Jump to content

What about that new Data Privacy Regulation?


heldercervantes
 Share

Recommended Posts

Hey community!

Anybody worried about the new regulation? From May 25th on, we better start complying, otherwise there's an "up to 4% of the year's turnover or 20 Million euro fine, whichever greatest" hanging over our heads.

Most my projects don't store any data and the forms only submit to email. I can't find any information regarding this scenario, but I'm guessing we'll need to add disclaimers in a privacy policy that clearly answers these questions: https://goo.gl/iczesa, and a checkbox for accepting the terms.

I'm curious though about how something like privacy by design could be implemented in PW.

Looks like it's time to send proposals to all our previous clients :)

 

  • Like 3
Link to comment
Share on other sites

28 minutes ago, heldercervantes said:

Most my projects don't store any data and the forms only submit to email.

I doubt it makes any difference if data is stored in an email inbox or on some webserver's database. The regulations apply to any data you store or process (storing and processing are clearly separated roles) if that's digital or analog or on post-its.

To the contrary I'd even prefer the database in cases of form submits, because an email is easily forwarded to different people in a company and complying to a "request to be forgotten" can result in hunting down all the inboxes where submitted personal data are stored, while deleting a record in a db can be a lot easier.

  • Like 2
Link to comment
Share on other sites

30 minutes ago, LostKobrakai said:

I doubt it makes any difference if data is stored in an email inbox or on some webserver's database

It seems it does and doesn't :)

Basically any and all personal information, including something as simple as someone's name and email is a potential liability. So imagine you have a contact form, and just to be safe that form doesn't generate an email with all the info, but only a notification. You then log in to PW, see someone asking for an estimate, and how do you contact that person? Send an email and set a reminder to delete the Word document with the proposal and the email from the sent folder in case that person rejects the proposal or doesn't answer in 2 weeks?

I'm seeing articles saying that internal emails are now a dangerous thing. Companies have to set up policies for managing information that safeguards it from a hacked email account, a stolen laptop or even a lost notebook. Imagine that, someone giving you their info over the phone, you write it down, the note gets lost and you're in court.

Of course this is all hype aimed at getting Snapchat in the corporate world :P 

 

  • Like 1
Link to comment
Share on other sites

I have temporary hidden some posts, as I'm not clear if they are following our guidelines. 

EDIT: The above mentioned posts will stay hidden, as they are not in conjunction with our guidelines.

 

Edited by horst
Link to comment
Share on other sites

If the GDPR requires websites and other data processing companies to allow me to withdraw my consent at any time, does that mean that I can signup to a website based in the European Union and get them to remove my personally identifiable information from their database, such as my ip address, so I can use their website anonymously?

Link to comment
Share on other sites

6 hours ago, desbest said:

does that mean that I can signup to a website based in the European Union and get them to remove my personally identifiable information from their database

It's aimed at protecting EU citizens' privacy and therefore I don't know if you'd be able to take a dispute to court. Yesterday I read somewhere that was the worry that storing info on the cloud could mean that it's not in a server within the EU jurisdiction. I bet this will mean companies like google and facebook are forced to have european users' data in a european datacenter and comply to these rules.

  • Like 2
Link to comment
Share on other sites

Whether I like it or not, I have to deal with this nonsense.

Small sites have been fined in my country already for not having clear refund policies par example.

What I do is have a contract with a third party who keeps all legal stuff for websites that are working in the EU up to date to EU laws.

They tell me what kind of legal pages, privacy statements etc. etc. to have in place.

They are also now working on checking what to do with the new privacy regulation.

Once they have that ready, I'll just add or adjust what I currently have on my site.

Of course this is not for free, but 80 euros or something around that order, is not too bad for some peace of mind.

This is what I work with: https://www.webwinkelkeur.nl/ it is a Dutch site.

  • Like 1
Link to comment
Share on other sites

On 2/13/2018 at 7:26 PM, LostKobrakai said:

because an email is easily forwarded to different people in a company and complying to a "request to be forgotten" can result in hunting down all the inboxes where submitted personal data are stored, while deleting a record in a db can be a lot easier.

And that is why companies will not be able to fully comply even if they wanted to. Most people cannot even find an old email, they do not properly know how Outlook works, and on top of that they use Windows, the most hackable widely used OS on the planet. So now what? :)

While the intention of GDPR is OK, it has been written by lawyers who live in their dream world not knowing anything about IT. Do they care if they ask the impossible? Of course they don't. :(

Anyway, we need to do our best, so I propose to start writing a module that helps generating the legal stuff (privacy policy, etc...) that must be outputted somewhere so we do not have to reinvent the wheel. For other systems people are already writing plugins that test the CMS and look for possible issues, eg:

https://www.opencart.com/index.php?route=marketplace/extension/info&extension_id=32993&sort=date_added

https://wordpress.org/plugins/tags/gdpr/

I guess none of us wants to spend a lot of time on it, so why don't we help each other?

Edited by szabesz
typo
  • Like 3
Link to comment
Share on other sites

3 hours ago, szabesz said:

so why don't we help each other

That's the whole point of this thread :)

I don't think there necessarily needs to be a plugin for outputting legal stuff. Considering the basic contact form, there should be a privacy policy page somewhere that describes what happens to the data, and we have some guidance for writing that up here: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/principles-gdpr/what-information-must-be-given-individuals-whose-data-collected_en. But that's our clients' responsibility, not ours.

Of course, this will vary greatly from site to site. It's not the same as the cookie consent message. The company has to describe exactly what they will to do with the information and how long they'll keep it.

We should also add the "I accept the terms of this site's privacy policy" checkbox on any forms that ask for private data, and the words "privacy policy" linking to the page where it's all described.

There shouldn't be a problem stating that the form submits the data to our email for appropriate response, that no data is stored permanently on our servers, and should you require the right to be forgotten, please submit your request to the email xxx. This and all the rest that's stated in the link above.

But so far this isn't more than a disclaimer and examples will start popping up everywhere on the web in no time.

What worries me more is when the data stays in our PW. If the server is hacked and info is leaked, there can be an investigation that will evaluate how careful we were with the way we've built the site. They mention database encryption, security by design, and keeping the data for the least possible time. For me this is where one or two new modules may come in handy. Not keeping the CMS updated can theoretically burn someone.

Example: We have a jobs form that stores a user's CV. In a year that CV will be outdated and would serve no use. A module that automatically manages that content's (page) date of expiration and deletion could be useful.

Another example: A site that has a private area that a user can register to gain access to. After X months without logging in, the data is deleted. Maybe even notify the person that it will happen unless they log in before day X. Doesn't sound too complex to do.

Now, security by design... I'm clueless. I saw a mention of stuff like scattering personal data in more than one DB and only by comparing a blind ID you can tie the info together. I can see the coolness, but can't see it as something viable for smallish sites.

  • Like 4
Link to comment
Share on other sites

5 hours ago, heldercervantes said:

What worries me more is

Unfortunately, as we dive into GDPR, there will be a lot more that will worry us! For example:

5 hours ago, heldercervantes said:

But that's our clients' responsibility, not ours.

It can even be our responsibility: 

"As a business owner you are a data controller. Your web developer, hoster and saas marketing tools ( mailchimp, salesforce etc. ) are data processors. The data controller is ultimately responsible for the protection of personal data they store. However if it is found that your data processor has been negligent then they are also responsible."

Since server logs cannot get any extra protections pretty soon, are we going to be negligent out of the box? Hosters must also comply. Without them a site cannot comply. If the site does not comply because of us/hoster, are we negligent? What does being negligent mean, anyway? This is the sort of ambiguous stuff which is frequent in any text written by lawyers and such.

5 hours ago, heldercervantes said:

We should also add the "I accept the terms of this site's privacy policy" checkbox on any forms that ask for private data

What about an order form with AJAX updating data? When should we get the consent during the not linear data post process? With recent trend of data fragments being sent constantly, is it technically possible to ask the user in advance in any case?

I would not ask the user on each form as it is a UX killer and silly. I am thinking about placing an impossible to miss "GDPR banner" on the site, where all stuff is explained and probably the first form submission is only possible by going to that page (+ also a link to that page from the form...). If users know where they are informed, and they also click that one and only checkbox on purpose then this part of GDRP should be covered.

And this is the sort of module that could also be written. I'm thinking of producing required legal text fragments which can be turned on/off depending on the site's needs. That text should be editable of course. Such a plugin could be just a starting point, which help us not to forget things.

Edited by szabesz
typos
  • Like 1
Link to comment
Share on other sites

http://www.osborneclarke.com/insights/regulatory-outlook-data-protection-and-privacy-january-2018/

Fact 1: GDPR will take effect across the EU from 25 May 2018.
Fact 2: as of 19 January 2018: We can expect the Article 29 Working Party to publish its final version of these guidelines over the next few months.

So we need to comply to the impossible in time, but only within a small timeframe. Will they publish the "final" versions in time, I wonder?

And some more time killers "if you do not have" anything to develop today :(  :

Link to comment
Share on other sites

6 hours ago, szabesz said:

Your web developer, hoster and saas marketing tools ( mailchimp, salesforce etc. ) are data processors. The data controller is ultimately responsible for the protection of personal data they store.

Yes, but... As a web developer that's hired to build a website and hand over the key, we can only answer for the job we did then. Unless we're hired to keep an eye on the site and keep it secure over time. This will eventually create new business opportunities for us and others. Already I'm reconsidering projects I'm working on and negotiating. I'm also looking at my previous projects to see which will need what, and of course those will need updating.

Security companies will start selling this service, and probably hiring guns in the black market to poke people's websites and spread fear. I'm guessing even lawyers can start selling advice on what a site needs to ensure.

 

6 hours ago, szabesz said:

What about an order form with AJAX updating data?

At some point they need to register, and at that point your visitor will have to check that acceptance box. Once that's done they're considered informed and you shouldn't need to ask for acceptance again

In an extreme scenario, that could even be the first step of the form. "You're about to enter a form that requires personal data. Before proceeding please read our privacy policy."

I don't think it necessarily needs to be a checkbox, as long as it's absolutely clear. You just have to make sure your visitor is warned and is presented an opportunity to read the terms before any of their data is submitted.

 

Link to comment
Share on other sites

15 hours ago, szabesz said:

And that is why companies will not be able to fully comply even if they wanted to. Most people cannot even find an old email, they do not properly know how Outlook works, and on top of that they use Windows, the most hackable widely used OS on the planet. So now what? :)

While the intention of GDPR is OK, it has been written by lawyers who live in their dream world not knowing anything about IT. Do they care if they ask the impossible? Of course they don't. :(

These are surely issues, but it's the issue of the company not the enduser, whos data is stored. Me as a private person is actually glad that companies need to clean up their management of data, as it's really more about handling data carefully than being denied handling it. I'm sure it won't be perfect (looking at those email inboxes), but companies might move to an more appropriate tool for the job (e.g. a customer helpdesk), where data is globally stored for the company. Nobodys email inbox will receive any personal information handled in the helpdesk and it's easier to know where a persons data is stored, to comply to "forget requests" and such things.

For me I also feel like the gdpr is far more important in the space of "managing data handling" and "knowing where data is stored/processes" then the addition of "getting consent". I mean people are already having to give consent for almost everything – maybe a bit more in the EU then in the US – just that now those "terms and conditions" need to be readable to normal human beings instead of just lawyers.

 

Link to comment
Share on other sites

2 minutes ago, heldercervantes said:

This will eventually create new business opportunities for us and others.

Sure but since it is impossible to fully comply we will be held liable. I do not think it is a clear and bright situation at all.

4 minutes ago, heldercervantes said:

Security companies will start selling this service

Lot's of micro and small business cannot afford to fully(?) comply even if they do not sell nor abuse personal data and never experienced security breaches.

As I stated before I'm not saying that there is something wrong with the intent of GDPR and ePrivacy. The "only" issue with them that it is impossible to fully comply, and only biggest companies have the resources to defend against legal attacks because of this situation coming soon.

6 minutes ago, LostKobrakai said:

Me as a private person

You have your own website and/or blog too, right? Isn't that an online thingy?

Link to comment
Share on other sites

3 minutes ago, szabesz said:

You have your own website and/or blog too, right? Isn't that an online thingy?

I even co-own a company, so that's certainly on my plate as well. Also GDPR is not limited to data stored online. If you take a survey on paper you're not allowed to store it forever either.

5 minutes ago, szabesz said:

Lot's of micro and small business cannot afford to fully(?) comply even if they do not sell nor abuse personal data and never experienced security breaches.

If your latter points are the case and they have the consent of the user to use personal data in the way they do, then they should be compliant (I'm not a lawyer). If data is used in a reasonable and consented way and is secured in a reasonable way why wouldn't that be compliant? For small businesses it's also way easier to keep an overview about where and how data is stored, which 3rd party providers are used and so on. It's also easier to call attention to those changes in law on a smaller set of employees than one operational in multiple countries. Sure it's not getting easier, but I don't feel it's a task not doable. I mean lots of those rules are already in place here in Germany and it seems to kinda work out. It's not like you mistreated one piece of personal data and you'll right away be fined to the maximum penalty. Without a data-breach it's even questionable who'll control those small companies for complience. 

Link to comment
Share on other sites

I do hope things will clear up a bit in the coming months but do believe there will be a lot of pitfalls and businesses are not prepared at all, as lots of them not yet even heard of all this. If small or micro sized companies go out of business because of the fines they need to pay then we as developers will have less-and-less business opportunities and not more...

Link to comment
Share on other sites

By the way, has anyone seen a website that already takes steps to comply with this?

I'm seeing a page for a webinar on the subject with a registration form and no consent warning or even privacy policy link anywhere.

I'm clicking google ads for companies selling consulting services that don't seem to have anything in place either.

  • Like 1
  • Haha 1
Link to comment
Share on other sites

2 hours ago, LostKobrakai said:

Lot's of micro and small business cannot afford to fully(?) comply

It doesn't necessarily have to be an expensive thing. Most small business' websites don't require personal information from their users. Right now I'm looking at a list of 20 sites I've built last year and only 3 or 4 store user's emails. No biggie there.

Look at these guys' contact page and the privacy policy they have. It's a great reference for most cases.

Now if you do store data, you'll have to be careful. I don't want to have something in the privacy policy like they have:

"This data is currently stored in an identifiable fashion; a limitation of the content management system that this website is build on (WordPress). Pseudonymisation, meaning  that the personal data can no longer be attributed to a specific user without the use of additional, separately stored information (key), is a requirement of the GDPR which many web application developers are currently working to fully implement. We are committed to implement it on our website as soon as we are able to."

 

Link to comment
Share on other sites

https://make.wordpress.org/core/2018/02/16/gdpr-compliance-chat-recap-february-14th/

"Data stored on backups have to be deleted too."

Any idea how to do that? There are various backup solutions provided by hosting companies but account owners often cannot even delete the backup(s) just revert to them and/or retrieve files.

Also If I create an sql dump as a backup, I can only delete the whole file if I want to get rid of just one person's personal data... We need to delete our precious backups just to make sure one person's data will not get reverted by any chance? Am I the only one to think that this is overkill?

  • Like 1
Link to comment
Share on other sites

16 hours ago, szabesz said:

Also If I create an sql dump as a backup, I can only delete the whole file if I want to get rid of just one person's personal data...

That's not true at all. A sql dump is just text (or a compressed version of that). Open it, remove the problematic lines and save it. You could also import it into a locally running database instance, make your edits and export it again. 

16 hours ago, szabesz said:

Any idea how to do that? There are various backup solutions provided by hosting companies but account owners often cannot even delete the backup(s) just revert to them and/or retrieve files.

If you cannot make the necessary edits on your own you have to rely on the provider to do that for you. If the provider cannot / will not do edits to backups search for one that can do that.

The only backups I can see being potentially problematic would be the ones, which save only diffs to the last backup and not a full copy. But I doubt there being no way to built tools around those systems to be able to edit parts of a backup without breaking the integrity of all following backups.

16 hours ago, szabesz said:

Am I the only one to think that this is overkill?

It's certainly not. Take the AshleyMadison leak for example. How would you feel if you made a request to such a website to have your account being fully erased just to show up in a leak some time later as a result of a database backup? It's not even about the backup being used for a rollback, it could also be the backup which gets leaked.

Link to comment
Share on other sites

Well I just finished writing up the privacy policy for my site. That was a hand full.

Yeah, information backups will have to be considered carefully. Or just don't do backups like most people :D

Now, about personal data anonymization and pseudonymization. What can we do in a PW installation to comply? Can something be made to automatically encrypt PW users data or pseudonymize it?

This particular part of the requirements is what's driving me crazy. 

Link to comment
Share on other sites

The problematic data is only "personal sensitive data", not every data that is in the DB. So what about encrypting the personal sensitive data. This should be doable with less effort. At least, when sensitive personal data is / should be out of scope of search results. 

This said, it should be less possible to reveal sensitive data from mysql-backups that are not under own control. 

Link to comment
Share on other sites

34 minutes ago, heldercervantes said:

Well I just finished writing up the privacy policy for my site. That was a hand full.

Yeah, information backups will have to be considered carefully. Or just don't do backups like most people :D

Now, about personal data anonymization and pseudonymization. What can we do in a PW installation to comply? Can something be made to automatically encrypt PW users data or pseudonymize it?

This particular part of the requirements is what's driving me crazy. 

There is currently a discussion with code examples from @BitPoet going on here in the forums withexact that point. Have a look into the security thread. I'm on mobile and not comfortable enough to find and paste the link. But it is only 1-3 days ago. 

 

 

Edited by cstevensjr
Added mentioned link
  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...