GDPR and Boards.ie post removal policy **update linked in OP 24/5/18**

Hurrache

It's not covered by defamation if it's true. Any many who have used the right to be forgotten already have used to to remove such things about themselves from the web.

hullaballoo

Hurrache wrote: »

It's not covered by defamation if it's true. Any many who have used the right to be forgotten already have used to to remove such things about themselves from the web.

Just to clarify this. True statements that injure someone's reputation are defamatory. It's for a defendant in a defamation action to prove truth as a defence.

Hurrache

hullaballoo wrote: »

It's for a defendant in a defamation action to prove truth as a defence.

And if it's proven to be true, it's not defamation?

BowSideChamp

Permabear wrote: »

This post had been deleted.

I understand they are obliged to provide all data. This includes analytics from tracking cookies, information it has provided to advertisers etc.

Permabear

This post has been deleted.

Bob24

Btw is there a general GDPR thread on somewhere boards as active as this one?

Beasty

Bob24 wrote: »

Btw is there a general GDPR thread on somewhere boards as active as this one?

No - just done a search and can only find just over 20 threads across the site with GDPR in the thread title, and the second "busiest" one has 37 replies - this one has over 600

Bob24

Beasty wrote: »

No - just done a search and can only find just over 20 threads across the site with GDPR in the thread title, and the second "busiest" one has 37 replies - this one has over 600

That was my impression as well - I guess public interest in GDPR is fairly limited then. Data privacy is something I personally care about quite a bit and I’ve been documenting myself about GDPR for some time - and I’ve been feeling a bit alone on boards besides this thread!

.......

This post has been deleted.

Hurrache

....... wrote: »

This post has been deleted.

It's great isn't it! I've only opted into one so far as I require those updates, it's an excellent way of clearing out your subscriptions.

Franz Von Peppercorn

Bob24 wrote: »

Doesn’t have to be defamation or involve the police (maybe I’m just praising that guy about something). And because it is against the policies doesnt meant it won’t happen.

The only way for boards to make sure they will never be in this situation is to have a process to make sure that such posts are consistently detected and permanently deleted from all their systems (not just logicaly deleted on the website). Possible but it means each post needs to be reviewed by a boards staff with this is mind and they must have the tools in place to trigger the permanent deletion.

The mods are pretty good at removing personal details. I don’t think this is affected by the GDPR. The GDPR is about your information not the information you posted about someone else. He has to go a different route to stop that. I don’t know if doxxing is a crime, actually.

Franz Von Peppercorn

....... wrote: »

Im expecting my gmail mailbox to be well cleaned up after Friday - all these companies sending me emails saying I have to opt in - I havent opted in to any of them!

Yes. However the companies that have lots of information on me - recruiters - seek to be going the opt out route. I suppose keeping information with recruiters is a necessary evil.

.......

This post has been deleted.

Franz Von Peppercorn

Permabear wrote: »

This post had been deleted.

Unless those views are themselves self identifying then the sensitivity of the information isn’t relevant.

2) Private forums. There are quite a few of these in which people tend to share personal information much more freely than on public forums. But if someone closes their account, gets site-banned, or leaves the forum, they have no way to access or delete any of this personal information. And they have no way of controlling who may have access to that information in future.

Really the same argument, unless people commonly feel safer in private forums to add identifying information. In which case those identifying posts can be deleted on request.

3) Access to sensitive information by volunteers. It's my understanding that mods/admins are not employees, are not even necessarily known to Boards.ie Ltd by their real names, and sign no confidentiality agreements in respect of the information to which they have access. How tenable are these kinds of arrangements when the penalties for data breaches are going to be significant?

During your existence as a poster here you have allowed the company and its agents that information. And as far as I know they can’t see your IP address and other personal data which means what they can see is the posts, like everyone else. Those posts are either identifying or not. So same argument.

4) Sensitive information being hidden from public view rather than genuinely deleted. As noted, when Boards says they've "deleted" posts or threads, they usually mean that they've removed them from public view. But they still exist, and can be viewed by admins, mods, and staff.

They will probably have to have a permanent delete option for sensitive data. However not all deletes are for reasons of sensitive data.

Bob24

Franz Von Peppercorn wrote: »

The mods are pretty good at removing personal details. I don’t think this is affected by the GDPR. The GDPR is about your information not the information you posted about someone else. He has to go a different route to stop that. I don’t know if doxxing is a crime, actually.

GDPR is about any identifiable personal data an organisation holds about you, regardless of how that information was obtained.

Franz Von Peppercorn

To lighten things up.

https://twitter.com/brian_bilston/status/999363888171888642?s=20

Bob24

Just over 26 hours to the deadline for compliance ... just saying ;-)

Bob24

I assume there will be more, but one first service disabled for Europeans due to its lack of GDPR preparation: https://www.theverge.com/2018/5/23/17387146/instapaper-gdpr-europe-access-shut-down-privacy-changes

seamus

As I read somewhere else: If a company is shutting down or cutting off EU users because of GDPR, it means that they've selling your data to 3rd parties without your consent and/or asserting legal ownership over your content. And therefore cannot find a way to make their business model work with GDPR.

Worth noting if you hear of any services unexpectedly cutting you off; you might have passwords to change.

Permabear

This post has been deleted.

Sleeper12

So far this morning I've had emails from Heathrow Airport, MarriottHotels, Woodies DIY, Red Castle Hotel, I donate, Nike, Several trade suppliers, & several more hotel groups.

Some big companies that I haven't heard from yet: B&Q, Ticketmaster.ie, screwfix.ie, buyaparcel, Davies plumbling suppliers, Mira Showers, Aqualisa showers, Halfords, Maplins, Harvey Normans, Parcel Motel, Playstation, Nintendo, Yelp, British Airways, Sports Direct & many, many more.

I'm guessing the commissioner will be taking a softly, softly approach for awhile

Bob24

Our regulator will probably be overwhelmed with complaints and will have to prioritise, which means organisations will probably get away with lower profile breaches for a while (which is not right but probably the way it will work due to reality constraints).

But purposely going soft would be unacceptable IMO (plus GDPR also makes regulators more accountable for how they process complaints).

Amalgam

boards.ie will get fleeced over this eventually.

'Talk to the hand', as a policy, doesn't cut it anymore.

Sleeper12

Should I be getting emails from the different insurance companies & brokers I've used over the last 10 years?

The more I think about it I must be missing well over 100 emails form online stores my family have used over the years, all my suppliers as they have my name & address on my invoices. There's parcels delivered to my door daily. I'm missing a lot of emails for sure.

Sleeper12

Nct, doe, car tax office & on & on & on. They all have a my data. Haven't an email from any. Tv license. Ford where I bought my van.

More haven't gotten in touch than have gotten in touch

.......

This post has been deleted.

Bob24

Sleeper12 wrote: »

Nct, doe, car tax office & on & on & on. They all have a my data. Haven't an email from any. Tv license. Ford where I bought my van.

More haven't gotten in touch than have gotten in touch

Because and entity has some of your data doesn’t mean GDPR requires them to email you or request any further consent from you. If you think any of those are in breach you can raise a complain tomorrow, but you will have to explain under which ground.

I am pretty confident boards will be make changes by midnight, but as it stands I do see ground based on which someone could raise a complaint against them.

pleas advice

Sleeper12 wrote: »

Should I be getting emails from the different insurance companies & brokers I've used over the last 10 years?

The more I think about it I must be missing well over 100 emails form online stores my family have used over the years, all my suppliers as they have my name & address on my invoices. There's parcels delivered to my door daily. I'm missing a lot of emails for sure.

Most GDPR emails unnecessary and some illegal, say experts

https://www.theguardian.com/technology/2018/may/21/gdpr-emails-mostly-unnecessary-and-in-some-cases-illegal-say-experts

Sleeper12

Bob24 wrote:

Because and entity has you data doesn’t mean GDPR requires them to email you or request any further consent from you. If you think any of those are in breach you can raise a complain tomorrow, but you will have to explain under which ground.

I'm just saying that they haven't notified me yet of any change to how they handle & store my data.

Scanning through random Irish we & I'm finding more than half don't have the EU cookie notification let alone a privacy policy posted on the website

Sleeper12

Bob24 wrote:

I am pretty confident boards will be make changes by midnight, but as it stands I do see ground based on which someone could raise a complaint against them.

All boards.ie needs to do is post privacy policy on the website by midnight. It only has to say that it will remove private data. It doesn't even have to go into posts being deleted or not.

I've no doubt someone will get the ball rolling tomorrow & put in a data request as a test case. Boards.ie have a set time to do this. Then the poster will ask for all data including posts to be deleted. Again boards.ie have a set time limit. This gives boards.ie another few weeks, without breaking any law, to decide what to do about posts.

To cover themselves there needs to be a privacy policy in place tonight. All other decisions can be made at a later date. Personally I don't think it is a big deal if they don't have a policy in place. Data commissioners throughout the EU have been saying that they will start slowly. I think everyone has a few weeks grace especially if they have been in touch with the data commissioner before the deadline as I'd imagine boards.ie has. If it looks like you are trying to bring yourself within the law you'll be fine