Is this against GPDR?

[Nabix]

I was taking a glance at some forum software like flux, came across Arch Linux forums which are ran on FluxBB. Came across this:

Forum Policy: No username changes nor account deletions / Forum & Wiki discussion / Arch Linux Forums

bbs.archlinux.org

I'm not 100% on GPDR but is that a compliance issue?

 

[zappaDPJ]

I'm not 100% on GPDR but is that a compliance issue?

The short answer is yes. In addition their policy is badly written.

It's important to remember that each country within the EU was tasked with creating its own interpretation of what was set down in Brussels. Also the only absolutes are those that have already been tested in a legal arena because there are clearly still many grey areas.

Looking at their policy...

'By general consensus among forum admins and advisers: Effective immediately, neither username changes nor account deletion requests will be considered. There is no streamlined method in place to expedite such a task, and to do so requires an unpleasant amount of work for the admins.'

Refusing to act because admins don't have the tools or the time is obviously a compliance issue. Publicly generated user names are considered Personally Identifiable Information (PII) and therefore must be removed/anonymized. Google considers privately (system) generated user names not to be PII but I'd imagine the jury is still out on that one. Any PII contained within an account i.e. profile and content etc must be removed.

'Your personal information can be removed from your profile, and your account permanently locked. If you would like to request this irrevocable action, please email the staff: forum@archlinux.org requesting this.'

This has more compliance issues. It is insufficient to remove PII from just an account profile. The one thing that is correct here is to state that it is a irrevocable action.

 

[Dubbed Navigator]

This article is from 2008. Way, way before GDPR came into force.
They also have a privacy policy linked in the same post, with a seperate policy for GDPR which looks to be compliant.

At a guess I'd say they just forgot about this post. I've not used flux bb but I would have thought a process for compliance would be built into it to take the hassle away.

 

[zappaDPJ]

This article is from 2008. Way, way before GDPR came into force.

I noticed that as well but the page was last edited 9th March 2019, which appears to be the day before they created their Privacy Policy if the dates are to be believed. The Privacy Policy does indeed seem far more compliant though.

 

[Dubbed Navigator]

Compliant but certainly conflicting and confusing.

 

[zappaDPJ]

Very much so.