Jump to content

All IPB forums breaching EU law


Dll

Recommended Posts

"What this effectively means is that every single IPB site who have visitors from the EU are now in breach of the new cookie directive"

Not true....the EU law applies to EU based websites. The majority of my members are from EU countries and my site is hosted in the U.S.
I am not required to do anything.

Link to comment
Share on other sites

  • Replies 143
  • Created
  • Last Reply

That's not actually true, the directive applies to any website being used by EU citizens. Clearly though if your business is outside of the EU and has no legal entity in the EU then then it's going to be hard to enforce it, but if you're based in Europe and your users are coming from the EU then it doesn't matter where your servers are hosted.

http://eucookiedirec...ing-outside-eu/

Link to comment
Share on other sites


That's not actually true, the directive applies to any website being used by EU citizens. Clearly though if your business is outside of the EU and has no legal entity in the EU then then it's going to be hard to enforce it, but if you're based in Europe and your users are coming from the EU then it doesn't matter where your servers are hosted.



http://eucookiedirec...ing-outside-eu/


That entire website sounds very informally written for what is supposed to be legal advice...
Link to comment
Share on other sites


I'm not sure what you're looking for... it seems to me they've already implemented most of what Matt stated unofficially back in April.



Login has an opt-in box for cookies, and a link to the privacy policy...


[img]

[/img]



That link is also reproduced in the site footer...


[img]

[/img]



and the policy contains a note on cookie usage.


[img]

[/img]



What's missing that has you so upset?




Where can you enable the privacy policy to be shown on the registration page?
Link to comment
Share on other sites

If you want something more formal, this from the ICO guidelines:

An organisation based in the UK is likely to be subject to the requirements of the Regulations even if their website is technically hosted overseas. Organisations based outside of Europe with websites designed for the European market, or providing products or services to customers in Europe, should consider that their users in the UK and Europe will clearly expect information and choices about cookies to be provided.



http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_guide/cookies.aspx
Link to comment
Share on other sites

More and more people seem to see IPB as a turnkey solution.
It has to be nice looking, seo friendly, drive money and comply to all laws, out of the box.

There is no such thing as a turnkey solution that drives money, people, and gives you no legal hassle.

In my country for example, it's illegal to put a forum online as is.
You're supposed, BEFORE having your first member; to make a declaration to a privacy commission here telling them you're gonna keep record of people's IP adresses and email (you read right), it's an 8 page paperwork that costs 20 EUR.

I don't expect IPB to do this for me...

Link to comment
Share on other sites

Speaking about laws, one thing that's becoming a serious issue over here is people requesting their account to be removed : I mean, account+PM+messages.

This is something you cannot refuse ( anyone telling the contrary needs to see a lawyer ) and worse than that, you're required by law to keep records. Stuff has to be both "erased" and retained... (Like FB does by the way)

IOW, we're supposed (I'm not sure any forum software follows these rules as of today)
- to comply when a user asks to delete profile+public messages (even QUOTEs !)
- to AT LEAST keep for a YEAR the connection logs of that user (no forum I know of even HAS connection logs..)
- ideally, PMs and messages shoudl have an IP + timestamp attached, that you have to retain for a year (most forum do not attach an IP to PMs, I havent checked with IPB yet)
- and all of this has to be erased (not visible) but still in the database (in case a legal issue arises with something that you erased - legal complaints can take months to arrive on your desk)

Dunno if anyone else cares about this, but again in the EU, this is all either mandatory or recommended.

Link to comment
Share on other sites



/ add this and your problem is solved.





I officially hate you for that! LOL


But seriously, so you're telling me that I have to comply with a law that isn't even within my own country? So should I start blocking EU IP's, or is there some law about that too that I don't know about. Honestly if I wasn't with IPB I would have NEVER known about this. So why is this a huge issue? If you want to protect yourself against it, add it to your site. It's not up to the guys/gals here to do it for you. Honestly I feel like the entitlement society is becoming bigger and bigger every day. Do we even hold ourselves accountable for our actions anymore, or blame others on our actions and expect others to do everything for us? If you as a business owner don't take the appropriate means to protect yourself that's on your own plate. Not someone else's plate.

It's just like if you go to start up a restaurant business, you need a bunch of equipment, food, etc, etc. . People will sell you everything you need to start that business but they aren't going to make sure that you have a food handlers license, and all the other things you need to handle food. They are going to give it to you assuming you have everything you need because you are contacting them. And if you don't have the appropriate licenses than it's your fault not the people who provided you with all of the I feel it's the same thing going on here. They are providing you with something (the software) and now it's up to you to make sure your website is following your countries laws.

If we expect the guys/gals here to make sure the software has everything it needs to make it compatible with every countries laws, we should expect in increase in price for everything here because I'm certain they'd have to hire someone to stay up on the laws from EVERY country to make sure their software was up to par. Unless you would like to go do that research for them. But even then I'd see people saying "oh well you have to release different software for each country, because I don't want that on my board, etc, etc. . "

Where is the line going to be drawn for things like this? I could go on for days about things like this. . the most recent is someone trying to sue the girlfriend of the guy who hit the plaintiff, since she texted him which caused him to hit the plaintiff. So really. . where is the line going to be drawn?


We should be thankful for what they did for us in 3.3.2 via the screenshot from ryan. That's more than enough, if you need something else you can put whatever fits your needs on your website.
Link to comment
Share on other sites

It's not the software's responsibility to create disclaimers that may or may not be relevant to a site. With or wothout a law it's good practice to have a disclaimer on your site that tells visitors how and what is collected and to let them know anything else relevant to their privacy. That's a case by case, country by country issue.

Link to comment
Share on other sites


It's not the software's responsibility to create disclaimers that may or may not be relevant to a site. With or wothout a law it's good practice to have a disclaimer on your site that tells visitors how and what is collected and to let them know anything else relevant to their privacy. That's a case by case, country by country issue.


to add to the above... The ICO has also updated its policy to allow organisations to use "implied consent" to comply. This means users do not have to make an explicit choice. Instead, their continued use of a site would be taken to mean they are happy for information to be gathered.
Link to comment
Share on other sites


Speaking about laws, one thing that's becoming a serious issue over here is people requesting their account to be removed : I mean, account+PM+messages.



This is something you cannot refuse ( anyone telling the contrary needs to see a lawyer ) and worse than that, you're required by law to keep records. Stuff has to be both "erased" and retained... (Like FB does by the way)



IOW, we're supposed (I'm not sure any forum software follows these rules as of today)


- to comply when a user asks to delete profile+public messages (even QUOTEs !)


- to AT LEAST keep for a YEAR the connection logs of that user (no forum I know of even HAS connection logs..)


- ideally, PMs and messages shoudl have an IP + timestamp attached, that you have to retain for a year (most forum do not attach an IP to PMs, I havent checked with IPB yet)


- and all of this has to be erased (not visible) but still in the database (in case a legal issue arises with something that you erased - legal complaints can take months to arrive on your desk)



Dunno if anyone else cares about this, but again in the EU, this is all either mandatory or recommended.




It sounds to me like your country has a serious lack of freedom.

This will always result when people get greedy and want, and allow, the government to give them all their needs and wants. Another way to look at it is responsibility. If you want the government to regulate everything so you are safe without worry you give the government too much power. We should only want minimal protection from our government: like safety from crime ( police ) and dangerous drugs or foods.

A government that can give what you need and want can also give you what you don't need and want. People need to take more responsibility for their own safety instead of looking to the goverment.
Link to comment
Share on other sites




A government that can give what you need and want can also give you what you don't need and want.





You sound like Thomas Jefferson :)

But seriously though, your entire post is exactly true. And I believe it all stems from the sense of entitlement that people feel they deserve. It's getting worse and worse and the days, weeks, months and years go on. Why do we need others like those providing us IP.Board to make sure we comply with our own government rules/regulations?
Link to comment
Share on other sites

Wow, that guy needs to do something for himself instead of wanting IPS to do it for him (as if they dont have enough to do as it is). Its not no ones responsibiliy but your own to make sure your own site meets everything it needs to. They have done their part, now do yours.

Link to comment
Share on other sites

Tell truth guys i not going bother with any laws to i told to sort it out very simple way because one day someone in office feels that need use his/her pen make new rule because he/she very bored and has nothing better to do, or feels that need waste more tax payers money of must the EU rules just waste of time and money and personaly all them need get real job and start sorting out the real issues, like new jobs, sort out the health system, stop wasting money on crap art store in office and spend it on improvements to roads, schools and better items.

But back on topic if you feel that need apply to any rule within your local area that down to you the site owner not the company supplys the software because you have full control on the forum from admin area to skin changes every area has different rule for different place no company in the world has time see if applys or not the company must "make sure sticks to main laws" eg cookie settings can be controled or not but i very sure that facebook,google, yahoo will all be break this rule but do they care no idea.

*This my view and will never change my view on this matter*

Link to comment
Share on other sites


For all our IPB sites that must comply with the EU cookie law all we had to do was provide a list of all the possible cookies that could be set to put on file. Everything else was in compliance.




I was under the understanding they needed to be opt-in, so you have to ask the user for permission to place the cookies on the PC?
Link to comment
Share on other sites


Where can you enable the privacy policy to be shown on the registration page?




That is not enough because cookies are still placed by guests browsing the forums, so we still need to find a way to display a message for guests.
Link to comment
Share on other sites


That is not enough because cookies are still placed by guests browsing the forums, so we still need to find a way to display a message for guests.



Enough.... frankly put, the way this whole "law" is set up is that you have to ask permission of the user to store cookies before they even enter the site... wanna tell me how you are gonna pull that?
By such rationale, one would have to display said message on a Google search to be effective.... by VIEWING the webpage a cookie is set, and this is true of any web system.... how exactly, could one even store the fact they said no? by setting a cookie... oh wait... cannot do that... q.q madness.
Since the beginning of cookies, navigating to the webpage that stores them has been a direct consent to store them by no more than the fact you navigated to said webpage... this whole thing is madness of a high caliber... not to mention un-enforcable by any party involved, the end-user(well, I suppose they could just not use the web... EVER), the website, or the EU.
Link to comment
Share on other sites


Enough.... frankly put, the way this whole "law" is set up is that you have to ask permission of the user to store cookies before they even enter the site...




If I am reading the law correctly, then yes, that is what you have to do. So for example, on my Drupal site there is a module that prevents the Google Analytic cookies being placed until the user clicks the agree button.

Regardless of you or me thinking if this is madness or not, for those of here in the UK we have to be at least seen to be trying to find a solution.
Link to comment
Share on other sites


That is not enough because cookies are still placed by guests browsing the forums, so we still need to find a way to display a message for guests.




Tell the EU users to set their browsers preference to accept cookies to "Ask for each site" then it's a mute point... the EU clearly has their head in the sand here without thinking this one through.
Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...