a new account tommorrow and do the exact same..... :rolleyes:

The above is not how I want boards to end up.

I know this may be at odds with GDPR, I don't have an answer, it is a sad day though that genuine folk will suffer because of the cries of a few trolls and a law that enables them to wreak their havoc of sites like this and then disappear into the ether with no consequences.

Troll post deletion shouldn't be a problem, as trolls usually don't last long here.

Separate question: Say I close my account, then come back after more than 40 days (so my hashed e-mail address is no longer held by Boards) and request deletion of some/all of my posts - how could I prove, or Boards verify, that I am the actual owner of that account?

Sleeper12

Zaph wrote:

Just out of curiosity, if GDPR never came along would people still be happy with standing over whatever they've posted on Boards in the past? Lots of us have posted all sorts of things over the years, some nonsense and trivial, some maybe quite serious and revealing personal things that maybe in hindsight we wouldn't have posted. But at the same time we've probably never given any of those posts a single thought in the intervening period. So imagining a world where GDPR never existed, would any of us ever be having a discussion about deleting posts that we've long since forgotten about, no matter how personally identifying they may be? That's what confuses me most about a lot of this thread, why those posts suddenly become so important when there is potentially the ability to have them removed, but they weren't a couple of years ago before GDPR was ever mentioned.

This is a point I tried to make pages back. We've all used boards.ie for years. We've posted in our own style some guarding their identity and some not so bothered about it. It's only now that this legislation has come up people are up in arms despite not caring about the issues for years. Boards.ie hasn't gone backwards hasn't taken away rights we had a year ago. Nothing has changed, yet the outcry. Boards.ie hasn't even said that it won't delete comments. Boards.ie will do whatever is required by law. They haven't said otherwise.

Steve

Permabear wrote: »

This post had been deleted.

In fairness, that had nothing to do with publicly posted information. It was data collected without the knowledge or permission of the users concerned. I don't see how that equates in any way with boards.

Permabear

This post has been deleted.

Bob24

Sleeper12 wrote: »

This is a point I tried to make pages back. We've all used boards.ie for years. We've posted in our own style some guarding their identity and some not so bothered about it. It's only now that this legislation has come up people are up in arms despite not caring about the issues for years. Boards.ie hasn't gone backwards hasn't taken away rights we had a year ago. Nothing has changed, yet the outcry. Boards.ie hasn't even said that it won't delete comments. Boards.ie will do whatever is required by law. They haven't said otherwise.

boards is not an isolated island and cannot be looked at in isolation. It exists in an online ecosystem and IT industry whereby the amount of available data, data collection/sharing/processing practices and technologies, and people's awareness of these things all have changed massivly since boards was created.

All this as caused additional needs for control from many online users' perspective.

hullaballoo

Chorus_suck wrote: »

This post has been deleted.

Admin: Let me clarify.

You have made an allegation of a serious nature. This has been taken seriously by the admins.

We are now requiring you to provide what evidence you can to corroborate your allegation.

You have not done so and should you fail to do so any further, we can carry on with this discussion in the Prison forum.

Please provide a link to or other evidence of an admin publishing personal information about a user of this site.

In order to bring closure to this issue, I'll give you 24 hours to do so in this thread. Thereafter you can provide it in Prison. If you have reason not to post it publicly, you can PM me or another active admin.

Steve

Esel wrote: »

Separate question: Say I close my account, then come back after more than 40 days (so my hashed e-mail address is no longer held by Boards) and request deletion of some/all of my posts - how could I prove, or Boards verify, that I am the actual owner of that account?

Good point.
You can't, you have availed of boards existing anonymity policy....

But sure on the other hand, I know who you are, didn't we serve on the front line together back in the day... wink wink..... I have yore back etc...

Beasty

Esel wrote: »

Separate question: Say I close my account, then come back after more than 40 days (so my hashed e-mail address is no longer held by Boards) and request deletion of some/all of my posts - how could I prove, or Boards verify, that I am the actual owner of that account?

I have pondered that question myself, and have not come up with an answer. I guess if all the pieces add up and prove that prior account was you, and you can somehow prove your current ID is the same person then I think you would be in your rights to have that data wiped

Before anyone jumps in and starts talking about our linking to site-banned accounts, that is rarely on the back of information that can identify people in real life. It is almost always on links we can establish between accounts (yes including IP addresses, but we do not use them to speculate over a poster's real life ID, just to link to other accounts)

Sleeper12

Here's one to watch out for on Facebook. Let's say that you have a 40 year old lady on Facebook. She uses a double barrel surname because long lost school friends will be looking for her maiden name. I do see the merrets in this setup. Same lady has a 20 year old daughter who she's friends with on Facebook. From the daughters Facebook page I get her name. Her age, date of birth even. Then I look at her friends list and find someone 20 years older with her same surname and another name after it. I now have the daughters date of birth. Full name. Mothers maiden name. Hell I bet her school is named too. There's enough security questions answered there to cause mayhem.

People think that they are clever & security conscious but in reality we give away too much personal information that can be used to access our bank accounts.

Permabear

This post has been deleted.

Chorus_suck

This post has been deleted.

the_pen_turner

if we assume that all data has to be deleted, then would the holder have to tell you when its deleted. if so how , sureley that info then can be asked to be deleted . its just a circle after that

the_pen_turner

Permabear wrote: »

This post had been deleted.

but surely removing the poster identity from the post content would solve that

Sleeper12

Beasty wrote:

I have pondered that question myself, and have not come up with an answer. I guess if all the pieces add up and prove that prior account was you, and you can somehow prove your current ID is the same person then I think you would be in your rights to have that data wiped

Here's the rub for boards.ie in that situation. I've said several times that the legislation isn't just about deleting data. It is actually more to do with protecting the data. Boards.ie would have to be 110 percent sure it is the correct account owner. Remember that they request to see the data first. Giving my data to another member is a massive data breach. There could be massive law suits because now you have identified an anonymous poster who could be a cross dressing racist cyclist that supports Trump.

Tough situation to be in

hullaballoo

Chorus_suck wrote: »

This post has been deleted.

We will carry on this discussion in the Prison forum, in that case.

Beasty

Sleeper12 wrote: »

There could be massive law suits because now you have identified an anonymous poster who could be a cross dressing racist cyclist that supports Trump.

Oh FFS!!! I thought I asked you to keep quiet about that:mad:

Permabear

This post has been deleted.

Steve

Permabear wrote: »

This post had been deleted.

Curious as to why you think this. Why should they expect that when they explicitly agree to the contrary when creating an account here?

Extract from the TOU:

You own all of the Material you post on Boards.ie and we do not claim ownership of that Material. However, we need your permission to be able to display that Material and in some cases to modify it for best display – for different browsers, for our mobile site, and so on.

Consequently, by posting any Material on or through Boards.ie, you grant Boards.ie Limited a limited licence to use, modify, publicly perform, publicly display, reproduce, and distribute such Material. The licence you grant to Boards.ie Limited is non-exclusive, royalty free and fully paid, sub-licensable, and worldwide. This licence applies only to use of the Material for the purpose of providing the Boards.ie service. You also waive to the fullest extent permissible by law any moral rights in such Material. You are responsible for making sure that you have all rights to what you post, including the rights necessary for you to grant the licence above.

By posting any Material on boards.ie you represent and warrant that: (i) you own the Material posted by you or otherwise have the right to grant the licence above, and (ii) the posting of the Material does not violate the privacy rights, publicity rights, intellectual property rights, confidentiality, contract rights or any other rights of any person. You agree to pay all royalties, fees, or any other monies owing any person by reason of any Material posted by you to or through Boards.ie.

From time to time we may seek to use users' Material for the purpose of advertising or marketing boards.ie. However we will not use your Material for this purpose without your prior express written permission.

Please do not post any information you are not happy to leave up indefinitely. In order to ensure that threads and conversations are not disrupted, we do not generally remove Material which is uploaded to us. Consequently, you agree that your Material displayed on boards.ie may continue to appear on boards.ie, even after you have terminated your user privileges or have had your user privileges terminated by boards.ie.

However, we understand that you may wish to remove certain types of original creative Material (such as your photographs, drawings, videos, short stories, architectural plans, poetry and the like) from time to time.

RHJ

This post has been deleted.

BowSideChamp

Chorus_suck wrote: »

You are correct that I have made a serious allegation. I will provide evidence as you ask ...

... However, I believe it is only fair that you answer my previous questions before I do this. What will be the consequences for the admin involved? What will this ‘review’ process involve and will it be transparent?

Are you refusing to answer these questions and if so why is this?

Let's hypothetically say there was a misuse of data. Under GDPR there is an obligation to report the breach within 72 hours of becoming aware.

Steve

RHJ wrote: »

This post has been deleted.

Firstly, I did not quote that previously so I have not "continued to quote it" as you claim.

Secondly, we have a thing in this country or ours - called the constitution - that states that law cannot be retrospective.

I don't disagree that policy must change, I just don't see how it can legally apply to posts made before the enactment of such a law.

For example, if, hypothetically, a law was passed tomorrow that prohibited any mention of Volkswagens, should those in the motors forum be prosecuted because they previously posted about them?

Steve

BowSideChamp wrote: »

Let's hypothetically say there was a misuse of data. Under GDPR there is an obligation to report the breach within 72 hours of becoming aware.

Obligation on who?

BowSideChamp

Beasty wrote: »

I have pondered that question myself, and have not come up with an answer. I guess if all the pieces add up and prove that prior account was you, and you can somehow prove your current ID is the same person then I think you would be in your rights to have that data wiped

Before anyone jumps in and starts talking about our linking to site-banned accounts, that is rarely on the back of information that can identify people in real life. It is almost always on links we can establish between accounts (yes including IP addresses, but we do not use them to speculate over a poster's real life ID, just to link to other accounts)

I believe article 5 of GDPR addresses this. As the closed user is no longer active on the site, boards.ie cannot retain the personal data of the user. They must delete the personal data of closed users.