Hi all,
first I struggled a bit to implement the cookie notice (and adapt the texts) delivered with the newest phpbb Version.
But now I made it and it works fine.
Many thanks for that functionality.
Now, regards the DSGVO / GDPR:
Currently, I check with our lawyers, if the normal cookie notice ("OK, got it") is sufficient.
They verbally told me, that this may not be the case any more, but they are also still in check with the states dataprotection officers.
However: It may be, that DSGVO suggests or forces us to have the cookies as "opt in".
As you guys have cookie consent from Insites implemented, and they have also an opt-in option:
Is it planned to implement this function? And, of course, if the user is not accepting cookies, to block all cookies from beeing sent to the user?
Hope this makes some good sense,
best regards
Kai
EU-DSGVO or GDPR Aspects on Development
Forum rules
Please do not post support questions regarding installing, updating, or upgrading phpBB 3.3.x. If you need support for phpBB 3.3.x please visit the 3.3.x Support Forum on phpbb.com.
If you have questions regarding writing extensions please post in Extension Writers Discussion to receive proper guidance from our staff and community.
Please do not post support questions regarding installing, updating, or upgrading phpBB 3.3.x. If you need support for phpBB 3.3.x please visit the 3.3.x Support Forum on phpbb.com.
If you have questions regarding writing extensions please post in Extension Writers Discussion to receive proper guidance from our staff and community.
- DarkBeing
- Registered User
- Posts: 83
- Joined: Sun Jul 19, 2009 2:32 pm
- Location: Currently Estonia
- Contact:
Re: EU-DSGVO or GDPR Aspects on Development
https://www.phpbb.com/community/viewtop ... &t=2419821 Might be an interesting read. Although it discusses some other aspects of the DSGVO.
Re: EU-DSGVO or GDPR Aspects on Development
I doubt that this would be needed, as we only have session cookies and generally cookies that are required to run the site are an exception from the opt-in rule.KaiMI wrote: ↑Mon Apr 30, 2018 12:59 pm However: It may be, that DSGVO suggests or forces us to have the cookies as "opt in".
As you guys have cookie consent from Insites implemented, and they have also an opt-in option:
Is it planned to implement this function? And, of course, if the user is not accepting cookies, to block all cookies from beeing sent to the user?
- canonknipser
- Registered User
- Posts: 71
- Joined: Mon Sep 19, 2011 4:42 am
- Location: Germany
Re: EU-DSGVO or GDPR Aspects on Development
That correct for a vanilla phpBB. But there are other cookies set by extensions (check the official collapsible categories extension as an example), so how is that case handled? Do extension author need to implement a own opt-in for those cookies?
Greetings
Frank
phpbb.de support team member - no support via PM or mail
English is not my native language
Extensions and scripts for phpBB
Frank
phpbb.de support team member - no support via PM or mail
English is not my native language
Extensions and scripts for phpBB
Re: EU-DSGVO or GDPR Aspects on Development
The cookie that you quote there is an "operational" one and is therefore exempt from the Cookie regulations.canonknipser wrote: ↑Thu May 03, 2018 8:18 pm But there are other cookies set by extensions (check the official collapsible categories extension as an example), so how is that case handled? Do extension author need to implement a own opt-in for those cookies?
Ultimately it is the board owner's responsibility to comply with any, and all, regulations/laws that apply in the country where the board operates.
I could see a valid argument for extension authors stating that their extension is setting cookies although to be honest I am not aware of many that do - I know that my Cookie Policy/Privacy Policy extension does but when it does you have already accepted cookies so that is not an issue.
David
Remember: You only know what you know -
and you do not know what you do not know!
Remember: You only know what you know -
and you do not know what you do not know!
Re: EU-DSGVO or GDPR Aspects on Development
Spoke to our Lawyer. She recommended the following:
Fallback Option is to show a banner that tells the user how to disable cookies in the browser and that the forum might not work properly afterwards.
(all in de legal reach. Other EEC countries might be different)
- Banner, that informs about Cookies
- Two Buttons, "Agree" and "Disagree".
- No function of the board at all if nothing is chosen
- If chosen "Disagree", either set no cookies any more, or make the user leave the forum (if technically cookies are must-haves)
Fallback Option is to show a banner that tells the user how to disable cookies in the browser and that the forum might not work properly afterwards.
(all in de legal reach. Other EEC countries might be different)
Re: EU-DSGVO or GDPR Aspects on Development
Well, from a development point of view I find it rather unlikely that we would provide any functionality that would describe how not to use the software. It also seems to me that German law is more restrictive than any other regulation so your problem is better solved by an extension then any features in the core.KaiMI wrote: ↑Thu May 10, 2018 9:59 am Spoke to our Lawyer. She recommended the following:
- Banner, that informs about Cookies
- Two Buttons, "Agree" and "Disagree".
- No function of the board at all if nothing is chosen
This is the "best"-option.
- If chosen "Disagree", either set no cookies any more, or make the user leave the forum (if technically cookies are must-haves)
Fallback Option is to show a banner that tells the user how to disable cookies in the browser and that the forum might not work properly afterwards.
(all in de legal reach. Other EEC countries might be different)
Re: EU-DSGVO or GDPR Aspects on Development
Hi,
I'm pretty sure, that latest with the e-Privacy laws this (or a very similar) function will be a mandatory function in the EEC.
My recommendation is to be prepared.
Best regards
I'm pretty sure, that latest with the e-Privacy laws this (or a very similar) function will be a mandatory function in the EEC.
My recommendation is to be prepared.
Best regards
Re: EU-DSGVO or GDPR Aspects on Development
The requirement is that the site owner has to comply with all regulations/laws applicable in the country in which they operate - and this may involve several different sets of regulations.
It is not a requirement of any software package to provide the tools that are necessary to comply with these, or any other, regulations.
David
Remember: You only know what you know -
and you do not know what you do not know!
Remember: You only know what you know -
and you do not know what you do not know!
Re: EU-DSGVO or GDPR Aspects on Development
...well, you can turn that as far as you want. Still, all website owners / forum operators will face the same problem and be fined worst case. If it's the duty of any software package is a non discussion (as there are no rules of software packages carved in stone, as far as I know at least). This forum is about development. So, why not address a problem that all of you will face sooner or later. I will solve mine, that's for sure. Better you solve yours before you arre on the hook, or consult your lawyer in any doubts.