Is NodeBB compliant with the GDPR (the newest legislative spam by the EU)?
-
To learn more about the newest big thing in the European legislative spam: https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
Do you think that the GDPR will kill the small user-generated content platforms based on open-source platforms like NodeBB?
I posted a similar question on Reddit here:
r/privacy - Is open source platforms for forums, social networks, wikis compliant with the GDPR?
2 votes and 7 comments so far on Reddit
-
Would be interesting to follow the discussion @vstoykov -- I'll do some research and see... hopefully there are exemptions!
-
My understanding is that it depends on whether you think someone in your community will spend the time to enforce this if you are outside of the EU. That being said, any firm or service that interacts with an EU citizen is supposed to be compliant with GDPR. There are a lot of good data analytics websites that have articles on what one needs to do. If you're compliant with Canada's PIPEDA or whatever the US has then its not that big of a leap to be compliant with GDPR though. Some tech firms are building in easier ways to control and modify data though.
I assume with NodeBB it would be a simple matter of deleting the user when requested, but there's probably a rule around making a comment on a forum and that now being in the public sphere, which doesn't mean the nodeBB hoster having to delete all the posts related to it. If that is under GDPR then someone should contest that if they're ever challenged on it.
-
In terms of that specific example, NodeBB admins have the ability to delete just the user, or the user and the entirety of their contributed content, so this is flexible enough I believe...
-
I think NodeBB as of now is not compliant. One important caveat is that it includes resources from external websites such as Twitter (for bootstrap). As already posted somewhere else, it should be possible to host that stuff locally.
I would also disable external logins to be sure.
Another problem would be if a user want's to have her data. That's not possible with NodeBB yet (afaik) but could be done with database tools.
One more thing: the EU considers a site to be addressing EU citizens if it provides content in one of the 27 EU languages. While this is nonsense they enforce this nevertheless.
best,
Tom -
Hm... I don't think we remotely fetch bootstrap anymore... possibly Google Fonts, but that is a Persona thing.
User data export is something we ought to build out anyway, and if it is mandated, then even more so.
-
-
@azeus ... almost
-- NodeBB v1.9.0 should contain the code necessary to comply with GDPR.Individual hosts of NodeBB will need to do the last-mile items, such as getting a Data Processing Agreement in place, and such, but otherwise, yes.
We'll be launching v1.9.0 today
-
@julian said in Is NodeBB compliant with the GDPR (the newest legislative spam by the EU)?:
e, and such, but otherwise, yes.
We'll be launching v1.9.0 todayAwesome, you guys rox ^^
-
Hi @Julian, we just upgraded to v1.9.0. Where could we find the GDPR related settings? We don't find anything in the Admin Panel
Tks -
@azeus said in Is NodeBB compliant with the GDPR (the newest legislative spam by the EU)?:
Hi @Julian, we just upgraded to v1.9.0. Where could we find the GDPR related settings? We don't find anything in the Admin Panel
TksHi @azeus , register an new user an you will see it. And look into your profil.
sry, text in german
-
@frankm thank you
-
@azeus We'll be releasing a corresponding plugin with ACP integration to see consent values and to request consent from existing users in the coming days/week
-
-
Do we need this GDPR plugin or is it good enough to upgrade to 1.9.1 to get the consent popup?
-
Sorry, checked out the link
Plugin is for managing GDPR and the forum will ask for consent for all new users. So if i setup a new forum this plugin is not necessary but can be good to have
-
@jenkler Yes that's correct. The plugin is a transitional plugin for forums with existing users who have not consented. All new users are required to provide consent now, irregardless of plugin installation.
-
Cool, thanks
