GDPR

[dakky21]

I believe admins were notified of this, but not taking it seriously. On May 25 this year, that means in three days, General Data Protection Regulation will be implemented in European Union.

It WILL have an effect on the other countries outside EU if they have customers from EU.

Terms of Use and Privacy policy of the site should be changed to reflect the coming implementation of that regulation. Otherwise face risks of being sued and fines are up to 20 million Euros.

https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

From the Wikipedia:

The regulation applies if the data controller (an organisation that collects data from EU residents), or processor (an organisation that processes data on behalf of a data controller like cloud service providers), or the data subject (person) is based in the EU. Under certain circumstances, the regulation also applies to organisations based outside the EU if they collect or process personal data of individuals located inside the EU.

According to the European Commission, "personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address."

[Razorvich]

i give you 2 claps dakky and...

[dakky21]

Look, considering the nickname is the personal data as well, after May 25th, someone could ask admins to remove all his data from the site, including the nickname. That would be impossible, because it would have to be removed from all played games, all forum posts etc. and if they don't comply one could sue them for a maximum fine of 20 millions.

Or just have a new Terms of use which EU members must accept to stay on the site.

[Razorvich]

ok 3 claps

[2dimes]

So, this could kill forums?

Sounds like one of those things they can't enforce since the servers would not be in England but it might cut off many of the customers in Great Briton.

When the United States finally outlawed online poker it killed a lot of sites. At the remaining sites some US citizens still played, but what happened was those citizens of the USA were no longer protected and it was easier for sites to rip them off.

I'm not comparing that to this but just saying, the new law was supposed to protect their citizens but backfired.

[dakky21]

So, this could kill forums?

Sounds like one of those things they can't enforce since the servers would not be in England but it might cut off many of the customers in Great Briton.

It could kill everything if the terms of use and privacy policy isn't compliant. And it's not just England. It's about whole EU which includes Germany, France, Spain, Italy.... etc.

[2dimes]

Well it sounds like there is 3 days before it happens so they will probably fix it up. "No worries." ?

[BrutalBob]

Well it sounds like there is 3 days before it happens so they will probably fix it up. "No worries." ?

Yeah, just to make sure, better post it in suggestions as well

[2dimes]

Yes, suggestions. Excellent idea. Once you post something there they take action right away!

[mrswdk]

dakky is actually correct. GDPR applies to any company processing personally identifiable data of an individual or individuals in the European Union. It doesn't matter if the company is located outside the EU, all that matters is that the person is inside the EU. Personally identifiable data is anything that could be used to identify the individual, so their name, financial details, place of residence age etc. The law actually regards political and religious beliefs, and sexual orientation, as personal data too - presumably because if someone who knows you sees your posts in OT rambling on about God and how much you love George Bush, that's information that could help them deduce that those posts were written by you.

All you need is to make sure EU resident users of CC have given opt in consent for you to hold that type of data, and tell them how it will be stored/used, and make sure that if they ask you to delete any of their personal data once you no longer need it, that you do. You may do this already, I can't remember what CC asked me to consent to (if anything) when I made my accounts. But if you don't take those measures then yes you would be violating GDPR. You obviously wouldn't get fined 20 million Euros but 4% of your annual turnover is one of the possible punishments. So for CC I guess that's about $6.20.

It's actually been pretty big news over here. I've received roughly 30-40 emails in the past week or two from companies rushing to tell me about their new T&Cs, including a bunch asking me to give my consent to data storage again. Every time I log into Facebook, for example, it tells me that if I don't agree to its new T&Cs by tomorrow I won't be allowed to remain on Facebook.

[dakky21]

You obviously wouldn't get fined 20 million Euros but 4% of your annual turnover is one of the possible punishments. So for CC I guess that's about $6.20.

the law says "whichever is the greater" ... so 20 million Euros is greater than 4% of CC's annual turnover and there you have it. Since it's 25 May here in EU already, I can expect that CC will close in few months since nothing was done on the matter.

[Symmetry]

I would hope that the management team have got in contact with a lawyer who is familiar with the subject. It's a massive piece of legislation.

On a purely anecdotal front, CC seems like it can preempt some of the problems by allowing for deletion of records on request. The site has done so before of its own volition with regards to forum posts.

It would require a shift in thinking away from mods and management towards accountability.

[waauw]

It's a pretty interesting experience, receiving dozens of emails from companies I didn't even know they held my information. All asking whether they can hold onto and use it.

Every time I log into Facebook, for example, it tells me that if I don't agree to its new T&Cs by tomorrow I won't be allowed to remain on Facebook.

Apparently they are now facing charges for that. Some privacy non-profit organization is already claiming this is a method of forced compliance, illegal under the new regulation.

[Symmetry]

Being responsible for someone's data is a big thing, and involves a lot of laws. There's a huge amount of training that has to go into making people fully compliant with that- having access to someone's history is a massive responsibility.

Some of the things that mods say on this site make me wonder if they've undergone any kind of safeguarding training at all before they were recruited.

That's not a criticism of the mods, and I genuinely hope that there is a formalised training program for mods and management.

If there isn't, I'd highly suggest implementing one.

[mrswdk]

You obviously wouldn't get fined 20 million Euros but 4% of your annual turnover is one of the possible punishments. So for CC I guess that's about $6.20.

the law says "whichever is the greater" ... so 20 million Euros is greater than 4% of CC's annual turnover and there you have it. Since it's 25 May here in EU already, I can expect that CC will close in few months since nothing was done on the matter.

It says 'up to' 20 million or 4%. They would obviously not fine CC or any other small company 20 million Euros.

Every time I log into Facebook, for example, it tells me that if I don't agree to its new T&Cs by tomorrow I won't be allowed to remain on Facebook.

Apparently they are now facing charges for that. Some privacy non-profit organization is already claiming this is a method of forced compliance, illegal under the new regulation.

The problem I was having with that particular point is trying to remember what things are identified by the law as 'best practice' and what things are identified as 'requirements'. Like you say, under GDPR telling people they can only use your service if they give consent is definitely bad form - but I can't remember if it's a straight up violation of the law or just frowned-upon-but-permissible. I would have assumed it's a straight up violation though.

Facebook could probably argue that it's impossible to actually have a Facebook account without giving over at least some of data you choose to upload to your Facebook though. Like, there's no way you could say 'I want a Facebook but without storing my name on Facebook'.

[Symmetry]

Facebook already lost that argument. That's part of why the law was made and took effect