Go Back   vb.org Archive > vBulletin Modifications > vBulletin 4.x Modifications > vBulletin 4.x Add-ons

Reply
 
Thread Tools
[DBTech] GDPR Compliance Details »»
[DBTech] GDPR Compliance
Version: 1.0.0, by DragonByte Tech DragonByte Tech is offline
Developer Last Online: Mar 2023 Show Printable Version Email this Page

Category: Mini Mods - Version: 4.x.x Rating:
Released: 06-12-2018 Last Update: Never Installs: 36
DB Changes Uses Plugins
Additional Files Translations  
No support by the author.

GDPR Compliance is a mod designed to aid you in becoming compliant with GDPR, with features such as logged consent for privacy policy / terms of service and downloading user data.


Uses
GDPR Compliance is a mod designed to aid you in becoming compliant with GDPR, by allowing admins to force agreement to the Privacy Policy / Terms of Service and recording this consent. Furthermore, admins can download user data in machine readable format via the AdminCP.

Documentation
N/A


Extended Product Information

Force Privacy Policy acceptance: Admins can force all users to accept the privacy policy, and users will see a date stamp of when it was last updated.

Force Terms of Service acceptance: Admins can force all users to accept the Terms of Service, and users will see a date stamp of when it was last updated.

Logged consent: A machine readable database table logs the time stamp of the last time a user ID consented to the privacy policy and/or terms of service.

User data download: Administrators with the "Can Administer Users" permission can download user data via a new page in the AdminCP.


Copyright Information

This mod does not display any copyright information.

Download Now

File Type: zip [DBTech] GDPR Compliance 1.0.0.zip (13.0 KB, 184 views)

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.
Благодарность от:
furnival

Comments
  #2  
Old 06-14-2018, 09:30 AM
djbaxter djbaxter is offline
 
Join Date: Aug 2006
Location: Ottawa, Canada
Posts: 2,601
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Has anyone tried this yet? I have downloaded it to give it a shot but haven't yet had a chance to try it out. Wondering about any conflicts with other mods.
Reply With Quote
  #3  
Old 06-14-2018, 12:45 PM
In Omnibus's Avatar
In Omnibus In Omnibus is offline
 
Join Date: Apr 2010
Location: Inside A Blade Server
Posts: 840
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by djbaxter View Post
Has anyone tried this yet? I have downloaded it to give it a shot but haven't yet had a chance to try it out. Wondering about any conflicts with other mods.
Haven't tested it because prima facie it fails the litmus test of allowing a "data subject" to request their data be forgotten without first agreeing to terms with which they may not agree. If they have to agree to terms or policies to even access the contact link it violates the spirit of the GDPR, if not the letter of the GDPR.
Reply With Quote
2 благодарности(ей) от:
djbaxter, Zelda-King
  #4  
Old 06-14-2018, 01:42 PM
djbaxter djbaxter is offline
 
Join Date: Aug 2006
Location: Ottawa, Canada
Posts: 2,601
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks.
Reply With Quote
  #5  
Old 06-18-2018, 05:10 PM
Rob Graves Rob Graves is offline
 
Join Date: May 2011
Posts: 8
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by In Omnibus View Post
Haven't tested it because prima facie it fails the litmus test of allowing a "data subject" to request their data be forgotten without first agreeing to terms with which they may not agree. If they have to agree to terms or policies to even access the contact link it violates the spirit of the GDPR, if not the letter of the GDPR.
Maybe I am confused, but how can a "data subject" ask to be forgotten when they have not registered? They have no identifiable personal information to be forgotten without registering prior.

The GDPR allows for necessary information to be collected, as long as it is not personal in nature, which, from what I know it cannot be if they are a "guest" and not registered. Article 17 of the GDP states that the right to erasure means in certain circumstances an individual can submit a request to the data controller to have personal information erased or to prevent further processing of that data.

How can they possibly not be registered and ask for personal information, of which there would be none, to be erased?

Our contact link is available to everyone, so maybe I am missing something here.

Please let me know!
Reply With Quote
Благодарность от:
djbaxter
  #6  
Old 06-18-2018, 06:48 PM
In Omnibus's Avatar
In Omnibus In Omnibus is offline
 
Join Date: Apr 2010
Location: Inside A Blade Server
Posts: 840
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Rob Graves View Post
Maybe I am confused, but how can a "data subject" ask to be forgotten when they have not registered? They have no identifiable personal information to be forgotten without registering prior.

The GDPR allows for necessary information to be collected, as long as it is not personal in nature, which, from what I know it cannot be if they are a "guest" and not registered. Article 17 of the GDP states that the right to erasure means in certain circumstances an individual can submit a request to the data controller to have personal information erased or to prevent further processing of that data.

How can they possibly not be registered and ask for personal information, of which there would be none, to be erased?

Our contact link is available to everyone, so maybe I am missing something here.

Please let me know!
Guest IP addresses are logged. IP addresses are considered personal data under the GDPR. So, a guest could visit the site one time and ask for their personal data to be forgotten.
Reply With Quote
  #7  
Old 06-18-2018, 08:29 PM
djbaxter djbaxter is offline
 
Join Date: Aug 2006
Location: Ottawa, Canada
Posts: 2,601
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by In Omnibus View Post
Guest IP addresses are logged. IP addresses are considered personal data under the GDPR. So, a guest could visit the site one time and ask for their personal data to be forgotten.
What personal data? An anonymous IP address?

I think you'd better recheck your sources.
Reply With Quote
  #8  
Old 06-18-2018, 09:10 PM
In Omnibus's Avatar
In Omnibus In Omnibus is offline
 
Join Date: Apr 2010
Location: Inside A Blade Server
Posts: 840
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by djbaxter View Post
What personal data? An anonymous IP address?

I think you'd better recheck your sources.
GDPR Rule 30:

Quote:
Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.
What is it you believe I need to re-check?
Reply With Quote
  #9  
Old 06-18-2018, 09:27 PM
djbaxter djbaxter is offline
 
Join Date: Aug 2006
Location: Ottawa, Canada
Posts: 2,601
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

There is no way your forum database can identify anyone using the site as a guest by their IP address alone. In many cases, it cannot even identify the person's location let alone any thing else about the person - it is more likely to identify the head office of the ISP. Sometimes my IP address gets the city right but it is just as likely to show me as their head office in another city 450 kms away.

If you are really concerned about it, don't let Guests post. That's a whole lot better for spam prevention anyway.
Reply With Quote
  #10  
Old 06-18-2018, 10:31 PM
In Omnibus's Avatar
In Omnibus In Omnibus is offline
 
Join Date: Apr 2010
Location: Inside A Blade Server
Posts: 840
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by djbaxter View Post
There is no way your forum database can identify anyone using the site as a guest by their IP address alone. In many cases, it cannot even identify the person's location let alone any thing else about the person - it is more likely to identify the head office of the ISP. Sometimes my IP address gets the city right but it is just as likely to show me as their head office in another city 450 kms away.

If you are really concerned about it, don't let Guests post. That's a whole lot better for spam prevention anyway.
I'm not arguing whether or not an IP address or a cookie can be used by a site to identify a data subject. The EU thinks it can and they ruled as such. Having said that I decided to ban EU / EEU users rather than deal with this ridiculous nonsense. I'm not going to play footsie with the EU regulator because, as primarily a U.S. business servicing primarily U.S. clients I have that luxury. I feel badly for E.U. based businesses that are forced to tiptoe around such rulings at the risk of exorbitant fines.
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 06:52 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.07864 seconds
  • Memory Usage 2,332KB
  • Queries Executed 24 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (7)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (10)post_thanks_box
  • (4)post_thanks_box_bit
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (3)post_thanks_postbit
  • (10)post_thanks_postbit_info
  • (9)postbit
  • (1)postbit_attachment
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete