Support in product for GDPR compliance [feature request]

istob 7y, 286d ago [edited]

This isn't quite as big an issue as it first seems. It may even be an opportunity for a new product such as Remarkbox, as the existing big players are struggling. None of the existing comment/forum products give the moderator much help, so anything that does any of these three key things will have an advantage.

Record date user gave consent and text of what they gave consent to at that time so moderator has record
Find all comments / posts by user, and format them so moderator can send them back to user without much effort
Delete in convincing way all users comments or posts on (verified) request

There's a fourth issue to do with not holding on to IP data, but governments may backtrack on that for now, as it is causing difficulties for suppliers - e.g DisQus.

In my country (UK) the government enforcer has said they won't go after small site owners if they at least make an effort, so at this stage if you use anything better than the norm you demonstrate that. This reduces the risk to a warning at worst, not a giant fine, so a big gain if you are worrying about compliance. Comments are a problem area, as for non-trading sites they are one of the few instances where you may end up holding data about your site visitors.

Discourse seems to be clearest on what's required, but it's expensive. https://www.discoursehosting.com/your-discourse-forum-and-the-gdpr/ Disqus is floundering.

1. Record date user gave consent and text of what they gave consent to at that time so moderator has record
2. Find all comments / posts by user, and format them so moderator can send them back to user without much effort
3. Delete in convincing way all users comments or posts on (verified) request

There's a fourth issue to do with not holding on to IP data, but governments may backtrack on that for now, as it is causing difficulties for suppliers - e.g DisQus.

Discourse seems to be clearest on what's required, but it's expensive. 
https://www.discoursehosting.com/your-discourse-forum-and-the-gdpr/
Disqus is floundering.

Comments

timehexon 45d, 9h ago [edited]

We've added user-level data controls. You can now:

Delete your account from your user settings page. This anonymizes all your comments (replaces your name with "Deleted User") and removes your account, watchers, and notifications.
Download your data as a JSON file from the same settings page.

Namespace owners already had data export at /ns/{namespace}/dump.json from the settings dashboard, but there was nothing for individual users until now.

Full details: https://git.unturf.com/engineering/remarkbox/remarkbox/-/blob/main/docs/tickets/3.md

remark

26GEDQVv 4y, 215d ago

Has Remarkbox now taken care of GDPR compliance issue? Can we be proud of a privacy friendly commenting system in our Privacy Policy? Thanks!

remark

YourDigitalRights 4y, 354d ago

remark

Dashia 5y, 250d ago

Still no answer to a GDPR related question after 2 years s s s s s s :-(

remark

russell 5y, 249d ago

Hey Dashia,

Please checkout:

https://www.remarkbox.com/privacy-policy.html

remark

YourDigitalRights 4y, 354d ago

Hi Russell,

Pointing us the privacy policy is not good enough coming from a privacy focused product. Moderators need automated tools to be able to comply with GDPR/CCPA requests our services are getting, as outlined in the original comment.

Thanks!

remark

russell 4y, 352d ago

Hey there YourDigitalRights -

You seem to have a good understanding of the types of tools Namespace owners may need to help comply with these new legislation and efforts. Could I setup some time to discuss what we have and what we need? If yes please email me to setup a meeting.

https://russell.ballestrini.net/contact/

remark