ATTN: Xeno - General Data Protection Regulation and EE

Helvi · 2018-05-24 22:05:57

Please tell us more about it.
Like cookies related to this forum, the game site. Just to give an example.

"By using this site, you accept cookies" messages are also not sufficient.
If there is no genuine and free choice, then there is no valid consent. Make it possible to both accept or reject cookies.

H

Xfrogman43 · 2018-05-25 02:44:42

xenon doesnt own the forum

Yonanoke, PTU, Minimania, Jedpogi

Different55 · 2018-05-25 05:37:54

I can answer any questions about the forums.

The forums collect your IP every time you visit or interact with the site in any way and store it in the form of access logs that gradually rotate out roughly every 2 weeks.
The forums collect your IP every time you register an account or make a post and store it in the database.
The forums use cookies to tie in your browser to your user account while you're visiting the forums.
The forums use cookies to track which topics you've read and haven't read so they can display colorful dots of appropriate brightness.

That's all I got off the top of my head, anything more specific than that needs a specific question.

Xfrogman43, Helvi, Minimania

Enurp · 2018-05-25 05:54:57

Different55 wrote:

I can answer any questions about the forums.
The forums collect your IP every time you visit or interact with the site in any way and store it in the form of access logs that gradually rotate out roughly every 2 weeks.
The forums collect your IP every time you register an account or make a post and store it in the database.
The forums use cookies to tie in your browser to your user account while you're visiting the forums.
The forums use cookies to track which topics you've read and haven't read so they can display colorful dots of appropriate brightness.
That's all I got off the top of my head, anything more specific than that needs a specific question.

I have a question about the 3rd and 4th statement. Are they oatmeal or chocolate chip?

Vinyl Melody, Raphe9000, Hyperboy1, Yonanoke, mrjawapa, N1KF, Offensive Ray, Schlog, Slabdrill, SirJosh3917, Minimania, drstereos, PTU, Jedpogi

Different55 · 2018-05-25 16:08:47

which%20is%20better.png

Surprisingly, the forums prefer oatmeal.

TundrumMax, Yonanoke, mrjawapa, Kikikan, Vinyl Melody, Prodigy, N1KF, Offensive Ray, hummerz5, Schlog, Slabdrill, SirJosh3917, PTU, Minimania, drstereos, Jedpogi

Helvi · 2018-05-25 18:06:37

Different55 wrote:

The forums use cookies to tie in your browser to your user account while you're visiting the forums.

I do not want any cookies. What now? There was no promt asking for permission etc.

Different55 · 2018-05-25 18:10:53

Easy solution there is just don't sign in. If you like I can put a disclaimer on the login/registration forms about it, but it's impossible to have logins/accounts that persist across page loads without cookies. They're not the spawn of the NSA they're a shortcut. A hand stamp to get back in the club in 2 seconds instead of having to dig out your ID and wait while we check to see if your name's on the list. You can wash the ink off your hands at any time using your browser's own tools to clear cookies or I could build in a sink somewhere.

ByteArray, mrjawapa, SirJosh3917, coinage, Minimania

Zumza · 2018-05-27 10:56:29

EE and the forums has to comply with the GDPR and disclose what type of data they collect, for what reason, for what amount of time, and to inform with whom this data is shared(e.g. PlayerIO).
EE and the forums also have to provide "a portable copy of the data collected in a common format" if requested, and the right for users to have their data erased.

Helvi

Tomahawk · 2018-05-27 13:11:03

Hands up who cares.

mrjawapa

Xenonetix · 2018-05-27 13:21:27

Helvi wrote:

Please tell us more about it.

http://everybodyedits.com/cookies.html

PTU

Zumza · 2018-05-27 13:38:11

Xenonetix wrote:

Helvi wrote:
Please tell us more about it.
http://everybodyedits.com/cookies.html

EE doesn't only use cookies to work. EE's database stores personal data such as email, IP etc.. The GDPR also requires to disclose all your third parties. For instance you should also disclose how you and PlayerIO use this data.

Different55 · 2018-05-27 13:48:18

Zumza wrote:

EE and the forums has to comply with the GDPR and disclose what type of data they collect, for what reason, for what amount of time, and to inform with whom this data is shared(e.g. PlayerIO).

See above post, I'll see about sticking a privacy page together with this info on it.

Zumza wrote:

EE and the forums also have to provide "a portable copy of the data collected in a common format" if requested, and the right for users to have their data erased.

I don't know that handing out portable copies is possible for all information but I'll give it a shot. For the majority of the access logs, the IP is stored, but is completely detached from the user account. There's no way to reliably find out which IPs belong to which user there.

Zumza · 2018-05-27 14:01:01

The "portable copies" is a regulation for allowing users to port their data to another platform in case they want. I don't believe there's anyone who would request such a thing. But theoretically, if an European user requests that in a mail, you would have to comply.

I've noticed there's already a good privacy policy on http://everybodyedits.com/terms but it's quite broad. I believe the GDPR would require it to be a bit more specific.

SmittyW · 2018-05-27 17:22:30

Alternative solution: Block all EU users. This could also help the grammar issue

21Twelve, Slabdrill

Gosha · 2018-05-27 17:25:38

EE doesn't use or store user's private information. Except for the ip for obvious, not business related activities (ip-bans)

so i think GDPR doesn't apply for ee

Different55 · 2018-05-27 17:32:32

It says "some obligations" like a DPO are waived, what obligations aren't waived?

SirJosh3917 · 2018-05-27 17:45:11

Helvi wrote:

I do not want any cookies. What now? There was no promt asking for permission etc.

what kind of bull**** logic are you using right now honestly

you're basically trying to go into a bar without an id

why do you think cookies are the spawn of satan

LukeM · 2018-05-27 18:03:47

Gosha wrote:

https://i.imgur.com/VkhWLn5.png
EE doesn't use or store user's private information. Except for the ip for obvious, not business related activities (ip-bans)
so i think GDPR doesn't apply for ee

Don't things like email address and password count as private info? (And pretty sure IP counts too)

ninjasupeatsninja wrote:

Helvi wrote:
I do not want any cookies. What now? There was no promt asking for permission etc.
what kind of bull**** logic are you using right now honestly
you're basically trying to go into a bar without an id
why do you think cookies are the spawn of satan

Not sure if Helvi is doing this with good intentions or not, but EE does need to comply or they could be fined a large amount of money or whatever, it's better we bug the devs about it until it's done than randomly in the future someone taking legal action against EE.

Gosha · 2018-05-27 18:07:45

LukeM wrote:

Don't things like email address and password count as private info? (And pretty sure IP counts too)

We only store ip to use it in non-commercially beneficial way (only for ip bans)

Emails and Passwords are stored in playerio. We don't and can't deal with them

LukeM · 2018-05-27 18:16:07

Gosha wrote:

LukeM wrote:
Don't things like email address and password count as private info? (And pretty sure IP counts too)
We only store ip to use it in non-commercially beneficial way (only for ip bans)
Emails and Passwords are stored in playerio. We don't and can't deal with them

Well EE is a commercial game, and IP bans are a part of EE, so I would argue that that means they are being used commercially.

And for the emails and passwords, it's still your responsibility even if technically they are stored on PlayerIO's servers, the data is still collected and used by EE, the end user never even knows about PlayerIO...

Zumza · 2018-05-27 18:36:35

Gosha wrote:

https://i.imgur.com/VkhWLn5.png
EE doesn't use or store user's private information. Except for the ip for obvious, not business related activities (ip-bans)
so i think GDPR doesn't apply for ee

Of course it does: it stores emails and associated IP addresses, which is a very bad mix to privacy.

A Data Protection Officer(DPO) is a special employee which has to have a professional knowledge in data protection law and IT security. By the new legislation in force, every company which activity consists in personal data processing must appoint one. Like in the article you screenshot instead of link, it is given the example of educational platforms such as schools, whom must appoint a DPO because they process student personal information.

EE doesn't have to appoint a DPO because it's just a sandbox game. But EE isn't exempted of respecting the rights of European users: to be informed, to rectify, to erase, to port.

Gosha wrote:

Emails and Passwords are stored in playerio. We don't and can't deal with them

It doesn't matter. You have to include in your privacy terms that you're sharing this informations with PlayerIO, and PlayerIO is also obligated to disclose how they use this data.
You essentially have to include all the other third parties you use: you have to specify that the Twitter widget from everybodyedits.com may also store cookies, etc..

Gosha · 2018-05-27 19:41:02

(i am speaking as a community member, if i say something wrong don't blame ee staff, only my shortsightedness)

Xenonetix

peace · 2018-05-27 20:09:49

hwo do you guys chnage emials from users then?

Cyral · 2018-05-27 23:04:03

Gosha wrote:

https://i.imgur.com/VkhWLn5.png
EE doesn't use or store user's private information. Except for the ip for obvious, not business related activities (ip-bans)
so i think GDPR doesn't apply for ee

GDPR does apply to any personal information, which includes IP addresses, emails, etc. There are of course legitimate reasons to store this data longer than 30 days (e.g. for ip bans).

Gosha wrote:

LukeM wrote:
Don't things like email address and password count as private info? (And pretty sure IP counts too)
We only store ip to use it in non-commercially beneficial way (only for ip bans)
Emails and Passwords are stored in playerio. We don't and can't deal with them

Any data that is processed on your behalf is still your responsibility. Just because the data is stored on another server or processed by another provider doesn't mean it's not your data. (In fact, to comply with deletion requests and such, you need to remove the data from all third-parties that process data on your behalf as well). If your service providers are unable to comply with these requests, then they are not GDPR compliant themselves, making them unsuitable for you to use if you are going to be GDPR compliant. When you consider the requirements for the GDPR, you need to think about (and you should already know) where your data is, for example in web server logs, forum backups, your PayPal account (or whatever) for processing payments, etc.

LukeM, Zumza

Different55 · 2018-05-27 23:57:20

Oh right backups I almost forgot about those.

that's a whole other can of worms. As far as I'm aware I physically can't selectively delete stuff from the backups. I can scrub your stuff from the active database but the backups hang around for a lot longer.

Official Everybody Edits Forums

#1 2018-05-24 22:05:57

ATTN: Xeno - General Data Protection Regulation and EE

#2 2018-05-25 02:44:42

Re: ATTN: Xeno - General Data Protection Regulation and EE

#3 2018-05-25 05:37:54

Re: ATTN: Xeno - General Data Protection Regulation and EE

#4 2018-05-25 05:54:57

Re: ATTN: Xeno - General Data Protection Regulation and EE

#5 2018-05-25 16:08:47

Re: ATTN: Xeno - General Data Protection Regulation and EE

#6 2018-05-25 18:06:37

Re: ATTN: Xeno - General Data Protection Regulation and EE

#7 2018-05-25 18:10:53, last edited by Different55 (2018-05-25 18:20:24)

Re: ATTN: Xeno - General Data Protection Regulation and EE

#8 2018-05-27 10:56:29

Re: ATTN: Xeno - General Data Protection Regulation and EE

#9 2018-05-27 13:11:03

Re: ATTN: Xeno - General Data Protection Regulation and EE

#10 2018-05-27 13:21:27

Re: ATTN: Xeno - General Data Protection Regulation and EE

#11 2018-05-27 13:38:11, last edited by Zumza (2018-05-27 13:39:42)

Re: ATTN: Xeno - General Data Protection Regulation and EE

#12 2018-05-27 13:48:18

Re: ATTN: Xeno - General Data Protection Regulation and EE

#13 2018-05-27 14:01:01, last edited by Zumza (2018-05-27 14:03:31)

Re: ATTN: Xeno - General Data Protection Regulation and EE

#14 2018-05-27 17:22:30

Re: ATTN: Xeno - General Data Protection Regulation and EE

#15 2018-05-27 17:25:38

Re: ATTN: Xeno - General Data Protection Regulation and EE

#16 2018-05-27 17:32:32

Re: ATTN: Xeno - General Data Protection Regulation and EE

#17 2018-05-27 17:45:11

Re: ATTN: Xeno - General Data Protection Regulation and EE

#18 2018-05-27 18:03:47

Re: ATTN: Xeno - General Data Protection Regulation and EE

#19 2018-05-27 18:07:45

Re: ATTN: Xeno - General Data Protection Regulation and EE

#20 2018-05-27 18:16:07

Re: ATTN: Xeno - General Data Protection Regulation and EE

#21 2018-05-27 18:36:35, last edited by Zumza (2018-05-27 18:45:32)

Re: ATTN: Xeno - General Data Protection Regulation and EE

#22 2018-05-27 19:41:02, last edited by Gosha (2018-05-28 05:30:47)

Re: ATTN: Xeno - General Data Protection Regulation and EE

#23 2018-05-27 20:09:49

Re: ATTN: Xeno - General Data Protection Regulation and EE

#24 2018-05-27 23:04:03

Re: ATTN: Xeno - General Data Protection Regulation and EE

#25 2018-05-27 23:57:20

Re: ATTN: Xeno - General Data Protection Regulation and EE

Board footer