Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Sign In
Not a member yet? Click here to register.

Data protection regulation throughout Europe - is PHP Fusion ready ???

Catzenjaeger - Latest reply on 12-09-2018 09:21 by Chan

0

Catzenjaeger
Catzenjaeger
In May this year, the new data protection regulation will come into force throughout Europe. was here thought by the PHP Fusion developer or are things planned to be legally compliant? There are high penalties! Even if the UK leaves the EU ... there are also users outside the UK

https://www.onlinesolutionsgroup.de/blog/eu-datenschutz-grundverordnung-die-uhr-fuer-website-betreiber-tickt/
sorry found no english article ... translate plz smile

Sort replies by

0

Falk
Falk
Yes, with our new Privacy Policy, Cookie consent panel & Terms of Service agreements we should have it all covered.

0

Homdax
Homdax
It is not so much the system you use, but how you use it and what data that is personally identifiable stored data that may be the issue. You need to have specific consent from all users if you keep any kind of lists. You need to be able to present the data and how it is stored if anyone requests it and you need to document why you store the data and what usage you have for it.

That basically covers the main GDPR requirements. Intent, process, accountability.

0

Falk
Falk
Good summary, thank you.
We do have a very comprehensive agreements section completed of what data we collect ( Privacy Policy ) , how it is used and so forth.
In addition we have no less than one master Terms of Service agreement with over 29 main clauses and 15 appendixes containing extension agreements and policies of various services and the terms for using our site and the services connected.

0

Catzenjaeger
Catzenjaeger
Ok

Where can I find the privacy statement of PHP Fusion? I can not find them.

1.) It does not make sense to integrate something like cokkie control into PHP Fusion because it is now mandatory to inform.
2.) is the user log system available in PHP Fusion compliant and allowed?
3.) Would not be necessary for some services as they are queried in the user system (user fields) the consent of the user .. e. with a popup where the user confirms.
4.) Should not you also install the privacy protection in the Registration Settings? For example, with the note that this agreement was read and understood.

Sorry if some things are unclear .. sorry i do not speak english well and have used the translator. I'm just worried because these points I have addressed are mostly neglected.

0

Chan
Chan
Yeah, on this subject, we are missing 3 things:

1. Privacy Policy
2. Terms of Use
3. Cookie acceptance notice pop up.

0

Falk
Falk
They are in footer, bottom left.

1, https://www.php-fusion.co.uk/legal/privacy.php
2, https://www.php-fusion.co.uk/legal/tos.php
3, Re-Enabled, no idea why it stoped working, but it is back.
4. Done ( Terms of Agreement acceptance during registration )

Catzenjaeger, for point
1 and 2, you cover them in the Privacy Policy and Terms of Use.

From my understanding the GDPR does not in anyway limit action or information storage. You need to be very clear on what is done and can be done and you need to have the users consent for it.

Naturally this goes for new users. I need to see if old users can be affected by it, if that is the case we need to make a new landing page where people can´t proceed unless agreeing to the Privacy Policy & Terms of Service, in essence asking for a account removal since that is the only secundary option.
Edited by Falk on 28-03-2018 05:27, 7 months ago

0

Chan
Chan
To add US regulations compliance to COPPA. https://en.wikipedia.org/wiki/Children%27s_Online_Privacy_Protection_Act#Violations

Solving it is easy, we just need to update our locale somewhere to:

I confirm that I am above 13 years of age and agree to the [link]Terms and Conditions of Use[/link] and [link]Privacy Policy[/link].

The fine is calculated by per user registered violated somewhere up to USD$ 1,000 per user if site content is very 'condemning' to children's eyes.

Truth is nobody care, but when someone do.. that is when web owners should be cautious ;)

0

Falk
Falk
ToS -

Quote

Account Eligibility
By registering for or using the Services, you represent and warrant that:
You are eighteen (18) years of age or older. The Services are intended solely for Users who are eighteen (18) years of age or older. Any registration, use of or access to the Services, by anyone under eighteen (18) is unauthorized and is a violation of this Agreement.


Edit, added just to be very covered with some extra foot note to it.
Edited by Falk on 29-03-2018 02:31, 7 months ago

0

Routh
Routh
Is there any way to prevent PHP-Fusion from saving ANY cookies until the user has accepted that cookies are used? Currently PHP-Fusion saves the fusion_ cookies the moment a user loads the site, and the GDPR specifically requires that no data is to be written to their device until they accept.
Chan has replied to this - 1 month ago

0

Chan
Chan
I'm like 80% sure now, that the cookie will only be created when they login only. I do not think guest have cookie created for guest.

I will double check the codes and report back.

0

Chan
Chan
In a follow up of the earlier response, PHP-Fusion does not create/set/make/generate/store ANY cookie pertaining to user id or data, when you visit a site as a "guest". (See following screenshot of search results of the entire eco-system for that specific function usage).

I'll clarify all usages, in total there are just 5 scenario where system takes up non-sensitive user data and drops to the user browser (with his knowledge that it will be so because it is written in our terms of use, and with the effects of agreement by accepting the cookie panel notice).

www.php-fusion.co.uk/infusions/forum/attachments/usage.jpg

Line 102 of the same authenticate.inc - when you login
Line 361 of the same authenticate.inc - when you login as admin.
Line 68 of authentication.php - google 2FA.
Line 394 of login.php - reauthentication when you are already logon.
Line 284 of UserFieldsInput.inc - when you are trying to set a new password.

As such, I see no issue with Cookie. If you place the cookie panel, that specifically says that by interacting further such as login or requesting for validation, or 'remember preferences', cookie is used.

But I see issue with a public member profile vs GDPR 2018 and other regulations.

Don't ever create User Fields that contains or request for sensitive data such as political/regilion/biometric/sex life/ or other of personal preferential data. Not without a really professionally legally drafted and registered notice document.

Just because PHP-Fusion CMS is a closed community community software, it cannot hide such member profile to another registered member yet.

We do not have social network components yet such as "friend to see friend's data" or age validation stuff.

If it turns out that you have a kid (under age of 16), and you collected private data so other members can also see his/her data, and when that minor's parent sued you under COPPA act. That fine can rack up to hundred of thousand per user id if found guilty. It's the deadliest, makes GDPR looks like a thin foil issue in comparison. Apprently under COPPA, minor don't have brains to decide what's right for themselves.

As for cookies, the way I see it, is not the design of this software that violates GPDR, our cookies just look like some random userIDs that makes no sense to anybody. That it gets stuck into a browser which user can can clear cache will never almost becomes an issue, and the damage to data breach is almost to none.

Comparing to the the evil doers and negligence arising out of managing a web, and the intention of sharing out things that aren't supposed to, or without knowledge of the original user had in mind, is what the GDPR tries to outline.

If you really want to be free of GDPR, comply with ISO 27001 and get a certification for your organization/web. If you're interested, look it up.
Chan attached the following image:
usage.jpg
Actions
You can view all discussion threads in this forum.
You can start a new discussion thread in this forum.
You cannot reply in this discussion thread.
You cannot start on a poll in this forum.
You cannot upload attachments in this forum.
You can download attachments in this forum.
Participated Users
Users who participated in discussion: :
Catzenjaeger, Homdax, Falk, Routh, Chan

Moderators:
{%user_avatar%}

Data protection regulation throughout Europe - is PHP Fusion ready ???
by {%user_profile_link%} {%post_date%}