Din mai avem o nouă distracție: GDPR


(adrian) #41

simpatic prezentat, clar si la obiect

(Janos Pasztor) #42

Sorry for intruding as a non-Romanian speaker. I’m the owner of the site you linked and I have been written that privacy policy to my best understanding of the GDPR. However, I am not a lawyer. I have spoken to a couple of lawyers and none of them could confirm if my use of the Article 6 Paragraph 1 (f), Article 17 Paragraph 3 (e), and Article 21 of the GDPR were legally OK.

As far as I understand, the website owner can, under certain circumstances, forego the permission from the user for, say, using Google Analytics, but the user has to be able to turn it off. It is also OK to store access logs for legitimate use (like reporting illegal activity to the police; as far as I know).

You can copy my privacy policy if you wish, but please have your own legal council check if it’s ok.

(adrian) #43

we kind of knew you weren’t a lawyer when we were able to understand what was written :slight_smile:

I’m guessing you have no other information about your users (accounts, data they entered and such). That’s when it gets complicated. Yours will do for a simple site where everyone is a visitor.

(Janos Pasztor) #44

You are correct, I am not storing user information of any sort, and I am anonymizing the IP address of the user when sending it to GA. I was very careful about that.

Creating accounts itself is not a problem as long as users can also delete it when they want (and you can somehow ensure that a backup restore will not bring back their account). The GDPR has the word “reasonable” in a lot of places, so you would (in my read) not be required to go in by hand and redact all their forum posts for personal information as that is not “reasonable”. For other things, like newsletters, you need to get consent of course.

I found that the local government GDPR info sites are very unhelpful, instead I would recommend reading the actual law instead: http://eur-lex.europa.eu/legal-content/RO/TXT/HTML/?uri=CELEX:32016R0679&from=en

It is fairly readable and I was able to work through it in a couple of hours. If you are small enough to not have legal council, you are probably going to be OK if you adhere to the principles of it. (At least that’s what I’m counting on, but if I get a huge fine from the government, I’ll let you know. :smiley: )

I hope this helps.

(Cristian Nebunu) #45

As @AdrianBasalic said, we figured you are not a lawyer, its that the GDPR has been quite the topic of discussion lately and you had a pretty concise and easy to understand take on it. I plan on adding to this topic with any other similar pages in the future. Thanks for stopping by :slight_smile:

(Janos Pasztor) #46

Thanks for having me. :slight_smile:

(Bogdan) #47

You can find some good guidelines from a national DP authority here: https://www.cnil.fr/en/media


Decizia unei instanțe germane în legătură cu stocarea ip-urilor https://legalup.ro/interes-legitim-de-stoca-ip-urile/

(Alex Popescu) #49

GDPR Requirements in Plain English