Sure. Although GDPR is mostly about processes and not that much about configuration.
Of course we have made sure that we have all the right things in place. Patch management, security best practices, ISO 27001 data center provider (Frankfurt, Germany) with a data processing agreement between us and them. On top of that we will* run nginx (or more specific: openresty) that is configured to remove the last octet from all IP adresses , and a Discourse with a patched rate limiter (using a plugin) so it can deal with the missing octet.
Backups and email use European data centers too (for European customers)
(*) I’m saying we “will” run that because we’re currently still ironing out the last details in that plugin)
Unfortunately, the regulators are not the ones to worry about. They are chronically understaffed, and a GDPR specialized lawyer has told me that the relevant agencies have only received minimal budget increases to deal with the new beast. The real threat stems from EU located individuals – either acting on their own, or as proxies for organizations and lawyers – who want to harm your business or community, for whatever reason.
People living in the German speaking part of Europe are aware of the notorious “Abmahnanwälte”. These are typically individual lawyers or legal practices, which are entirely specialized on suing the operators of websites which are not compliant with various regulations. They will often go after small to midsize companies, which don’t have the expertise or resources to fight long drawn legal disputes, in the hope that they will just give in and settle out of court, or accept a fine. A court ruling in the EU can be enforced in countries outside the EU, providing the country in question has a functional legal system.
We must not forget that a discussion forum can potentially have an important influence on broader public opinion, media and even policy. I am providing service to a quite vocal patient organization (on a purely nonprofit basis). A company with very deep pockets is not at all happy about their existence, and would be glad to see them gone. Even though I am not in panic mode, I am worried about GDPR being exploited for solving such conflicts of interest. In my case, I find it crucial to have as few flanks open as possible, as to not invite potential attacks.
I should reiterate up top that I fully stand by everything I said in my previous posts. Following the guidance of your Data Protection Authority is still the first (and normally last) port of call. What we’re discussing here is what do in a (theoretical at this stage) edge case.
Yes, this is a fair point. Litigation is used like this in common law countries as well. This aspect of the discussion about the GDPR has been nagging me, as it does seem to introduce a private right of action (albeit, how that can and will be used is yet to be seen).
The typical way smaller entities deal with legal threats from bigger entities is by pooling resources. The point of abusive litigation tactics is to divide and conquer. Even if one community were to hire a lawyer now and get some initial advice, in this event of this kind of suit, it may not be enough.
One thing that occurred to me yesterday was whether it would be possible for small, community focused, data controllers and processors (i.e. Discourse communities) to join forces with the already existing community efforts to pool resources for GDPR enforcement against larger entities, in particular I had this organisation and its crowdfunding campaign in mind.
It may seem a bit strange at first, but I think there are some shared cultural touchstones (e.g. support of open source, tech community culture, support for individuals and small entities vs big entities etc.) that could make projects like this a natural ally.
Even if it didn’t result in specific advice, there would be benefit in culturally aligning with this side of the privacy discourse in the EU.
Does anyone know Max Schrems…?
@erlend_sh I understand that Discourse itself may not want to get involved in this kind thing, but I’d be interested in your thoughts on this specific point of the GDPR discussion (i.e. the pooling of resources and cultural alignment with the ‘privacy’ side of the tech community in the EU as a strategic step).
We’re certainly interested in such efforts, but at this point we’ve still got our hands full getting our own GDPR policies in place. I feel like there will be more of substance to talk about when we’ve lived with GDPR in practice for a little while.
I think the most important things to do about the GDPR is to let the users download everything our discourse websites have about they and also to let the users delete everything if they want. At least that’s what this law ask for.
Someone ask why to do that if the TOS says everything a user publish become the forum property. That’s exactly about. This new law GDPR not let the companies to own the users informations even they agree.
Even this page, meta.discourse.org become “illegal” since May 25, 2018, because I’m from Europe and they don’t let me download all data discourse stores about me and my account. (Just an example). Also, there are no options to remove all my data without deleting my account.
That is not completely correct. It’s not about property or ownership, it’s about the right to request deletion. As I have pointed out before, article 17.3 of the GDPR provides for an exception where processing is necessary for “exercising the right of freedom of expression and information”;
That is not a requirement either.
There is no automatic mechanism, but maybe you can ask and they will process your request manually.
As a forum admin you can search for @bobthedeleted and just edit the posts and hide revisions if you must. Doing this automatically is very wrongheaded and full of edge cases.
What about posts that said:
I agree with what Bob the deleted said.
I agree with what Bob said.
Bob The Deleted was wrong
@bobthedeleted is a great username to use.
And so on and so on, I can list edge cases here all day.
After anonymization we can queue a rebake maybe on posts with mentions so they turn from @sam to @sam but this can be done today anyway. I don’t see why we are responsible for some magical, impossible to build right feature here.
That anonymizing a user leaves @ mentions intact is not an opinion but a fact, how can you disagree ?
I totally understand there are lots of edge cases, and I also understand that this is a pretty hard thing to do. But I wasn’t saying that you are “responsible” nor that you should fix it. I was merely stating that this is something where the user anonymization feature is not perfect.
Although I’m now getting confused whether you guys are working on this or not…
It’d be interesting to hear how you do this? (if you’re working with that?) (I’m curious about this, because I’m thinking about doing that in a web app I’m building.)
Changing from @username in the commonmark source seems like really hard, to me. (Hard to know if @something is pre-formatted text or maybe part of an email address or maybe Twitter handle, or whatever, but not a real username mention)
However, changing @username to @anon12345when rendering the markdown to html, seems like actually doable, in a markdown renderer plugin? …
… (because the plugin would know if the @something is actually a username mention, or something else and should be skipped)
So, one approach is to change the @username to @anon12345 everywhere it’s publicly visible (i.e. in the rendered HTML), but … leave it as is, in the Commonmark source? People could then (unfortunately) still find out what the actual username is, by viewing the edit history — then the source is visible (right?). But few people would think about that? & wouldn’t be indexed by search engines.
This is really one of the thing that kind of bugs me… You can run rake db:remap @gandalf @anon and junk @gandalf from the face of every single table in your database. Everything!
And if you do that twice … the collateral of destroying @gandalf2 cause you forgot to add the regex properly that checks for trailing space or < is probably not the end of the world… now if he/she called themselves @bob well this might be more painful. But this stuff is doable with today’s tooling. It is also doable with queries directly against the DB.
If this user demands that every single time someone said Gandalf or The Grey or The bearded one in passing, then the text must be edited that can be more of a headache, but this is, I guess workable.
I would personally like to see what happens at the end of May prior to deciding to build the Amazing UX from hell ™ for scrubbing random data from site. If this becomes too much work for us running the queries by hand we can build a UX. But I worry that building the UX prior to seeing any issue is creating work mountain in a less justifiable way.