GDPR - new user data law, May 2018. What is your plan?


(Gear Buzz) #21

(Sarah Hawk) #22

I would hope so, but I suspect not. It relates to what Rich says here, which I’m not sure I actually agree with. I’ve always been of the opinion that people should post in forums under the premise that it will be there forever.

In some situations I think it’s completely appropriate to anonymise content, but I’d rarely (if ever) want to remove it.

(Gear Buzz) #23

So I wonder if terms of use permissions granted to use content will be made useless by GDPR?

(tophee) #24

I am no expert in this but but in Sweden the law says that you have the right to get a copy of your data (i.e. data stored about you) from any organisation that stores data about you for free, but this right is limited to one request per year. I’d assume that similar regulations exist in other countries, which would limit the potential for “red tape attacks” by disgruntled members.

Here is the information of the Swedish data protection agency on this:

In addition, at least discourse provides users with the possibility to download all their data at any time themselves…

(Gear Buzz) #25

One per year - I like that

(Luis Villa) #26

I can say from some experience that the UK’s ICO already sees a variety of abusive techniques, and is fairly reasonable about dealing with it as long as it looks like you’re operating in good faith. I expect that as this becomes more pervasive, a good way to demonstrate good faith will be using tooling that is supportive of export and deletion - suspect they’ll get more and more impatient with people who can’t do that “because our software doesn’t support it”.

(Michael Norton) #27

Hi all

I just wanted to say thank you for all the info shared on GDPR, it’s given me a better understanding and based on the links and comments we have used it as a basis to start developing our plan.

As a follow up, are there any platforms out that are looking to make a GDPR compliant platform?

As a platform admin, we can only do so much. We will have plans around the data handling etc. But if the platform does not make it easy to be forgotten or if you are unable to extract all the content that you have created etc it’s potentially going to cause a headache.

I’m at a conference next week with our platform provider and want to raise the question if they will be working toward making the platform GDPR compliant.

Do you know if any platform providers are thinking along those lines?


(rhogroupee) #28

We plan to make our platform GDPR compliant before the deadline hits. Things will get interesting once all of the individual counties within the EU make their own determinations regarding enforcement!

(Sarah Hawk) #29

Yeah, we’re working pretty hard to get things in place before May. We plan to colocate servers in the EU and offer hosting on AWS. The privacy and deletion stuff is already covered.

(Robert McIntosh) #30

I was going to post this elsewhere, but I think this debate deserves to be revived with a little more attention as we approach the deadline. I’m not convinced I’ve seen enough definitive information on the impact of GDPR on communities.

Discourse have addressed the Data transfer to the US issue with the server move, but there are still fairly fundamental issues here on privacy, deletion and opt-in which I still think most, or all, platforms (not picking on Discourse) have yet to deal with.

One specific issue to consider:

  • When the user signs up for an account, can they SPECIFICALLY opt-in to any communications they will receive, including digests, notifications and marketing messages?

It may be enough for individual communities to default all of these settings to “no email”, but what processes are in place to encourage them clearly and easily to change this for the good of community engagement?

I’m not convinced that you should default the Activity Summary to anything other than “never” unless the member chooses to have it. In that case, other than some complex call to action in a post, to visit their preferences, find the email settings and turn it ON, how would you get them to do this? CMs probably need an automated onboarding journey that explains the options and allows them to make the relevant settings. AFAIK this does not exist in Discourse (we are building something for a Higher Logic site).

Does the same apply also for notifications? Do they escape the opt-in requirement?

(Sarah Hawk) #31

Kind of… you do have the ability to customise the signup/welcome emails so you could include this kind of content.

If you want something more complicated you can address it in Discourse based communities by pushing new members into a MailChimp or CM group and sending onboarding messages from there.