General > General Technical Chat
Proposed changes to the Australian Privacy Act (Right to Erasure)
Halcyon:
https://www.twobirds.com/en/insights/2023/australia/australian-privacy-reforms-are-we-getting-the-right-to-be-forgotten
Changes to our Privacy Act, similar to what is already enacted in the EU under their GDPR, are being proposed here.
This will have wide-spread implications for many Australian business and services online (and potentially this forum). It will be interesting to see what constitutes "personal information" and whether that extends as far as an email address or an online pseudonym that could potentially link an online profile to a real person.
AndrewNorman:
I have spent the last few years working on systems that fall under GDPR and the problem is personal information gets very subjective at times. But I was sent this when I was talking to our security officer.
--- Quote ---In order for a revealed email address to be considered a breach of GDPR the e-mail address has to fall into a specific category, namely one of the following: A personal e-mail address such as Gmail, Yahoo, or Hotmail. A company email address that includes your full name such as firstname.lastname@company.com
--- End quote ---
Then you start combining that with IP addresses and you end up with another can of worms.
redkitedesign:
Forums like this still exist in Europe, so apparently its possible to comply with the GPDR.
Easiest way to comply is by not collecting the information in the first place. So don't collect names, only e-mail. And don't make e-mails public. You don't need 2FA, no European forum needs that.
Right to be forgotten is another issue. However, as a forum you can argue (at least in the EU) that you need to keep all posts in order to preserve the logical thread. Especially quotes are safe under this rule. Posters are already able to edit their posts (and thus to remove them)
IP addresses of posters can be logged as you need them to report those offering nukes to the authorities.
In general, if there is a good reason to keep information, it is allowed. However, marketing and profit are never good reasons. Good reasons are legal obligations, actual functionality or explicit permission (e.g. A poster posting he works at $company is divulging personal information. However, you may assume the poster is not mentally impaired, so they have decided they want to use your forum to publish that information. That constitutes permission under EU rules. Note this also applies to nicknames used and published on the forum!)
james_s:
It could also be that it is simply not enforced. How do you ever know what information a forum keeps around? How does enforcement work?
AndrewNorman:
Enforcement is an interesting question.
If you have a breach then it is in your interest to declare it asap as it drops the penalty down a considerable amount.
Most of the time in the EU (I am mostly UK experience) you get reported to the authorities (normally after you refuse to delete someone, or someone is just feeling malicious) who then come in and check. Mostly if you work with them and show good faith in fixing the problem (and you haven't been caught selling data or anything like that) then the UK Information Office will play nice and give you some time to fix the issue.
Navigation
[0] Message Index
[#] Next page
Go to full version