Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

GDPR post the migration to Vanilla

  • 20-07-2021 11:19am
    #1
    Registered Users, Registered Users 2 Posts: 40,638 ✭✭✭✭


    Can someone at Boards.e confirm that the site is on the hosted version of Vanilla? If it is can boards.ie confirm how that affects their GDPR obligations given that Vanilla host their sites outside the EU.

    Post edited by Spear on


«1

Comments

  • Registered Users, Registered Users 2 Posts: 11,430 ✭✭✭✭EmmetSpiceland


    It’s been pointed out by Community Manager Niamh that Canada’s data protection is on par with GDPR so it shouldn’t be an issue.

    “It is not blood that makes you Irish but a willingness to be part of the Irish nation” - Thomas Davis



  • Registered Users, Registered Users 2 Posts: 1,221 ✭✭✭brimal


    Just because Canada's laws are on par with GDPR, doesn't mean Boards is GDPR compliant.

    And going by what we have seen over the past few weeks should we really trust Boards have done their research into this?



  • Posts: 44 [Deleted User]




  • Registered Users, Registered Users 2 Posts: 10 itchyfinger


    Canada is part of five eyes, so i doubt your data is GDPR compliant

    https://en.wikipedia.org/wiki/Five_Eyes



  • Registered Users, Registered Users 2 Posts: 701 ✭✭✭Ljmscooter


    During the outage earlier there was a status page. It showed that the platform was hosted in datacenter in aws availability zones in both ca and us .


    Just saying



  • Advertisement
  • Registered Users, Registered Users 2 Posts: 16,018 ✭✭✭✭markodaly


    If you click on the 'Terms of Use', 'Privacy Notice' and 'Cookie Policy', you get a page not found response.

    That is a clear breach of GDPR by one of Ireland's most popular websites.

    If I am wrong, tell me how?



  • Registered Users, Registered Users 2 Posts: 7,265 ✭✭✭RangeR


    Why move our data out of Ireland, never mind EU?

    This is worrying enough that I'll probably close my account. We need full transparancy on what the decision process was to move hosting outside Ireland/Europe.

    Further GDPR non compliance as there is no cookie consent either. Last count, there are 15 cookies, one of which is Google Analytics.



  • Registered Users, Registered Users 2 Posts: 7,265 ✭✭✭RangeR


    .can't delete.



  • Registered Users, Registered Users 2 Posts: 126 ✭✭FitzElla


    Canada has been deemed to have the same data protections in place as the EU so data can be transferred there without restrictions. However with no privacy notice (Page not found) it is impossible to know who or where the data is now hosted. That is a pretty big GDPR issue for boards and I'm surprised it was missed in the migration.



  • Registered Users, Registered Users 2 Posts: 16,018 ✭✭✭✭markodaly


    Yeap, never mind the cluster **** of the migration, that was meant to take 48 hours but took a week, they then didn't even bother to test much of what the new platform would be like from a user experience.

    Basic stuff like the ability to change your password or even close your account is not available or at best is hidden behind secret links.

    To top it all off, there appear's on the surface blatant issues with GDPR.


    Can any of the Mods or Admins actually stand over this?



  • Advertisement
  • Registered Users, Registered Users 2 Posts: 16,018 ✭✭✭✭markodaly


    From the horse's mouth.

    https://gdpr.eu/cookies/

    Cookie compliance

    To comply with the regulations governing cookies under the GDPR and the ePrivacy Directive you must:

    • Receive users’ consent before you use any cookies except strictly necessary cookies.
    • Provide accurate and specific information about the data each cookie tracks and its purpose in plain language before consent is received.
    • Document and store consent received from users.
    • Allow users to access your service even if they refuse to allow the use of certain cookies
    • Make it as easy for users to withdraw their consent as it was for them to give their consent in the first place.


    Where is the consent?

    Where can I withdraw consent?



  • Moderators, Computer Games Moderators, Social & Fun Moderators Posts: 18,809 Mod ✭✭✭✭Kimbot


    Personally speaking, the mods and admins dont have a say in the matter. Its up to the owners of the site to stand over.



  • Registered Users, Registered Users 2 Posts: 40,638 ✭✭✭✭ohnonotgmail


    well then perhaps one of the admins or employees would care to comment on the thread? the silence is deafening.



  • Registered Users, Registered Users 2 Posts: 16,018 ✭✭✭✭markodaly


    Fair enough, but why the silence from the admin's on a site that is in blatant breach of GDPR?

    Was this stuff even in consideration when they migrated the site? One thing I have noticed is that there deafening silence from the admins and senior mods about all this. Usually, when there is an issue the admins and senior mods are usually quick to jump in and give their version, but their silence this time around is telling.

    I can imagine the discussions being had behind closed doors and the mod-only forums.



  • Registered Users, Registered Users 2 Posts: 7,265 ✭✭✭RangeR


    I don't know anything about Canadian data protection laws. There was Privacy Shield in the US which isn't worth the ink on the paper and was proved inadequate some time ago. Standard Contractual Clauses seem to be going the same route. Canada being deemed to have the same data protections in place holds no comfort for me as they are one of the 5 Eyes. Any data protection laws in Canada go out the window when "national security" comes in to play in any of those 5 countries.

    Migrating our data from Ireland to Canada is unjustifiable. What was so wrong with hosting in Ireland or another country in Europe?



  • Registered Users, Registered Users 2 Posts: 126 ✭✭FitzElla


    I agree with you, would much rather my data stored within the EU. Just pointing out that a company can move data to Canada under GDPR. It is incredibly bad that boards.ie have not clarified this and then went live with a website with no terms of use, cookie policy or privacy notice when these are simple static links.



  • Registered Users, Registered Users 2 Posts: 7,265 ✭✭✭RangeR


    Or listed Data Protection Officer, that I can['t] find.



  • Registered Users, Registered Users 2 Posts: 68,317 ✭✭✭✭seamus


    You can log out and wipe your cookies and then you'll be prompted for consent again.

    Tbh, the broken privacy policy and terms of use links are not "pretty big" GDPR issues. They're minor oversights at worst. Going live without them isn't a huge issue.

    "Pretty big" GDPR issues include selling users' data to 3rd parties without consent, or allowing personal data to be freely accessed by individuals who are not authorisied to do so.

    A couple of broken links is not a big issue. At most it would prompt an email from the DPC saying, "Please fix your broken links".

    People need to have some chill.



  • Registered Users, Registered Users 2 Posts: 7,265 ✭✭✭RangeR


    To be fair, the mods would be as in the dark as we are, probably all the way up to smods. It's [possibly] the admins, the paid staff, the techincal department who have these answers.



  • Moderators, Business & Finance Moderators Posts: 10,606 Mod ✭✭✭✭Jim2007


    What breach are you talking about? Which pieces of your personal data does the boards collect that is covered by the GDPR to start with. Your name, your address, your social security number….. nope. Only your email address and unless you have a very unique name and use it as your address it does not make you clearly identifiable.

    if the data is being moved to Canada it is within the rules provided for under GDPR and we don’t have confirmation that that has happened.

    So what would the nature of a complaint you would file with the commission look like?



  • Advertisement
  • Registered Users, Registered Users 2 Posts: 8,565 ✭✭✭K.Flyer


    I was wondering how safe and secure the personal details that people may have passed back and forward in p.m. are.

    I would think given all the concerns raised above over the last few days that admin should at least come forward to ally any concerns people are having regarding security and gdpr.



  • Registered Users, Registered Users 2 Posts: 16,018 ✭✭✭✭markodaly


    I already linked it. There is no Terms of Use, there is no Cookie Policy, there is no Privacy notice.

    There is no consent given to the cookie information they have nor the ability to withdraw that consent.

    If I am wrong, let me know.



  • Registered Users, Registered Users 2 Posts: 16,018 ✭✭✭✭markodaly




  • Registered Users, Registered Users 2 Posts: 68,317 ✭✭✭✭seamus


    I was convinced it popped up for me the first time I loaded the new site on mobile. Just ran in incognito mode now and nothing, so obviously I'm mistaken.

    Another one for the bug list, I guess.



  • Registered Users, Registered Users 2 Posts: 36,521 ✭✭✭✭Hotblack Desiato


    That'd be Cloudflare, which boards has been using for a few years now.

    In Cavan there was a great fire / Judge McCarthy was sent to inquire / It would be a shame / If the nuns were to blame / So it had to be caused by a wire.



  • Boards.ie Employee Posts: 12,597 ✭✭✭✭✭Boards.ie: Niamh
    Boards.ie Community Manager


    Hello all. Apologies for not getting to this thread before now, our primary focus has been on bugs and missing features so far.

    We're working on a post re: GDPR and data processing on the new site. We are also working on getting the Cookie Policy and Privacy Notice back up as soon as we can. Vanilla were added to the list of third party cookies being used on Cookie Policy and to the list of Third Parties we work with on the Privacy Notice, I don't think anything else has changed from our previous Cookie Policy or Privacy Notice.

    When we have a comprehensive post for you about data, hosting, GDPR, we'll post it here and in the other thread re Privacy or post in one, link in the other.

    Thanks!



  • Registered Users, Registered Users 2 Posts: 40,638 ✭✭✭✭ohnonotgmail


    Dont take this the wrong way Niamh but that should have been ready on day 1 of go live.



  • Posts: 596 ✭✭✭ [Deleted User]




  • Registered Users, Registered Users 2 Posts: 4,203 ✭✭✭shanec1928


    the more that comes out from this move the worse it gets. Brush it off. In the time it took you Niamh to type all that out you could have simply just said the data is currently stored in location.



  • Advertisement
  • Registered Users, Registered Users 2 Posts: 40,638 ✭✭✭✭ohnonotgmail


    That's a good point. Niamh could have just answered the part of my post that she does know the answer to.



  • Registered Users, Registered Users 2 Posts: 1,367 ✭✭✭nullObjects




  • Posts: 5,369 ✭✭✭ [Deleted User]


    Hold the phone Jim. I joined up long before any move to Canada and did not consent to my data leaving the EU. Secondly, email address is personal data. I have never heard anyone suggest otherwise. The date need not be enough on its own to identify you for it to qualify. Fyi my email address includes my very unique name.


    I'm ok with it if I'm honest and I get that moving the site left wrinkles that I'm sure will be resolved like cookie consent, etc but don't jump down throats because valid concerns have been raised.



  • Moderators, Business & Finance Moderators Posts: 10,606 Mod ✭✭✭✭Jim2007


    You made a specific statement concerning a breach of GDPR, still wait for you to explain it! Examples of terms of use etc... do not cover it.



  • Posts: 596 ✭✭✭ [Deleted User]


    Yes, that's the point. Cloudflare sits between the custard and the real web server which may be AWS, or may be anything - at this point, we just don't know because Boards will not tell us where our data is hosted.



  • Registered Users, Registered Users 2 Posts: 17,750 ✭✭✭✭y0ssar1an22


    i have no clue about GDPR really at all, or internet servers and all the rest of it.


    i'm concerned about the draft feature you have introduced.


    if i draft a reply and never hit post, where is that draft saved to? if i revisit a thread after a few days, my draft is still there ready to go.

    if its still there ready to go, it must be getting stored somewhere? as in, you are storing non posted posts?



  • Advertisement
  • Administrators, Computer Games Moderators, Sports Moderators Posts: 32,530 Admin ✭✭✭✭✭Mickeroo


    Click your avatar in the top right of the web page and you should see a drop down, one of the options should be for drafts. You can delete them there.



  • Registered Users, Registered Users 2 Posts: 17,750 ✭✭✭✭y0ssar1an22


    if i can delete them, they must be getting stored somewhere prior? as in, you cant delete something that has not been stored?


    as i said, no clue about this!



  • Registered Users, Registered Users 2 Posts: 26,292 ✭✭✭✭Mrs OBumble


    Do you realise that the vast majority of internet users regard the constant barrage of requests to consent to cookie as a form of abuse. They think that GDPR is something nasty which was introduced to make their computer harder to use. They don't care about being "spied" on - they just want to see a bus timetable, recipe, their email whatever.

    These people (and I'm sure there are thousands of them for each privacy nerd who is grateful for cookie-consent messages) are probably absolutely delighted at needing one less pointless click to access the website.



  • Registered Users, Registered Users 2 Posts: 29,088 ✭✭✭✭_Kaiser_


    None of which addresses the points being raised.

    Whether some users don't care anyway is irrelevant. A lot do, and there is a legal obligation on site owners to facilitate choice and information for those users (and everyone on the site)

    The bottom line though is that this is yet another sloppy element of this migration, and the response from Niamh (while well-intentioned I'm sure) does nothing to address it - "I don't think" (anything changed), and "as soon as we can" doesn't cut it... but it is consistent with everything else around fixing this site at the moment.



  • Registered Users, Registered Users 2 Posts: 16,018 ✭✭✭✭markodaly


    I did cover it and linked it.

    I cannot consent to the cookie policy, (which doesn't even exist) and I cannot withdraw my consent.



  • Advertisement
  • Registered Users, Registered Users 2 Posts: 16,018 ✭✭✭✭markodaly


    Yes, it all seems like an afterthought, like all this could have been done prior to the migration, no? Especially when there are legal and statuary obligations by boards.ie on the matter.



  • Registered Users, Registered Users 2 Posts: 1,913 ✭✭✭Pintman Paddy Losty


    Dude you seem to be taking this all very personally.

    Take a chill pill and maybe take another break from the site. If you're still very angry when you get back, then maybe you just have to decide the place isn't for you. Spending so much energy launching vitriol at the couple of employees trying to sort things isn't healthy. Might be time to pack up and ship off?



  • Registered Users, Registered Users 2 Posts: 29,311 ✭✭✭✭Quazzie


    I think the point Kaiser (and others) are trying to make is that the implementation of the move to Vanilla should never have happened until the changeover was made compliant with all legalities.

    Telling an established member of the Boards community with 20 years of activity on the site to suddenly "pack up and ship off" is exactly why so many people are annoyed about this. Many users are here decades and have spend a lot of time watching the community they created disintegrate in front of them.



  • Registered Users, Registered Users 2 Posts: 3,287 ✭✭✭givyjoe


    Why are people so mind boggling concerned about something they'd never heard of two years ago? What personally identifiable information are you concerned about being leaked? The site upgrade is a complete disaster, but getting so wound up about it GDPR of all things, with regard to this site is bizarre. Again, what PID have you all provided to boards that you're so concerned about leaking?



  • Registered Users, Registered Users 2 Posts: 40,638 ✭✭✭✭ohnonotgmail


    people are asking questions. Questions about stuff that should have been done prior to migration. Nobody is wound up.



  • Registered Users, Registered Users 2 Posts: 3,287 ✭✭✭givyjoe


    Seems like yourself and a few others, specifically (and ironically profile named) MarkODaly are wound up, I mean you created the thread. The questions and the manner in which they're worded certainly seems like there's folks here wound up. It's way, way down the list of importance to be fair, or rather it should be in the minds of users. For the owners of boards, its obviously something they need to take seriously, but again, what PID have people shared that they're so worried about? What are you so worried about? The site itself is complete and utter mess, with users gone in their absolute droves - the vast majority of which don't give two hoots about insignificant GDPR issues.

    Not in any way defending the shitshow of an upgrade, just genuinely dont understand the concern unless you've provided all sorts of unnecessary personal to boards.



  • Registered Users, Registered Users 2 Posts: 40,638 ✭✭✭✭ohnonotgmail


    I asked a couple of questions. I don't feel like like I need to to justify why I asked those questions to you. It is certainly not because I am wound up.



  • Registered Users, Registered Users 2 Posts: 3,287 ✭✭✭givyjoe


    You started the thread!! You obviously cared enough about what's a trivial issue to users in the context of this site, to create it. I'm asking a fairly basic, really simple question, why do you care about GDPR on this site? Perhaps it's a very valid concern that we should all be worried about, highly doubt it though.



  • Registered Users, Registered Users 2 Posts: 40,638 ✭✭✭✭ohnonotgmail




  • Administrators, Computer Games Moderators, Sports Moderators Posts: 32,530 Admin ✭✭✭✭✭Mickeroo


    I've removed all of the posts from today, my own included, to try and get this thread back on topic.

    The validity of the concerns which prompted people to start this thread are not in question, so no more posts along the lines of telling people to suck it up or "just don't log in" from here on out.

    Posts of that manner will be deleted and users may be punished.



  • Advertisement
Advertisement