vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 4.x Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=245)
-   -   Mini Mods - [DBTech] GDPR Compliance (https://vborg.vbsupport.ru/showthread.php?t=326471)

DragonByte Tech 06-12-2018 09:00 PM
[DBTech] GDPR Compliance
 
1 Attachment(s)
GDPR Compliance is a mod designed to aid you in becoming compliant with GDPR, with features such as logged consent for privacy policy / terms of service and downloading user data.


Uses
GDPR Compliance is a mod designed to aid you in becoming compliant with GDPR, by allowing admins to force agreement to the Privacy Policy / Terms of Service and recording this consent. Furthermore, admins can download user data in machine readable format via the AdminCP.

Documentation
N/A


Extended Product Information

Force Privacy Policy acceptance: Admins can force all users to accept the privacy policy, and users will see a date stamp of when it was last updated.

Force Terms of Service acceptance: Admins can force all users to accept the Terms of Service, and users will see a date stamp of when it was last updated.

Logged consent: A machine readable database table logs the time stamp of the last time a user ID consented to the privacy policy and/or terms of service.

User data download: Administrators with the "Can Administer Users" permission can download user data via a new page in the AdminCP.


Copyright Information

This mod does not display any copyright information.

djbaxter 06-14-2018 09:30 AM
Has anyone tried this yet? I have downloaded it to give it a shot but haven't yet had a chance to try it out. Wondering about any conflicts with other mods.

In Omnibus 06-14-2018 12:45 PM
Quote:
Originally Posted by djbaxter (Post 2595129)
Has anyone tried this yet? I have downloaded it to give it a shot but haven't yet had a chance to try it out. Wondering about any conflicts with other mods.
Haven't tested it because prima facie it fails the litmus test of allowing a "data subject" to request their data be forgotten without first agreeing to terms with which they may not agree. If they have to agree to terms or policies to even access the contact link it violates the spirit of the GDPR, if not the letter of the GDPR.

djbaxter 06-14-2018 01:42 PM
Thanks.

Rob Graves 06-18-2018 05:10 PM
Quote:
Originally Posted by In Omnibus (Post 2595131)
Haven't tested it because prima facie it fails the litmus test of allowing a "data subject" to request their data be forgotten without first agreeing to terms with which they may not agree. If they have to agree to terms or policies to even access the contact link it violates the spirit of the GDPR, if not the letter of the GDPR.
Maybe I am confused, but how can a "data subject" ask to be forgotten when they have not registered? They have no identifiable personal information to be forgotten without registering prior.

The GDPR allows for necessary information to be collected, as long as it is not personal in nature, which, from what I know it cannot be if they are a "guest" and not registered. Article 17 of the GDP states that the right to erasure means in certain circumstances an individual can submit a request to the data controller to have personal information erased or to prevent further processing of that data.

How can they possibly not be registered and ask for personal information, of which there would be none, to be erased?

Our contact link is available to everyone, so maybe I am missing something here.

Please let me know!

In Omnibus 06-18-2018 06:48 PM
Quote:
Originally Posted by Rob Graves (Post 2595162)
Maybe I am confused, but how can a "data subject" ask to be forgotten when they have not registered? They have no identifiable personal information to be forgotten without registering prior.

The GDPR allows for necessary information to be collected, as long as it is not personal in nature, which, from what I know it cannot be if they are a "guest" and not registered. Article 17 of the GDP states that the right to erasure means in certain circumstances an individual can submit a request to the data controller to have personal information erased or to prevent further processing of that data.

How can they possibly not be registered and ask for personal information, of which there would be none, to be erased?

Our contact link is available to everyone, so maybe I am missing something here.

Please let me know!
Guest IP addresses are logged. IP addresses are considered personal data under the GDPR. So, a guest could visit the site one time and ask for their personal data to be forgotten.

djbaxter 06-18-2018 08:29 PM
Quote:
Originally Posted by In Omnibus (Post 2595164)
Guest IP addresses are logged. IP addresses are considered personal data under the GDPR. So, a guest could visit the site one time and ask for their personal data to be forgotten.
What personal data? An anonymous IP address?

I think you'd better recheck your sources.

In Omnibus 06-18-2018 09:10 PM
Quote:
Originally Posted by djbaxter (Post 2595166)
What personal data? An anonymous IP address?

I think you'd better recheck your sources.
GDPR Rule 30:

Quote:
Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.
What is it you believe I need to re-check?

djbaxter 06-18-2018 09:27 PM
There is no way your forum database can identify anyone using the site as a guest by their IP address alone. In many cases, it cannot even identify the person's location let alone any thing else about the person - it is more likely to identify the head office of the ISP. Sometimes my IP address gets the city right but it is just as likely to show me as their head office in another city 450 kms away.

If you are really concerned about it, don't let Guests post. That's a whole lot better for spam prevention anyway.

In Omnibus 06-18-2018 10:31 PM
Quote:
Originally Posted by djbaxter (Post 2595169)
There is no way your forum database can identify anyone using the site as a guest by their IP address alone. In many cases, it cannot even identify the person's location let alone any thing else about the person - it is more likely to identify the head office of the ISP. Sometimes my IP address gets the city right but it is just as likely to show me as their head office in another city 450 kms away.

If you are really concerned about it, don't let Guests post. That's a whole lot better for spam prevention anyway.
I'm not arguing whether or not an IP address or a cookie can be used by a site to identify a data subject. The EU thinks it can and they ruled as such. Having said that I decided to ban EU / EEU users rather than deal with this ridiculous nonsense. I'm not going to play footsie with the EU regulator because, as primarily a U.S. business servicing primarily U.S. clients I have that luxury. I feel badly for E.U. based businesses that are forced to tiptoe around such rulings at the risk of exorbitant fines.

djbaxter 06-18-2018 11:18 PM
Fair enough. But I think if the issue of an IP address for guest visitors to a site ever gets tested in court it will get thrown out.

In Omnibus 06-19-2018 02:08 AM
Quote:
Originally Posted by djbaxter (Post 2595171)
Fair enough. But I think if the issue of an IP address for guest visitors to a site ever gets tested in court it will get thrown out.
As a lawyer I would say the element of proof of damages is on the individual who claims to have suffered a loss as a result of "personal data" being kept by a site. If someone can't prove that your use of their data caused them harm they have no case. Therefore, I would hope you are correct in your assessment that any such case would be summarily dismissed.

Total666 06-22-2018 11:42 PM
Hello : I installed the product , where in the admin panel are the settings to edit ?

XotelHotel 06-23-2018 04:44 PM
yeah i can't find the admin pannel for this anyone help me please

ikorolis 06-23-2018 10:33 PM
Quote:
Originally Posted by XotelHotel (Post 2595227)
yeah i can't find the admin pannel for this anyone help me please
check 3.8 thread and found answer your question

check here http://prntscr.com/jyl1kc
http://prntscr.com/jyl20m
http://prntscr.com/jyl28o
http://prntscr.com/jyl2d4

Stefan 1962 06-24-2018 02:50 PM
by KLick on Privacy Policy :
PHP Code:
I have read and accept the <a href="{1}" target="_blank">Privacy Policy</a>. 
does nothing. It must go to the Privacy Site or not?
Nothing happens by Klick.
What can i do?

By Klick on Settings to set Therms of Service shows:

You do not currently have a Terms of Service URL configured.

Stefan

flox80 07-20-2018 09:02 PM
how does this look on the users end?

michaelstoffer 07-26-2018 02:45 PM
Be careful this plugin crashed my forum 4.2.3 I had to remove it.

michaelstoffer 07-26-2018 02:49 PM
This plugin crashed my forum 4.2.3

NeoDio 07-30-2018 05:28 AM
Should I even consider this if my website is based in the US? We do get worldwide traffic, however.

Master Of Unive 08-02-2018 08:06 AM
Quote:
Originally Posted by NeoDio (Post 2595778)
Should I even consider this if my website is based in the US? We do get worldwide traffic, however.
Personally I think you could ignore it unless your website is really really big. If the latter, you'd better contact a lawyer for better assistance.

In Omnibus 08-02-2018 08:41 AM
Quote:
Originally Posted by NeoDio (Post 2595778)
Should I even consider this if my website is based in the US? We do get worldwide traffic, however.
The correct answer is:

If you sell, market, or conduct research in the EU / EEU then you must have GDPR compliance.

Otherwise, it's not required.

djbaxter 08-02-2018 09:07 AM
I don't promote this particular add-on but my feeling is that implementing something similar to GDPR is to be recommended for all forums, whether or not you have members from the EU. If it does nothing else, it delivers a clear message to your members that you take their privacy seriously and that you have taken all available measures to secure that information. Additionally, it tells them what they need to do to remove their information and accounts if that is their wish.

It's only a matter of time before this sort of thing is legislated in non-EU countries in the west as well. Think oif GDPR as a wake-up call for forum owners. It's already woken up consumers (your members) to their rights and to the issue of how you are safeguarding their data.

And by the way that includes converting your site to HTTPS (SSL), if you haven't already done so. Asking your members to enter passwords on nonencrypted connections is basically saying, "Yeah. We don't really care if your password is intercepted or stolen".

LutaWicasa 08-17-2018 03:55 PM
How would you go about downloading the list in AdminCP? I'm not seeing the new page.

Zelda-King 08-20-2018 08:02 AM
Quote:
Originally Posted by In Omnibus (Post 2595131)
Haven't tested it because prima facie it fails the litmus test of allowing a "data subject" to request their data be forgotten without first agreeing to terms with which they may not agree. If they have to agree to terms or policies to even access the contact link it violates the spirit of the GDPR, if not the letter of the GDPR.
Quote:
Originally Posted by In Omnibus (Post 2595808)
The correct answer is:

If you sell, market, or conduct research in the EU / EEU then you must have GDPR compliance.

Otherwise, it's not required.
In view of these comments I deem I don't technically need this. For user peace of mind I'd still like to offer this but as the current state of the mod is insufficient for the quoted reason I'll hold off for now and keep an eye out for an update that fixes said situation.

djbaxter 09-26-2018 04:17 PM
Quote:
User data download: Administrators with the "Can Administer Users" permission can download user data via a new page in the AdminCP.
Anyone know where this "new page" is?

Stefanus 01-11-2019 02:10 PM
yeah that page is nowhere to be seen

bmwfans 06-02-2019 02:38 PM
Quote:
Originally Posted by michaelstoffer (Post 2595726)
Be careful this plugin crashed my forum 4.2.3 I had to remove it.
Same here! :(
Upon activation of the plugin the forum totally crashed. With debug mode/deactivation of plugins everything is OK.

Is there any other step that we may need to do in the installation process in order to make it work?


All times are GMT. The time now is 09:56 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01142 seconds
  • Memory Usage 1,812KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_php_printable
  • (15)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (28)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete