Jump to content

Who owns a the posts on your forum?


Recommended Posts

  • Administrators

Members own the content of their posts, but provide us with a permanent, irrevocable license to share it on our website. 

In other words: unless it was a threat to your safety we wouldn’t delete a post just because you threw a sad. 

Link to post
Share on other sites

It's best to comply with the request under the GDPR (General Data Protections Regulations 2018)  unless the user has violated rules, in which case some of the data should be kept for the prevention of fraud.  For example, their basic account information. The posts can be erased if applicable. 

I hope this helps and answers your question. 

Link to post
Share on other sites
  • Administrators
1 minute ago, Alexander said:

It's best to comply with the request under the GDPR (General Data Protections Regulations 2018)

It’s really not unless you’re in the EU and you have to. Forums are inherently anonymous so it’s a long bow to think someone can be identified from their posts. 

  • Like 1
Link to post
Share on other sites
10 minutes ago, s3_gunzel said:

It’s really not unless you’re in the EU and you have to. Forums are inherently anonymous so it’s a long bow to think someone can be identified from their posts. 

Yes, this is something which I forgot to mention.  England is hopefully coming out the EU but this has unfortunately been delayed.  I suppose it all comes down to using common sense while handing data deletion requests.

Edited by Alexander
Link to post
Share on other sites
  • Community Engagement
13 hours ago, Pipsi said:

Unless your forum is in England, they cannot enforce this rule. 

 

I agree with @s3_gunzel's analysis. Members own the content, and give the forums the license to use it. 

This can still be enforced in England, as an FYI. 

 

Link to post
Share on other sites
  • 2 weeks later...
On 10/4/2020 at 12:25 AM, s3_gunzel said:

It’s really not unless you’re in the EU and you have to. Forums are inherently anonymous so it’s a long bow to think someone can be identified from their posts. 

 

GDPR will affect you as the law specifically protects EU users' rights, so it doesn't really matter if your server is located outside of EU borders or not. The question is though how the privacy law will be enforceable, that remains to be seen. 

Edited by Simon
Link to post
Share on other sites
  • Administrators
1 hour ago, Simon said:

GDPR will affect you as the law specifically protects EU users' rights, so it doesn't really matter if your server is located outside of EU borders or not.

It does. We aren’t required to comply, we are not providing a paid service — or as the legislation says — doing business. I’ve done the research. 

Link to post
Share on other sites
4 hours ago, s3_gunzel said:

We aren’t required to comply, we are not providing a paid service — or as the legislation says — doing business.

 
 

The GDPR does apply outside Europe. And the GDPR is not limited to for-profit companies and organizations. This website most certainly does process the personal data of people in the EU and that means it must comply with GDPR.

Link to post
Share on other sites
3 hours ago, Simon said:

The GDPR does apply outside Europe. And the GDPR is not limited to for-profit companies and organizations. This website most certainly does process the personal data of people in the EU and that means it must comply with GDPR.

Whether they apply to outside the EU or not, the EU cannot take you to court in other countries, and they certainly cannot enforce the legislation if you, well, don't live in their jurisdiction....

Link to post
Share on other sites
  • Administrators
3 hours ago, Simon said:

And the GDPR is not limited to for-profit companies and organizations. 

Find me a source for this — all the reading I’ve done suggests that it is intended for companies doing business - taking money and storing payment information, specifically, not your standard community website. 

That said; what is ‘identifying information’; forum posts almost certainly don’t count. The argument could be made that a forum username also does not count, so it’s just your email, which you can change yourself. 

Link to post
Share on other sites
14 hours ago, Cardinal said:

Whether they apply to outside the EU or not, the EU cannot take you to court in other countries, and they certainly cannot enforce the legislation if you, well, don't live in their jurisdiction

 

That remains to be seen. Either way, I think that the overall aim of the legislation is good and I also think that website owners (especially forum administrators) should strive to comply with as many of the rules as possible. Personally, I feel much more comfortable joining a community where the administrators value their user's privacy rights and where I could easily delete my data.

14 hours ago, s3_gunzel said:

Find me a source for this — all the reading I’ve done suggests that it is intended for companies doing business - taking money and storing payment information, specifically, not your standard community website. 

That said; what is ‘identifying information’; forum posts almost certainly don’t count. The argument could be made that a forum username also does not count, so it’s just your email, which you can change yourself. 

I literally linked to the official source on this in my post. The GDPR is also intended for social media sites and online forums that stores user's data and track users (in various ways). Identifying information can be anything from an obscure pseudonym to an actual IP-address, it's not just limited to your user's email addresses. 

Link to post
Share on other sites
  • Administrators
11 minutes ago, Simon said:

Identifying information can be anything from an obscure pseudonym to an actual IP-address, it's not just limited to your user's email addresses. 

Love to see them prove an obscure pseudonym is identifying information.

We do not target EU users, we (not here, my other site) will be adding an advisory that by signing up, they waive their rights under EU legislation.

Link to post
Share on other sites
2 hours ago, s3_gunzel said:

We do not target EU users, we (not here, my other site) will be adding an advisory that by signing up, they waive their rights under EU legislation.

That's not possible. The protections and rights under GDPR cannot be waived. It's simply not possible for users to waive their rights or for website owners to withhold user's consent for data processing.

GDPR is about protecting your user's privacy - which is a good thing both for you and your users in the long run. Would you seriously block +450 million people because you refuse to implement basic privacy protection and policy for your users? 🤔 

Edited by Simon
Link to post
Share on other sites
  • Administrators
39 minutes ago, Simon said:

GDPR is about protecting your user's privacy - which is a good thing both for you and your users in the long run.

No, it’s not. It’s about being a pain in the arse. 

39 minutes ago, Simon said:

That's not possible. The protections and rights under GDPR cannot be waived.

You have the choice not to register. At the end of the day, I am not complying with your stupid law that requires me to remove everything you post. You’re on an Internet forum. You’re not paying me for the service. Either tell your MEPs to stop being so paranoid, or don’t register for my site. It’s that simple. 

Actually, may just be easier to block registrations from the EU, which, you bet your arse I can - and will - do. 

39 minutes ago, Simon said:

Would you seriously block +450 million people because you refuse to implement basic privacy protection and policy for your users?

Just so we are clear: you have privacy. Nothing identifiable is visible on the board (even to staff, I have to get into the database) - and at the moment everyone joins through a 172.16 IP — a private IP. This is a bug, but hey, GDPR compliance. 

GDPR would require us to bend to the will of every member, EU or not, who chucks a sad and decides they don’t want to be accountable for what they post online. This goes against a fundamental principle I hold, and is a non-starter for my site. 

edit: I’d recommend availing yourself of this: https://gdpr.eu/companies-outside-of-europe/ - we don’t cater to, nor advertise in, the EU - subsequently, whilst you may well jump up and down and say “but I want my account removed”, a website labelled Australia’s premier autism website can hardly be expected to be targeting an EU user. We aren’t complying. 

Link to post
Share on other sites
  • Administrators

Well, this exploded. 

 

In regards to what @Cardinal mentioned, while the GDPR might not be enforceable in all the other counties but those in the EU, it does get the discussion going about user privacy. There are a lot of forums out there that I would never join simply because I do not trust them to store my information, such as email, IP, and even my password (hashed or not..) because I know I will not be able to remove my data from said site in the future - and I think that goes for a lot of people on the internet. While GDPR requires those in the EU to basically remove all data if requested, it's not really something that I would implore to the extent the GDPR says too. A user, at least on Forumer, has the option to change their email, password, and everything with their account basically. It's the users choice to decide if they want to post personally identifiable information (which Forumer asks you not to do anyway...) on the site or not. If they choose to do so, then they choose to ignore their own privacy. If it comes down to it, I would help a user delete posts that they posted personal information on, but I would not implore deleting their whole account/posts just because the EU says too. Respecting privacy is one thing, complying with legislation as ridiculous as the GDPR is a bit over dramatic. We respect privacy, not everyone does and that is something people need to look at when giving out their information. 

Link to post
Share on other sites
4 hours ago, s3_gunzel said:

No, it’s not. It’s about being a pain in the arse. 

How is the legislation not about protecting people's privacy? 

4 hours ago, s3_gunzel said:

At the end of the day, I am not complying with your stupid law that requires me to remove everything you post. You’re on an Internet forum.

Yes, but internet forums exist in the real world where there are very real laws and regulations one must follow. The internet is not some kind of wild west. 

4 hours ago, s3_gunzel said:

You’re not paying me for the service.

This is really a completely different discussion, but you wouldn't really have a forum if it weren't for your users. Your users give you content and thus they are invaluable to you. Sure, you give access to a platform for them to do this on, but that platform would be useless without your users. That's why I think it's a pretty good idea to treat your users, their data, and their privacy rights in a professional manner.

4 hours ago, s3_gunzel said:

Either tell your MEPs to stop being so paranoid

Protecting people's right to privacy is being paranoid, huh? This discussion is getting silly. 

5 hours ago, s3_gunzel said:

Actually, may just be easier to block registrations from the EU, which, you bet your arse I can - and will - do. 

 

Yeah, I think that would be the best option for you. Sure, you would block +450 million people, but hey! 😂

  • Haha 1
Link to post
Share on other sites
On 10/3/2020 at 10:24 PM, Cardinal said:

What do you do...?

I would delete their account and all their posts and content if they requested it. I wish that IPB would have a built-in feature which allowed my users to easily delete their posts and/or account from their account settings page. I think I've seen a plugin that does something like that in the marketplace. But I'd rather use as few plugins as possible, so until IPB releases a similar function I use a special section in my forum where users can request a copy of their data or ask for their account to be removed. 

So far, it's worked pretty well. I've only had two people ask for their accounts to be removed. But I probably should move it away from my forum and leave it all in my privacy policy where I request for them to send a PM to the administrator instead. Because I really don't want to encourage them haha 😅

Link to post
Share on other sites
  • Administrators
3 hours ago, Simon said:

That's why I think it's a pretty good idea to treat your users, their data, and their privacy rights in a professional manner.

And we do - but that doesn’t extend to removal of account. 

Link to post
Share on other sites
7 hours ago, Simon said:

I wish that IPB would have a built-in feature which allowed my users to easily delete their posts and/or account from their account settings page.

They do, you just have to delete their account and it will ask on if you want to keep the posts, remove them, or rename the posts to "Deleted User XXXX".

Link to post
Share on other sites
16 hours ago, Pipsi said:

They do, you just have to delete their account and it will ask on if you want to keep the posts, remove them, or rename the posts to "Deleted User XXXX".

 

I am sorry if I were a bit unclear in my post, but I didn't mean the ACP but the actual account settings page for regular users. 🙂

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...