Is this against GPDR?

zappaDPJ

Administrator
Joined
Aug 26, 2010
Messages
7,476
I'm not 100% on GPDR but is that a compliance issue?

The short answer is yes. In addition their policy is badly written.

It's important to remember that each country within the EU was tasked with creating its own interpretation of what was set down in Brussels. Also the only absolutes are those that have already been tested in a legal arena because there are clearly still many grey areas.

Looking at their policy...

'By general consensus among forum admins and advisers: Effective immediately, neither username changes nor account deletion requests will be considered. There is no streamlined method in place to expedite such a task, and to do so requires an unpleasant amount of work for the admins.'

Refusing to act because admins don't have the tools or the time is obviously a compliance issue. Publicly generated user names are considered Personally Identifiable Information (PII) and therefore must be removed/anonymized. Google considers privately (system) generated user names not to be PII but I'd imagine the jury is still out on that one. Any PII contained within an account i.e. profile and content etc must be removed.

'Your personal information can be removed from your profile, and your account permanently locked. If you would like to request this irrevocable action, please email the staff: forum@archlinux.org requesting this.'

This has more compliance issues. It is insufficient to remove PII from just an account profile. The one thing that is correct here is to state that it is a irrevocable action.
 

Dubbed Navigator

Adherent
Joined
Jul 22, 2014
Messages
365
This article is from 2008. Way, way before GDPR came into force.
They also have a privacy policy linked in the same post, with a seperate policy for GDPR which looks to be compliant.

At a guess I'd say they just forgot about this post. I've not used flux bb but I would have thought a process for compliance would be built into it to take the hassle away.
 

zappaDPJ

Administrator
Joined
Aug 26, 2010
Messages
7,476
This article is from 2008. Way, way before GDPR came into force.

I noticed that as well but the page was last edited 9th March 2019, which appears to be the day before they created their Privacy Policy if the dates are to be believed. The Privacy Policy does indeed seem far more compliant though.
 
Top