Fast Lane!

Thanks. I think there are changes to the current GDPR tools you have that will go a long way.

Add features to support compliance. If you read what's required there are several items that are fairly technical in nature and can only be done at the core suite level. Many are the same as what they added for GDPR. Some are new. IPB made a huge deal about adding tools to support GDPR so I expect they will repeat this for CCPA. It's in their own interest as lack of support would likely scare both new and existing clients away from even running a forum.

It's not how many registered users you have. It's how many users including gusts visit your site in a whole year. If one person visits from their phone, work computer and laptop then that counts as 3 (since it's devices or users). Ultimately we needs solution from IPB of some sort or it will be a major turn off for people running the IPB suite. Given the complexity of being compliant and that it basically effects everyone, I'm sure they will do something -- I hope. Eager to see their response to this thread.

Yes over a year ago. It was approved by the legislator and signed into law by the governor. It goes into effect Jan 1. All the talk of changes are just about amendments.

Kinda doesn't matter. If you have a CA user (even if they are traveling in FL) you fall under CCPA. It's crazy but that's how it's written.

What data does the CCPA cover? The California law takes a broader approach to what constitutes sensitive data than the GDPR. For example, olfactory information is covered, as well as browsing history and records of a visitor's interactions with a website or application. Here’s what AB 375 considers “personal information”: Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier IP address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers Characteristics of protected classifications under California or federal law Commercial information including records of personal property, products or services purchased, obtained or considered, or other purchasing or consuming histories or tendencies Biometric information Internet or other electronic network activity information including, but not limited to, browsing history, search history and information regarding a consumer’s interaction with a website, application or advertisement Geolocation data Audio, electronic, visual, thermal, olfactory or similar information Professional or employment-related information Education information, defined as information that is not publicly available personally identifiable information (PII) as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99) Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities and aptitudes What happens if my company is not in compliance with the CCPA? Companies have 30 days to comply with the law once regulators notify them of a violation. If the issue isn't resolved, there's a fine of up to $7,500 per record. "If you think about how many records are affected in a breach, it really increases very quickly," says Debra Farber, senior director for privacy strategy at BigID. Since the bill was put together and passed in just a week, it will probably see some amendments, she adds. "Things like the fine amounts are likely to change." There's also another potential financial risk, Farber says. "The bill provides for an individual's right to sue, for the first time " she says. "And it allows class action lawsuits for damages." Again, there's a 30-day window that starts when the consumers give written notice to a company that they believe their privacy rights have been violated. "If it's not cured, and the attorney general declines to prosecute, then they can bring a class action suit," Farber says. "And it's not just around breaches." So if an IPB board makes $20 bucks a year and resides in CA, and has 15 CA members, and fails to comply with CCPA then the fine is $7500 x 15 = $112,500.

As an aside. IPB itself surely falls under CCPA under clause 2. If you go to Analytics and check user location by country and then by state, I bet you had more than 50k users in the last year. Again, not registered members or paying customers. Just user's. Guests included. That means you now fall under CCPA and any CA user's has rights under CCPA they can impose on you.

Check Google analytics. I'll bet that many people had a least 50k user's last year. That's easy to do. Doesn't have to be registered members (collecting IP address alone on your server, or data via Google Analytics is enough to qualify). Also, since advertising ads from AdSense or frankly ad any provider includes collecting data and sharing it with a 3rd party, then if you received more than 50% of your revenue from advertising (and are based in CA) then you also fall under CCPA. I would bet the lion share of forum owners have more than 50% of their revenue from advertising. If you made $100 last year and $50.01 was from ads then you qualify. Any revenue over a penny counts. It's super easy to fall under CCPA. Even for small sites.

More information on compliance. Wowsers. Seems like many if not the majority of sites will fall under CCPA. https://www.dickinson-wright.com/news-alerts/californias-data-privacy-law

How are things looking for compliance on IPB? This is pretty huge... and takes effect on Jan 1, 2020 (3 months). Right up there or worse than GDPR. Under CCPA individuals can sue companies for CCPA violations. So far more unbounded costs. https://www.cnbc.com/2019/10/05/california-consumer-privacy-act-ccpa-could-cost-companies-55-billion.html

Google Analytics. 🙂

The community logo is scaled down for mobile but retains the original file size. This perhaps makes the file 3-4x larger than it needs to be which on mobile is a big deal. Suggest when we upload the image that a second mobile scaled version is created. Perhaps even just an option to upload both.

Wow. lol. I opened this topic expecting something else. Worth a chuckle and to see that the IPB staff also has a sense of humor :-p.

They will convert you. You can even get up to a year credit. But no, you can't get it all for free anymore. At least not all the things you would want (basic add ons). I had 3 lifetime licenses.

Agreed. We make the BULK of revenue off of ads on the forums. Without a net positive on monitization I would NEVER adopt this. We also have many features outside of the forums. Since this is not PWA the experience between an app and non app parts of the site will be bad. I'll pass and wait for PWA support. To note, I DO appreciate the effort for mobile. I just think this won't work for our community. Also to note, I'm not sure Google allows a single app (common app) to host Soo many different AdSense account ads. Is it not one account per app? It's also unclear if you would support header bidding (big deal for larger sites).