Is NodeBB compliant with the GDPR (the newest legislative spam by the EU)?
-
My understanding is that it depends on whether you think someone in your community will spend the time to enforce this if you are outside of the EU. That being said, any firm or service that interacts with an EU citizen is supposed to be compliant with GDPR. There are a lot of good data analytics websites that have articles on what one needs to do. If you're compliant with Canada's PIPEDA or whatever the US has then its not that big of a leap to be compliant with GDPR though. Some tech firms are building in easier ways to control and modify data though.
I assume with NodeBB it would be a simple matter of deleting the user when requested, but there's probably a rule around making a comment on a forum and that now being in the public sphere, which doesn't mean the nodeBB hoster having to delete all the posts related to it. If that is under GDPR then someone should contest that if they're ever challenged on it.
-
I think NodeBB as of now is not compliant. One important caveat is that it includes resources from external websites such as Twitter (for bootstrap). As already posted somewhere else, it should be possible to host that stuff locally.
I would also disable external logins to be sure.
Another problem would be if a user want's to have her data. That's not possible with NodeBB yet (afaik) but could be done with database tools.
One more thing: the EU considers a site to be addressing EU citizens if it provides content in one of the 27 EU languages. While this is nonsense they enforce this nevertheless.
best,
Tom -
@azeus ... almost
-- NodeBB v1.9.0 should contain the code necessary to comply with GDPR.Individual hosts of NodeBB will need to do the last-mile items, such as getting a Data Processing Agreement in place, and such, but otherwise, yes.
We'll be launching v1.9.0 today
-
@azeus said in Is NodeBB compliant with the GDPR (the newest legislative spam by the EU)?:
Hi @Julian, we just upgraded to v1.9.0. Where could we find the GDPR related settings? We don't find anything in the Admin Panel
TksHi @azeus , register an new user an you will see it. And look into your profil.
sry, text in german
-
GitHub - NodeBB/nodebb-plugin-gdpr: GDPR Compliance Tools and Administrative Overview Pages
GDPR Compliance Tools and Administrative Overview Pages - NodeBB/nodebb-plugin-gdpr
GitHub (github.com)
-
Do we need this GDPR plugin or is it good enough to upgrade to 1.9.1 to get the consent popup?
-
Cool, thanks
