Topic: data protection policy and Right to be forgotten (Read 211 times)

What kind of (personal) data is stored?
e-mail address
ip address

What I meant is that Cloudflare can see your unencrypted password when you log in. It's still encrypted from the real server to Cloudflare and from Cloudflare to you. So it's not blatantly insecure except in that Cloudflare is very probably an NSA honeypot, and it's not like the NSA is going to steal your password in order to scam people on bitcointalk.org or anything.

That seems a very mature statement. Everyone else taking action on it was just for fun i recon.

This has been asked before, and this is theymos' answer:

This has been asked before, and this is theymos' answer:

what data protection? what "personal data" you've provided to the forum?
registration doesn't require real name/address/id or whatever
we just need too pick a username, password and provide email address
and there isn't even a confirmation email sent (cmiiw), I think even a fake email address may work

I intend to ignore all stupidity coming out of the EUSSR.

Q: What do I need to do to make my community forum compliant with the GDPR?

A: The GDPR includes the following key requirements:

Consent: You need explicit consent and you need to clearly inform people how you are going to use their personal data.  For example, if you are handing over your community member list to marketing to be used in various ad campaigns, you should let people know.

Right to be forgotten (right to erasure): If someone asks that you delete their personal data, in most cases, you’ll need to comply. (More on this in the next question below.)
Right to Access:  If someone asks you what personal data you have on them, you will need to provide an answer about what you have, how you’re using it, and be able to provide a copy of the data.

Data portability: The GDPR says that you will need to provide someone with a copy of their personal data in a format that is machine readable and that could be imported into another platform. We can’t imagine this being a frequent request but you should be able to produce a CSV or MySQL export of a user’s data.

Data security: You have an obligation to make sure that you are making reasonable efforts to keep data secure. Basic security measures include making sure your community forum is served over HTTPS and that data is stored and transferred securely. A commercial community forum provider will have put in place a raft of security measures that involve physical security, network security, application security and policies around data handling.

Q: Is user generated content (UGC) personal data? Is UGC subject to rules around data portability and erasure?

A: This is a tricky one.  What if a member asks that you delete all their posts? What if those posts were valuable both to the community and your company? We feel that if the posts are stripped of identifying information ( for example the username and photo of the member), they do not need to be removed. The exception here is if the posts contain information that identifies the person that is requesting removal. That would also include posts with personal data about the requester that was posted by another member. You might consider laying out in your terms of use or privacy policy who owns UGC and what will be done if someone requests removal of posted content.