Sure. Although GDPR is mostly about processes and not that much about configuration.
Of course we have made sure that we have all the right things in place. Patch management, security best practices, ISO 27001 data center provider (Frankfurt, Germany) with a data processing agreement between us and them. On top of that we will* run nginx (or more specific: openresty) that is configured to remove the last octet from all IP adresses , and a Discourse with a patched rate limiter (using a plugin) so it can deal with the missing octet.
Backups and email use European data centers too (for European customers)
(*) Iām saying we āwillā run that because weāre currently still ironing out the last details in that plugin)
Unfortunately, the regulators are not the ones to worry about. They are chronically understaffed, and a GDPR specialized lawyer has told me that the relevant agencies have only received minimal budget increases to deal with the new beast. The real threat stems from EU located individuals ā either acting on their own, or as proxies for organizations and lawyers ā who want to harm your business or community, for whatever reason.
People living in the German speaking part of Europe are aware of the notorious āAbmahnanwƤlteā. These are typically individual lawyers or legal practices, which are entirely specialized on suing the operators of websites which are not compliant with various regulations. They will often go after small to midsize companies, which donāt have the expertise or resources to fight long drawn legal disputes, in the hope that they will just give in and settle out of court, or accept a fine. A court ruling in the EU can be enforced in countries outside the EU, providing the country in question has a functional legal system.
We must not forget that a discussion forum can potentially have an important influence on broader public opinion, media and even policy. I am providing service to a quite vocal patient organization (on a purely nonprofit basis). A company with very deep pockets is not at all happy about their existence, and would be glad to see them gone. Even though I am not in panic mode, I am worried about GDPR being exploited for solving such conflicts of interest. In my case, I find it crucial to have as few flanks open as possible, as to not invite potential attacks.
I should reiterate up top that I fully stand by everything I said in my previous posts. Following the guidance of your Data Protection Authority is still the first (and normally last) port of call. What weāre discussing here is what do in a (theoretical at this stage) edge case.
Yes, this is a fair point. Litigation is used like this in common law countries as well. This aspect of the discussion about the GDPR has been nagging me, as it does seem to introduce a private right of action (albeit, how that can and will be used is yet to be seen).
The typical way smaller entities deal with legal threats from bigger entities is by pooling resources. The point of abusive litigation tactics is to divide and conquer. Even if one community were to hire a lawyer now and get some initial advice, in this event of this kind of suit, it may not be enough.
One thing that occurred to me yesterday was whether it would be possible for small, community focused, data controllers and processors (i.e. Discourse communities) to join forces with the already existing community efforts to pool resources for GDPR enforcement against larger entities, in particular I had this organisation and its crowdfunding campaign in mind.
It may seem a bit strange at first, but I think there are some shared cultural touchstones (e.g. support of open source, tech community culture, support for individuals and small entities vs big entities etc.) that could make projects like this a natural ally.
Even if it didnāt result in specific advice, there would be benefit in culturally aligning with this side of the privacy discourse in the EU.
Does anyone know Max Schremsā¦?
@erlend_sh I understand that Discourse itself may not want to get involved in this kind thing, but Iād be interested in your thoughts on this specific point of the GDPR discussion (i.e. the pooling of resources and cultural alignment with the āprivacyā side of the tech community in the EU as a strategic step).
Weāre certainly interested in such efforts, but at this point weāve still got our hands full getting our own GDPR policies in place. I feel like there will be more of substance to talk about when weāve lived with GDPR in practice for a little while.
I think the most important things to do about the GDPR is to let the users download everything our discourse websites have about they and also to let the users delete everything if they want. At least thatās what this law ask for.
Someone ask why to do that if the TOS says everything a user publish become the forum property. Thatās exactly about. This new law GDPR not let the companies to own the users informations even they agree.
Even this page, meta.discourse.org become āillegalā since May 25, 2018, because Iām from Europe and they donāt let me download all data discourse stores about me and my account. (Just an example). Also, there are no options to remove all my data without deleting my account.
That is not completely correct. Itās not about property or ownership, itās about the right to request deletion. As I have pointed out before, article 17.3 of the GDPR provides for an exception where processing is necessary for āexercising the right of freedom of expression and informationā;
That is not a requirement either.
There is no automatic mechanism, but maybe you can ask and they will process your request manually.
As a forum admin you can search for @bobthedeleted and just edit the posts and hide revisions if you must. Doing this automatically is very wrongheaded and full of edge cases.
What about posts that said:
I agree with what Bob the deleted said.
Or
I agree with what Bob said.
Or
Bob The Deleted was wrong
Or
@bobthedeleted is a great username to use.
And so on and so on, I can list edge cases here all day.
After anonymization we can queue a rebake maybe on posts with mentions so they turn from @sam to @sam but this can be done today anyway. I donāt see why we are responsible for some magical, impossible to build right feature here.
That anonymizing a user leaves @ mentions intact is not an opinion but a fact, how can you disagree ?
I totally understand there are lots of edge cases, and I also understand that this is a pretty hard thing to do. But I wasnāt saying that you are āresponsibleā nor that you should fix it. I was merely stating that this is something where the user anonymization feature is not perfect.
Although Iām now getting confused whether you guys are working on this or notā¦
Itād be interesting to hear how you do this? (if youāre working with that?) (Iām curious about this, because Iām thinking about doing that in a web app Iām building.)
Changing from @username in the commonmark source seems like really hard, to me. (Hard to know if @something is pre-formatted text or maybe part of an email address or maybe Twitter handle, or whatever, but not a real username mention)
However, changing @username to @anon12345when rendering the markdown to html, seems like actually doable, in a markdown renderer plugin? ā¦
ā¦ (because the plugin would know if the @something is actually a username mention, or something else and should be skipped)
So, one approach is to change the @username to @anon12345 everywhere itās publicly visible (i.e. in the rendered HTML), but ā¦ leave it as is, in the Commonmark source? People could then (unfortunately) still find out what the actual username is, by viewing the edit history ā then the source is visible (right?). But few people would think about that? & wouldnāt be indexed by search engines.
rake db:remap works and will violently delete all refs to @bob with the right regex, anyway we are not done with usability changes here, but as it is, if you want to do this today you can
I do support adding options for hard nuke on posts and revisions behind a site setting restricted to admins to increase usability here
I wonder if the end of may hits and suddenly 10s of thousands of users will stamp feet and demand to be deleted from discourse sites
I can definitely understand why some companies are just noping right out of the whole thing and banning the EU from their systems, or even going so far as to shut down services entirely. Of course, if the GDPR-maximalists are correct, even doing this isnāt enough to avoid problems.
This is really one of the thing that kind of bugs meā¦ You can run rake db:remap @gandalf @anon and junk @gandalf from the face of every single table in your database. Everything!
And if you do that twice ā¦ the collateral of destroying @gandalf2 cause you forgot to add the regex properly that checks for trailing space or < is probably not the end of the worldā¦ now if he/she called themselves @bob well this might be more painful. But this stuff is doable with todayās tooling. It is also doable with queries directly against the DB.
If this user demands that every single time someone said Gandalf or The Grey or The bearded one in passing, then the text must be edited that can be more of a headache, but this is, I guess workable.
I would personally like to see what happens at the end of May prior to deciding to build the Amazing UX from hell ā¢ for scrubbing random data from site. If this becomes too much work for us running the queries by hand we can build a UX. But I worry that building the UX prior to seeing any issue is creating work mountain in a less justifiable way.
Slightly off-topic, but I bet that people said that the first time food-safety laws came into effect.
What we are feeling now is the result of 25+ years of unmanaged data sharing; yes, itāll hurt. Just like it hurts when I donāt do dishes for a weekā¦ itās still needed