Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

GDPR and Boards.ie post removal policy **update linked in OP 24/5/18**

1111214161722

Comments

  • Closed Accounts Posts: 39,022 ✭✭✭✭Permabear


    This post has been deleted.


  • Registered Users, Registered Users 2 Posts: 1,885 ✭✭✭IRE60


    Bob24 wrote: »

    (the underlying question being: if a post contains personal information about someone who is not a registered user, will boards treat that person as a data subject in the sense of the GDPR?)


    They are not processing that data. A post containing 'personal data' ie the name of someone - they are not 'processing' it. They are displaying it or publishing it, no processing. If that were the case then the media would be unable to operate as of midnight!



    I think we are reaching here.


  • Closed Accounts Posts: 18,268 ✭✭✭✭uck51js9zml2yt


    Permabear wrote: »
    This post had been deleted.

    All someone needs to do is request deletion of posts and then close their account.


  • Closed Accounts Posts: 21,730 ✭✭✭✭Fred Swanson


    This post has been deleted.


  • Closed Accounts Posts: 21,730 ✭✭✭✭Fred Swanson


    This post has been deleted.


  • Closed Accounts Posts: 353 ✭✭Creative83


    So the can of worms has been opened...


    From tomorrow I could request that every single one my posts be deleted is my understanding judging by Seans post :eek:


  • Closed Accounts Posts: 7,070 ✭✭✭Franz Von Peppercorn


    seamus wrote: »
    There may be no change :)

    Boards has a privacy policy. If it's already GDPR compliant, then no notification is required.

    They would be in a minority, but it's possible...

    Because nobody cares.

    You'll find GDPR is largely the same. Unless the website is being underpinned by a limited company with audited accounts and a legal team, nobody is going to pay a blind bit of notice to GDPR.

    If someone raises a query and the DPC comes in, they'll get a warning, some helpful tips on how to fix their issue, and then that'll be it. Big companies with lots of staff and spare money will get treated more harshly for ignorance of the rules, but Jimmy who runs a karate school with 30 members isn't going to be fined for GDPR failures.

    That’s right. The DPC say themselves they will give companies time to comply after the first warning. Court cases are for the last resort.

    Individuals can bring a court case against boards but that case will not be private.


  • Registered Users, Registered Users 2 Posts: 10,339 ✭✭✭✭LoLth


    another reason to protect the security of access to your account


  • Closed Accounts Posts: 7,070 ✭✭✭Franz Von Peppercorn


    Permabear wrote: »
    This post had been deleted.

    You continue to beat your well beaten drum.

    No software provider for forums agrees with you. And as I said already users can be annoymised per thread on deletion.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 17,282 ✭✭✭✭Sleeper12


    How do I prove I am Fred Swanson? This will be an issue for those that post under a pseudonym. How does a person prove that they posted under a pseudonym?

    My real name isn't Sleeper12 but it is linked to my email address and IP address. I assume that's enough information.

    I can't remember what information I gave when I joined . I possibly /probably gave my name then


  • Registered Users, Registered Users 2 Posts: 17,282 ✭✭✭✭Sleeper12


    He’s always argues like that. He found one phrase in the GPDR handbook about privacy being violated by a natural person being identifiable by political views etc and assumes that all political posts can identify the natural person.

    The mistake has been pointed out a few times but back he comes with the same boilerplate argument.

    Well I might disagree with him but I thank him for starting the thread & asking the original questions. It's been interesting & has educated quite a few posters.


  • Closed Accounts Posts: 353 ✭✭Creative83


    I take exception to this part of Sean's post...


    These requests must be sent via a Private Message (PM) to the following recipient Boards.ie: GDPR (if for any reason you are unable to access or send a PM please email datarequests@boards.ie and we will get back to you with further instructions).


    No, the onus is on Boards to delete the data as is my understanding. No "further instructions" are necessary... This looks like Boards will try to say that the user has that responsibility in their "further instructions".


  • Registered Users, Registered Users 2 Posts: 22,656 ✭✭✭✭Tokyo


    Creative83 wrote: »
    I take exception to this part of Sean's post...


    These requests must be sent via a Private Message (PM) to the following recipient Boards.ie: GDPR (if for any reason you are unable to access or send a PM please email datarequests@boards.ie and we will get back to you with further instructions).


    No, the onus is on Boards to delete the data as is my understanding. No "further instructions" are necessary... This looks like Boards will try to say that the user has that responsibility in their "further instructions".


    Well no... the user has the responsibility to verify their identity.

    A PM request implicitly verifies the identity of the person requesting post deletion, whereas anybody can send an email. I would imagine that the "further instructions" would be instructions on how to verify that you are actually the owner of the account from which you want posts deleted.


  • Closed Accounts Posts: 353 ✭✭Creative83


    mike_ie wrote: »
    Well no... the user has the responsibility to verify their identity.

    A PM request implicitly verifies the identity of the person requesting post deletion, whereas anybody can send an email. I would imagine that the "further instructions" would be instructions on how to verify that you are actually the owner of the account from which you want posts deleted.


    Fair enough :)


  • Closed Accounts Posts: 21,730 ✭✭✭✭Fred Swanson


    This post has been deleted.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 22,656 ✭✭✭✭Tokyo


    This post has been deleted.


    How so? I don't think it's an unreasonable request, considering the alternative:
    To: datarequests@boards.ie

    Hi guys,

    please delete all 20,909 posts of mine immediately.

    Regards,
    Mike Fred


  • Closed Accounts Posts: 353 ✭✭Creative83


    mike_ie wrote: »
    How so? I don't think it's an unreasonable request, considering the alternative:


    How would they verify?


  • Registered Users, Registered Users 2 Posts: 2,749 ✭✭✭Pelvis Parsley


    What about a banned user who made an arse of themselves?


  • Closed Accounts Posts: 26,658 ✭✭✭✭OldMrBrennan83


    This post has been deleted.


  • Registered Users, Registered Users 2 Posts: 22,656 ✭✭✭✭Tokyo


    Creative83 wrote: »
    How would they verify?

    I can't speak for boards here, but I'd imagine that one way would be a confirmation email through the email address used to create the account.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 17,282 ✭✭✭✭Sleeper12


    Patww79 wrote:
    This post has been deleted.


    If you are a current member yes but it seems if I quoted your posts you can't request that they be deleted. Only the original post you made. If I quote you its my data


  • Closed Accounts Posts: 353 ✭✭Creative83


    Patww79 wrote: »
    This post has been deleted.


    Apparently so


  • Closed Accounts Posts: 26,658 ✭✭✭✭OldMrBrennan83


    This post has been deleted.


  • Registered Users, Registered Users 2 Posts: 10,905 ✭✭✭✭Bob24


    IRE60 wrote: »
    They are not processing that data. A post containing 'personal data' ie the name of someone - they are not 'processing' it. They are displaying it or publishing it, no processing. If that were the case then the media would be unable to operate as of midnight!



    I think we are reaching here.

    They are processing it. Media have an exemption.


  • Registered Users, Registered Users 2 Posts: 17,282 ✭✭✭✭Sleeper12


    Patww79 wrote:
    This post has been deleted.


    Read back the last page or so. You'll find a long post from boards.ie explaining everything. You just have to prove that you own the account.


  • Closed Accounts Posts: 26,658 ✭✭✭✭OldMrBrennan83


    This post has been deleted.


  • Closed Accounts Posts: 18,268 ✭✭✭✭uck51js9zml2yt


    This post has been deleted.

    they can run a script quiet easily. try searching 40 million emails for a keyword:)


  • Registered Users, Registered Users 2 Posts: 7,768 ✭✭✭StupidLikeAFox


    mike_ie wrote: »
    I can't speak for boards here, but I'd imagine that one way would be a confirmation email through the email address used to create the account.

    That email address will be deleted


  • Moderators, Category Moderators, Arts Moderators, Business & Finance Moderators, Entertainment Moderators, Society & Culture Moderators Posts: 18,474 CMod ✭✭✭✭Nody


    I think there will be a lot of disappointed users who did not read the post to the last sentence which I've bolded since people apparently missed it.
    User Posts

    For users with an active Boards account, posts made by a user can be associated with other information held by Boards that relates to an identified or identifiable natural person (for example a post can be associated with a user’s email address and/or real name). Therefore, posts made by a user with an active Boards account are considered personal data and GDPR regulations apply to these posts, including the right of erasure. As such, from 25 May we will begin to process requests for erasure of posts from users with an active Boards account. These requests must be sent via a Private Message (PM) to the following recipient Boards.ie: GDPR (if for any reason you are unable to access or send a PM please email datarequests@boards.ie and we will get back to you with further instructions).

    For closed accounts all personal data (other than users’ posts) will be deleted. Therefore, posts made by users whose accounts were subsequently closed cannot be associated with other information held by Boards that relates to an identified or identifiable natural person and as such are not considered personal data and GDPR does not apply to this data.

    In specific instances where the content of a post contains sensitive data or data that could be used to identify an individual we will consider requests to edit or delete the post; these will be dealt with on a case-by-case basis.
    That is not the same as blanket deleting 21k posts; that's the user pointing out which of those 21k posts identify them and then it is reviewed and considered. Sorry to be a spoil sport but since closed accounts are not applicable for the process (as per the previous section) that part can only apply to existing accounts.

    On a completely separate note based on the above policy the easiest way for boards to process this would be to simply close people's accounts since that removes all the relevant personal data they hold. Not that I think boards would use that as policy but per the policy definition it's the fastest way to become compliant per say.


  • Registered Users, Registered Users 2 Posts: 17,282 ✭✭✭✭Sleeper12


    Nody wrote:
    That is not the same as blanket deleting 21k posts; that's the user pointing out which of those 21k posts identify them and then it is reviewed and considered. Sorry to be a spoil sport but since closed accounts are not applicable for the process (as per the previous section) that part can only apply to existing accounts.


    I'm reading it that the case by case is for closed accounts.

    I'm reading it that open accounts the posts are part of personal data and you can have some or all deleted. On request.


  • Advertisement
  • Moderators, Category Moderators, Arts Moderators, Business & Finance Moderators, Entertainment Moderators, Society & Culture Moderators Posts: 18,474 CMod ✭✭✭✭Nody


    Sleeper12 wrote: »
    I'm reading it that the case by case is for closed accounts.

    I'm reading it that open accounts the posts are part of personal data and you can have some or all deleted. On request.
    They only need to delete the posts that contain personal data and you as a user has to point out what is the post with personal data and what said data is. That is not the same thing as deleting 21k posts by claiming "I think I can be identified in some of them". For example take your last post; in what way would that post identify your real life identity? It does not in any way do so and hence there's no reason for them to delete it; now if you signed every post with your real life name that would be a reason for it.


  • Registered Users, Registered Users 2 Posts: 12,910 ✭✭✭✭Dtp1979


    I’ll keep this simple, if I do nothing and don’t want my account altered in any way, will any of this effect me?


  • Closed Accounts Posts: 21,730 ✭✭✭✭Fred Swanson


    This post has been deleted.


  • Registered Users, Registered Users 2 Posts: 17,282 ✭✭✭✭Sleeper12


    Dtp1979 wrote:
    I’ll keep this simple, if I do nothing and don’t want my account altered in any way, will any of this affect me?

    No.
    Doesn't effect me either. I'm happy to leave all my posts


  • Registered Users, Registered Users 2 Posts: 17,282 ✭✭✭✭Sleeper12


    Nody wrote:
    They only need to delete the posts that contain personal data and you as a user has to point out what is the post with personal data and what said data is. That is not the same thing as deleting 21k posts by claiming "I think I can be identified in some of them". For example take your last post; in what way would that post identify your real life identity? It does not in any way do so and hence there's no reason for them to delete it; now if you signed every post with your real life name that would be a reason for it.


    I'm on the side of leaving all the posts but the official statement says that current members posts are part of their data while they are members & anything & everything can be deleted.

    Closed accounts the posts are no longer a person's data & they'll be handled on a case by case.

    That's how I read the statement anyway. Maybe I picked it up wrong.


  • Registered Users, Registered Users 2 Posts: 10,905 ✭✭✭✭Bob24


    Sleeper12 wrote: »
    I'm on the side of leaving all the posts but the official statement says that current members posts are part of their data while they are members & anything & everything can be deleted.

    Closed accounts the posts are no longer a person's data & they'll be handled on a case by case.

    That's how I read the statement anyway. Maybe I picked it up wrong.

    That’s the way I read it as well.

    Basically what they are saying is that while you have an active account they consider your post to be your personal data because they can be linked to your personal details (such as the email address associated to your account).

    But their view is that since when you close your account they will delete the personal details (email, etc) associated to the account, these posts are not your personal data anymore as they can’t be linked to you anymore.


  • Closed Accounts Posts: 39,022 ✭✭✭✭Permabear


    This post has been deleted.


  • Registered Users, Registered Users 2 Posts: 17,282 ✭✭✭✭Sleeper12


    Permabear wrote:
    This post had been deleted.


    I'm smiling now. Permabear at last we agree on something! :)


  • Closed Accounts Posts: 12,898 ✭✭✭✭Ken.


    I'm reading it as only stuff that identifies me so for example this post in no way identifies me so I can't ask for it to be deleted. I honestly don't know.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 68,190 ✭✭✭✭seamus


    Putinbot wrote: »
    I'm reading it as only stuff that identifies me so for example this post in no way identifies me so I can't ask for it to be deleted. I honestly don't know.
    So basically, if you're registered you can delete anything and everything.

    If you're not, you can't.

    However there is a process so that if you posted anonymously or in a closed account and there's a post containing details that identify you, boards will consider one-off deletion requests.

    My understanding is that most of this has pretty much been possible previously anyway. The only major change is the registered users' right to demand post deletions.


  • Registered Users, Registered Users 2 Posts: 10,905 ✭✭✭✭Bob24


    seamus wrote: »

    My understanding is that most of this has pretty much been possible previously anyway. The only major change is the registered users' right to demand post deletions.

    Also one thing which should change but is not said explicitly in the new policy, is that when you make a deletion request in this way the post should be completely and permanently deleted from all of boards’ system, as opposed to simply being hidden from the website for regular users previously.


  • Registered Users, Registered Users 2 Posts: 68,190 ✭✭✭✭seamus


    Bob24 wrote: »
    Also one thing which should change but in not say explicitly in the new policy, is that when you make a deletion request in this way the post should be completely and permanently deleted from all of boards’ system, as opposed to simply being hidden from the website for regular users previously.
    I think that's generally been the case if you went through official channels.

    However the last time I was a mod, mods couldn't do this so if you asked a mod to delete it rather than an admin, it was only be soft deleted.


  • Registered Users, Registered Users 2 Posts: 17,282 ✭✭✭✭Sleeper12


    Bob24 wrote:
    Also one thing which should change but in not say explicitly in the new policy, is that when you make a deletion request in this way the post should be completely and permanently deleted from all of boards’ system, as opposed to simply being hidden from the website for regular users previously.

    If it's deleted under GDPR then it is a permanent deletion from their system, hard drive, cloud etc.


  • Registered Users, Registered Users 2 Posts: 10,905 ✭✭✭✭Bob24


    seamus wrote: »
    I think that's generally been the case if you went through official channels.

    However the last time I was a mod, mods couldn't do this so if you asked a mod to delete it rather than an admin, it was only be soft deleted.

    Actually this relates to another question I would have about data access requests. It is not said explicitly in the policy but I assume any post made by a registered user which was soft deleted by a mod (and is thus still present on boards servers but not visible to the user) will be included in these requests, so that users are given the opportunity to review those posts and request full deletion if the wish to do so.

    Can someone from boards confirm this is correct?


  • Closed Accounts Posts: 39,022 ✭✭✭✭Permabear


    This post has been deleted.


  • Advertisement
  • Closed Accounts Posts: 4,360 ✭✭✭Lorelli!


    Putinbot wrote: »
    I'm reading it as only stuff that identifies me so for example this post in no way identifies me so I can't ask for it to be deleted. I honestly don't know.

    I'm not sure but the way I'm reading it is that every post you make while still active is connected to your email even if whats written in the post itself doesn't give away any identifiable information.

    For closed accounts, the data has been deleted so the posts are no longer connected to an email and therefore do not have to be deleted but will be considered in certain cases.


  • Closed Accounts Posts: 12,898 ✭✭✭✭Ken.


    This to me is an example of a data processor doing it right.
    Screenshot_1.png


  • Users Awaiting Email Confirmation Posts: 1,331 ✭✭✭J.pilkington


    My knowledge of gdpr isn’t as in dept as some of the posters here, but is an obvious efficient option for boards and users simply for boards to re-enable the delete and edit option for posters and this will save everyone a lot of time by having users do their own clean up.

    Appreciate the argument that this can disrupt threads but in reality so will the boards team having to do this themselves, most other discussion forums (including the newer generation such as redit / Facebook and Twitter) already have this option and it works very well.

    To me it seems like boards are making the process for the user really awkward by having it so manual and thus hoping that users simply won’t bother.

    I know if I wanted to delete certain content from boards my preference would be to firstly delete the content I want to remove myself and then close my account. All this interaction and emails and having to send evidence is a pain in the a55 for everyone.

    I suppose if it’s unpaid volunteers doing the work on behalf of the commercial profit making company maybe boards don’t care as it’s no skin if their back?


  • Closed Accounts Posts: 21,730 ✭✭✭✭Fred Swanson


    This post has been deleted.


  • Closed Accounts Posts: 26,658 ✭✭✭✭OldMrBrennan83


    This post has been deleted.


  • Advertisement
This discussion has been closed.
Advertisement