Updated GDPR policy and new Terms of Use

droidman123

I think its important that people signing up for this site are clearly made aware that the admins will have access to their email address,s

Question: Do non-employees of Boards have any access to personal data, e.g. IP addresses/emails/etc?

Boards.ie: Mark

The Terms of Use of the site, which users must agree to upon signup, say:

Moderators and Administrators
In order to allow for the proper administration of boards.ie we make use of third party moderators and administrators. And in order for them to properly carry out their functions as moderators and administrators they require access to personal information concerning you, your boards.ie account and your activity on the site. Such data is only permitted to be used by our third party moderators and administrators for the purposes of administering the site and cannot be used by them for any other purpose.

Only Admins can access e-mail and IP addresses.

Cheers! I'd worry about the quality of legal advice received if the belief is "we don't need to control access to personal data because we can trust admins to only access data for valid reasons", "allowing third party volunteer access to personal data is a-ok as long as users consent", and they haven't insisted in the strongest possible terms that you pseudonymize personal data such as IP and email addresses.

That said, more power to ye and the likelihood of anything being referred to the DPC is slim-to-none - which is what pretty much every organisation in Ireland is relying upon.

droidman123

I wonder,before now how many people were actually aware that the admins have access to their email address

AndrewJRenko

Deleted User wrote: »

That said, more power to ye and the likelihood of anything being referred to the DPC is slim-to-none

Why would you think that?

Under His Eye

Deleted User wrote: »

That said, more power to ye and the likelihood of anything being referred to the DPC is slim-to-none - which is what pretty much every organisation in Ireland is relying upon.

Do you realise that anyone can refer something to the DPC?


Simply write to her, send a letter to Portarlington.

xi5yvm0owc1s2b

Deleted User wrote: »

Question: Do non-employees of Boards have any access to personal data, e.g. IP addresses/emails/etc?

Yes. Admins are not employees but they have access to your personal data. It's noteworthy that admin access is held not only by those people currently administering the site, but quite a few individuals who seem to hold "honorary admin" status but have not been active on the site for years.

xi5yvm0owc1s2b

Under His Eye wrote: »

Do you realise that anyone can refer something to the DPC?


Simply write to her, send a letter to Portarlington.

Or you can just visit the website and click on "Raise a Concern."

Canis Lupus

droidman123 wrote: »

I wonder,before now how many people were actually aware that the admins have access to their email address

I wonder how many actually care.

droidman123

Canis Lupus wrote: »

I wonder how many actually care.

I do

Canis Lupus

droidman123 wrote: »

I do

Why?

droidman123

Canis Lupus wrote: »

Why?

Because i dont want strange people knowing my email address,you think that jist because they say they wouldnt abuse the info that they actually wont?this site is well known for having a stigma atrached to it and i certainly wouldnt wamt those people knowing my email address,its too late now because when i signed up i didnt know that info was going to be available and i certainly didnt realise what kind of site that it is

Timberrrrrrrr

droidman123 wrote: »

Because i dont want strange people knowing my email address,you think that jist because they say they wouldnt abuse the info that they actually wont?this site is well known for having a stigma atrached to it and i certainly wouldnt wamt those people knowing my email address,its too late now because when i signed up i didnt know that info was going to be available and i certainly didnt realise what kind of site that it is

So close your account, then set up a new account using an email specifically created just for sites like this.

droidman123

Timberrrrrrrr wrote: »

So close your account, then set up a new account using an email specifically created just for sites like this.

Good idea,but the horse has bolted,my email is already known, an email address i am not going to change for practical reasons

Boards.ie: Niamh

droidman123 wrote: »

Just to make you all aware,not really related to gdpr,but those admins have access to all your email address,s

droidman123 wrote: »

I think its important that people signing up for this site are clearly made aware that the admins will have access to their email address,s

droidman123 wrote: »

Because i dont want strange people knowing my email address,you think that jist because they say they wouldnt abuse the info that they actually wont?this site is well known for having a stigma atrached to it and i certainly wouldnt wamt those people knowing my email address,its too late now because when i signed up i didnt know that info was going to be available and i certainly didnt realise what kind of site that it is

droidman123 wrote: »

Good idea,but the horse has bolted,my email is already known, an email address i am not going to change for practical reasons

Boards.ie has never and will never use your email address for anything other than site business as set out in our Terms of Use. Insinuations to the contrary are unhelpful and without any basis in fact (see bolded section above). Staff and Admins have access to your email address and that of every other user, it does not mean that anyone has ever looked at your email address for any reason.

You are fully free to change the email address associated with your account at any time here or to close your account if you disagree with how we operate the site.

If you choose to close your account your email address, sign-up IP and any other personal information you have entered into your personal profile will be deleted. Your posts will remain as they are.

If you request an account closure with reference to GDPR, you can re-read the OP of this thread for what will happen to your information and profile in that instance.

dudara

droidman123 wrote: »

Good idea,but the horse has bolted,my email is already known, an email address i am not going to change for practical reasons

Honestly though, you will have this issue on just about any service where you have to provide your email. Any representative of any organisation who has access to your email could abuse or misuse that data.

However, the vast majority of people take their job/responsibliities seriously, and do not abuse their position and trust that is placed in them. I don't know if you have access to personal information as part of your job, but if you do, you know the responsibility that comes with it.

I realise this response is coming from someone who is an Admin, and therefore has the access described earlier in this thread. So I understand if you feel you need to take this with a pinch of salt.

Many people will create special email addresses for use with service providers, and use those rather than divulging their day-to-day email address.

And to clarify, I have not accessed your personal profile to check your email address

nim1bdeh38l2cw

Boards.ie: Niamh wrote: »

Boards.ie has never and will never use your email address for anything other than site business as set out in our Terms of Use. Insinuations to the contrary are unhelpful and without any basis in fact (see bolded section above). Staff and Admins have access to your email address and that of every other user, it does not mean that anyone has ever looked at your email address for any reason.

Do you have written contracts with your Admins (those that are not employees) where this is clearly stated?

Timberrrrrrrr

droidman123 wrote: »

Good idea,but the horse has bolted,my email is already known, an email address i am not going to change for practical reasons

Have you recieved many emails from.admin since joining?

Beasty

Seth Spicy Miser wrote: »

Do you have written contracts with your Admins (those that are not employees) where this is clearly stated?

A written contract would require monetary consideration:eek:

You can rest assured though that we know we would be breaking the law if we used any of the "extra" information we can access for personal benefit (or indeed just for the hell of it). I for one would not be prepared to break the law certainly in the context of this site (although will acknowledge I may well have driven over the speed limit on occasion)

droidman123

Timberrrrrrrr wrote: »

Have you recieved many emails from.admin since joining?

I think you are completly missing the point of why i dont want those people having access to my email address,and just for the record i did not accuse anyone of abusing the position of knowing my email address.i cant discuss my reasons on here or i will just get the usual "we are done here" and the little control panel will come into play to shut down the discussion.just to reiterate to niamh,i did NOT,accuse anyone or infer that anyone was going to use my email address for neferious reasons.

seamus

Seth Spicy Miser wrote: »

Do you have written contracts with your Admins (those that are not employees) where this is clearly stated?

This is not the United States. A contract is required to benefit all parties to it. If it doesn't, then it is invalid. You cannot sign a one-sided contract.

In this case, the admin is providing voluntary services to boards.ie for no compensation. Any contract which placed obligations on an administrator without any benefit (which, as Beasty says, is usually monetary compensation), would be little more than toilet paper.

Nevertheless, even in the absence of a civil contract, volunteers are still bound by the law just like a company is, and can therefore be sued and/or charged with GDPR breaches.

In other words, the law protects you against an errant administrator far more than any contract could.

Canis Lupus

droidman123 wrote: »

Because i dont want strange people knowing my email address,you think that jist because they say they wouldnt abuse the info that they actually wont?

An email address is nothing.... You're making it sound like they've you're name, home address and house keys.

Explain to me what abuses they could carry out with your email address exactly.

droidman123

Canis Lupus wrote: »

An email address is nothing.... You're making it sound like they've you're name, home address and house keys.

Explain to me what abuses they could carry out with your email address exactly.

You have really never heard of people selling on email address,s to marketing companies? Again i,m not accusing anyone on here doing it,but also as i said earlier,nobody actually knows anyone else on here,(mostly) so that is the concern i would have

Timberrrrrrrr

droidman123 wrote: »

You have really never heard of people selling on email address,s to marketing companies? Again i,m not accusing anyone on here doing it,but also as i said earlier,nobody actually knows anyone else on here,(mostly) so that is the concern i would have

It's what you signed up for when you joined the site, unknowingly obviously but who knew how things would change.

Beasty

GDPR provides protection against anyone sending unsolicited marketing material or indeed simple spam. I've certainly noticed a significant reduction (in fact almost elimination) of such emails particularly since May when you actively had to opt in for stuff

I also have (following a recent high profile data breach) now have a free service where I can check where my email address (and other data)has been compromised and take action to change passwords as necessary

An email address contains less data than a physical address. It's not that long ago that we were all agreeing to allow our physical address to be shared via the phone book and indeed internet searches. Regulations have been catching up but the information I can access is much less than many share regularly online either in the open or when signing up for other things.

We need a unique identifier for all accounts if only to facilitate log in. Without related passwords though an email address is pretty useless.

AndrewJRenko

Boards.ie: Niamh wrote: »

droidman123 wrote: »

Good idea,but the horse has bolted,my email is already known, an email address i am not going to change for practical reasons

Boards.ie has never and will never use your email address for anything other than site business as set out in our Terms of Use. Insinuations to the contrary are unhelpful and without any basis in fact (see bolded section above). Staff and Admins have access to your email address and that of every other user, it does not mean that anyone has ever looked at your email address for any reason.

It also doesn't mean that your admin has never looked at my email address for any reason.

One obvious concern with this is the possibility of exposing the identity of otherwise anonymous posters. The question should be "why do admins need this information?".

Do you track and audit admin access to email addresses?

AndrewJRenko

Beasty wrote:

It's not that long ago that we were all agreeing to allow our physical address to be shared via the phone book and indeed internet searches.

Speak for yourself. I've been ex-directory for as long as I've had my own phone account.

Canis Lupus

droidman123 wrote: »

You have really never heard of people selling on email address,s to marketing companies? Again i,m not accusing anyone on here doing it,but also as i said earlier,nobody actually knows anyone else on here,(mostly) so that is the concern i would have

I'm still confused. What exactly are you expecting to happen if someone sold your email address. Unless you've used leo.varadkar@oir.ie as your email address to log in.

droidman123

Canis Lupus wrote: »

I'm still confused. What exactly are you expecting to happen if someone sold your email address. Unless you've used leo.varadkar@oir.ie as your email address to log in.

What i would expect to happen is a ton of unwanted spam emails