General > General Technical Chat

Proposed changes to the Australian Privacy Act (Right to Erasure)

<< < (2/2)

JPortici:

--- Quote from: bigfoot22 on January 31, 2023, 03:54:30 am ---What you could do is create is a system of 2FA in addition to a password and username. That would beef up security but also require people of this forum to install a 2FA app on either windows, android or ios or Linux.

But it also means that you can meet the guidelines of the GDPR.

Simply ask new users to scan a QR code on their app or copy a line of text into their windows/linux authenticator app.

--- End quote ---

what? nothing like that is required. As andrew said as long as you don't sell information and delete it when requested you are fine. Only websites that require 2FA to be used are banks, institutional websites, and the google/apple developer websites (and the likes) and i'm sure it's only so they have an extra layer of CYA, it's not mandated by GDPR

SiliconWizard:

--- Quote from: james_s on January 31, 2023, 04:04:45 am ---It could also be that it is simply not enforced. How do you ever know what information a forum keeps around? How does enforcement work?

--- End quote ---

All that can be enforced (same in the EU currently) is that websites *ask* for permissions to store cookies and stuff, and provide a contact form/email where users can ask for personal data that the website holds about them and/or ask to delete it. As this is what can be "seen" from the outside, this all  that can be enforced. Websites/servers can just pretend they comply by showing what is expected, and do absolutely nothing else.

What they do behind the scenes, nobody can know until there is an investigation, which happens very rarely and only for the big guys usually, such as Facebook, Apple, Google, MS, etc.

And of course, even for the ones that do everything right, server backups still pose unique challenges as backups could contain data that is no more accessible on said server, but still held somewhere and owned by the company until the backups are destroyed, and for those using complex backup schemes involving chains of remote datacenters, you can imagine that "fully deleted data" is little more than fiction these days.

redkitedesign:

--- Quote from: SiliconWizard on January 31, 2023, 06:03:28 am ---
--- Quote from: james_s on January 31, 2023, 04:04:45 am ---It could also be that it is simply not enforced. How do you ever know what information a forum keeps around? How does enforcement work?

--- End quote ---
What they do behind the scenes, nobody can know until there is an investigation, which happens very rarely and only for the big guys usually, such as Facebook, Apple, Google, MS, etc.

--- End quote ---

Of course, with the GDPR being an EU thingie, it is implemented in every EU member state seperately, with their own laws and enforcement.

However, I do know of a publisher (DPG Media) and a City (Enschede) who've gotten fines (of 525000 and 600000 Euros) for GDPR-violations.
Another one (Voetbal Totaal) was reverted on appeal. So enforcement does exist (but isn't only focused on Internet/Media companies)

Ranayna:
Forums like these still exist in Germany. GDPR compliant. And from what i gather Germany is comparatively restrictive with data protection laws.
You need to consider that the GDPR does *not* prohibit any and all data collection.

If you have a legitimate need for an information, like the email address for registration as a way to verify and recover accounts, it is allowed to store it. What you cannot do is use that information for anything else that takes your fancy, like selling them to some information broker or ad company.

For deleted users the posts stay, and in all cases i remember the username also was kept associated to the posts, but the account information linked to the username is gone. Just prohibit using the email as actual username, and you are safe in that regard.
It can get a bit ugly though if someone used their real name as handle. I have seen it anonymized as "user<randomnumber>", but quotes are often not retroactively changed. I do not know if that might even be a GDRP issue though, since i don't think it is a reasonable expectation to do a "search & replace" through the whole forum.

Considering that at least one "User purge" that also removed most posts of that user happened here on the EEVBlog, i do not see what the effects really would be though. There is precedence, after all. Also I would not expect that such full purges are something that would often get requested here, since hopefully most users here are rather reasonable.

redkitedesign:

--- Quote from: Ranayna on January 31, 2023, 12:14:18 pm ---It can get a bit ugly though if someone used their real name as handle. I have seen it anonymized as "user<randomnumber>", but quotes are often not retroactively changed. I do not know if that might even be a GDRP issue though, since i don't think it is a reasonable expectation to do a "search & replace" through the whole forum.

--- End quote ---

Strictly speaking, the quote is protected by the copyright of the poster. So the user who wants to be forgotten has to ask the poster who made the quote. It also affects the right of free speech of the poster, and ECHR (european convention of human rights, required law in all EU states) says that when two rights collide (free speech versus right to be forgotten) neither is an absolute.

Since that becomes an untanglable mess really quickly, the GPDR considers that unreasonable. 

Navigation

[0] Message Index

[*] Previous page

There was an error while thanking
Thanking...
Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod