#2 Jul 27, 2017 02:45
You mean this: http://www.eugdpr.org/eugdpr.org.html ?
You mean this: http://www.eugdpr.org/eugdpr.org.html ?
I though the cookies consent was annoying, then now we have this :(
This regulation goes a bit far from just data export features, so making b2evolution fully compliant would require a huge effort.
There is a lot of documentation on this subject. These documents summarize the key points of the regulation:
Also a checklist for organization compliance:
I would like to find a pure technical compliance checklist. If you find more info about it, please share.
@fplanque @mgsolipa - gdpr and eu-privacy (that is planned to go live also on May 25th 2018) cause huge efforts and work to stay save. I'll keep my eyes on this and share if I find a technical compliance checklist. (I fear, that for the first there will come up only aproximate lists. The practice (also in cases of legal proceedings) will show the real far-reaching consequences.
@mgsolipa thanks for sharing the links
Before a technical list it's important to find a legal scope of exactly who is required to provide the info. It may not apply to every individual blogger.
Reminder: 90% of the sites that display a "EU cookie consent" warning are not actually required to do so. Session/login cookies do not need to be disclaimed.
@fplanque attached you'll find the last proposal to the EU Policy Regulation - There will be some minor adaptions to business demands, but in its core it will stay this way. The proposal contains background information and further insights to what is included by this regulation.
the cookie banner will probably no longer be needed in future, because e.g. browser will - according to the principle of Privacy by Design - block all cookies by default and the user has to activate each she accepts. But as you pointed out, session cookies will not be affected. Third Party Cookies will stay in focus and some plugins in b2e may use additional Cookies (YouTube, Facebook … ). But Cookie Consent is only a part of the regulations.
Every blog/ forum owner who e.g. allows registration faces the challenges of these regulations.
Offering b2e as compatible with GDPR and EU-Privacy (2018) could really become a USP (All have to, but those who come up with first will take it. Many others will hesitantly adapt regulation only after some collusions that will force this.)
There is a toolset towards GDPR by Microsoft
Hello @fplanque ,
I posted under support:what is really a challenge for GDPR
On the website http://fokus.genba.org I try to inform clients about GDPR - so it was not really amusing to get a feedback, that the software I am using is not GDPR compatible. Till 25th of May next year this is embarrassing, but from then on this can result in really high penalties.
So please tell me, whether b2e will become compatible with GDPR by default latest at 25th May 2017 or not. I have to protect my interests.
@saunders we have been talking a bit about this subject on twitter, but I think it worths to move it to a public discussion here.
@mgsolipa you're right. We should shift our conversation from twitter to the forum.
But, as suggested, GDPR should gain a separate meta category, with different categories like:
In your last tweet you mentioned that GDPR only affects enterprises or communities with 250+ employees. That is not correct. All (exclusive exclusively private) activities in witch personal data are processed are subject of GDPR. The number of 250+ recurs to Article 30 only, "records of process activities". Enterprises with less than 250 employees are not forced (under circumstances) to have records of processes (see: https://www.privacy-regulation.eu/en/article-30-records-of-processing-activities-GDPR.htm)
So every small business using b2evolution, every society or organized community, every organization has to be compliant to GDPR no later than 25th of May 2018. There is no doubt about it.
The risk of using a not GDPR conform b2evolution is not only a users risk. Each user can take b2evolution in regress for every breach of the law caused by software itself(, not by the way it is used). In an earlier support ticket (yet waiting for reply) I mentioned one case that could bring troubles to b2evolution.
I am on board to support b2evolution in getting compliant to GDPR. But we should face it now.
I'm not sure what you mean exactly but I think I need to refer you to the user license at the very top:
b2evolution is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
Also to give you a clear answer:
So please tell me, whether b2e will become compatible with GDPR by default latest at 25th May 2017 or not.
We will probably not be 100% ready. As will be the case for 99% of the software at this date. The law is insanely complex. Even the EU knows that. Maybe Microsoft will have something that passes as compliant at that date.
The regulation is really badly written and painful to read. I am still waiting for someone to write a clear summary for our use case.
We will make reasonable efforts to facilitate compliance and have an honest solution by May.
In the meantime do you think we should detect users from the EU and display an overlay like "The European Union has decided you can no longer use this site after May 25th unless we hire 3 lawyers and 5 developers to be compliant with their latest regulations. The estimated compliance budget is 250.000 €. Donate here." ?
I created a GDPR sub forum as per your suggestion.
Please add feature requests for what b2evolution needs to do so you can be compliant.
PS: we will start with data portability / export : http://forums.b2evolution.net/data-portability-export-format