Overclock.net banner

1 - 20 of 20 Posts

·
ٴٴٴ╲⎝⧹˙͜>˙⧸⎠╱
Joined
·
6,154 Posts
Discussion Starter #1
Where can I request dat to not be sold and how can I download all of my data that has been collected?

Neither options exist on this website yet the badge of "GDPR compliant" is here?

@ENTERPRISE and maybe other bigshots can comment on this?
 

·
Registered
Joined
·
255 Posts
  • Rep+
Reactions: VS Jeff

·
FOCAL ARIA FTW
Joined
·
9,351 Posts
Where can I request dat to not be sold and how can I download all of my data that has been collected?

Neither options exist on this website yet the badge of "GDPR compliant" is here?

@ENTERPRISE and maybe other bigshots can comment on this?
OCN seems to be a bit finicky with the GDPR implementation.
I don't believe they are even compliant.
I requested the right to erasure a while back and I was given 'anonymization' instead.
I was quoted 'it will break the flow of the forums and conversations' if they comply with GDPR.

I brought this matter with a lawyer friend of mine at CVRIA Luxembourg as OCN is not the only forum doing this.
Quite a lot of verticalscope managed boards seem to have their 'own' GDPR.
 

·
Registered
Joined
·
255 Posts
The law is pretty clear, GDPR compliant means having the ability to download and erase your data. That said if it is anonymized to the point its no longer personally identifiable they may comply(just), can always check with your local DPA.
 

·
FOCAL ARIA FTW
Joined
·
9,351 Posts
The law is pretty clear, GDPR compliant means having the ability to download and erase your data. That said if it is anonymized to the point its no longer personally identifiable they may comply(just), can always check with your local DPA.
That is exactly it. Any DPO you will speak too will refer to the first part of your post. If you cannot do that, you contact the relevant entity and formally request compliance to GDPR and the relevant provision. I want all my data to be deleted as per the the law. I want to clean up my internet foot print a bit and OCN makes it difficult.
 

·
 
Joined
·
29,532 Posts
OCN seems to be a bit finicky with the GDPR implementation.
I don't believe they are even compliant.
I requested the right to erasure a while back and I was given 'anonymization' instead.
I was quoted 'it will break the flow of the forums and conversations' if they comply with GDPR.

I brought this matter with a lawyer friend of mine at CVRIA Luxembourg as OCN is not the only forum doing this.
Quite a lot of verticalscope managed boards seem to have their 'own' GDPR.
This has been the case even before VS acquired OCN. The site is contingent on keeping all posts as long as possible. This is the same reason why mass-edits of your old posts aren't allowed either.
When you signed up, you agreed to all the content you submit now being owned by OCN.

GDPR on the right to be forgotten states:
The correspondingly-named rule primarily regulates erasure obligations. According to this, personal data must be erased immediately where the data are no longer needed for their original processing purpose, or the data subject has withdrawn his consent and there is no other legal ground for processing, the data subject has objected and there are no overriding legitimate grounds for the processing, or erasure is required to fulfil a statutory obligation under the EU law or the right of the Member States. In addition, data must naturally be erased if the processing itself was against the law in the first place.
So simply put, it's your personal data that can get deleted, not the content you submitted. The site terms of service (last time I checked) also state to not post any personally identifiable information, and that was a site rule before GDPR was even conceived of.

I am not a lawyer and all that, but you are keeping something from your lawyer (the terms of service you agreed to when you signed up) if you're not mentioning to him that OCN has full ownership of all content that you submit.

That is exactly it. Any DPO you will speak too will refer to the first part of your post. If you cannot do that, you contact the relevant entity and formally request compliance to GDPR and the relevant provision. I want all my data to be deleted as per the the law. I want to clean up my internet foot print a bit and OCN makes it difficult.
That doesn't sound like an issue to me. If you followed site rules, there should be nothing to worry about in terms of not leaving personally identifiable information once you fill out GDPR.

I hope you can see that if GDPR would be followed the way you suggest (by deleting all data by a user) then forums would balance on a razor thin edge that'd be pushed over simply by having a few with my post count GDPR claim their accounts.
 
  • Rep+
Reactions: Miki

·
Administrator
Joined
·
64,303 Posts
The removal of any personally identifiable information so far as your profile,username,email and password etc is the lengths we go to as policy. As per the sites terms, you are not to openly post personally identifiable information, users that choose to do so take it upon their own risk. If this is of concern to you then please do contact the owners of OCN via [email protected] .

I completely understand the concerns surrounding ones privacy and we do go to lengths to ensure we are respecting user privacy/GDPR while also maintaining proper continuity of the sites content flow, but as I say, if you have particular concerns you are better to contact the site owners directly.
 

·
ٴٴٴ╲⎝⧹˙͜>˙⧸⎠╱
Joined
·
6,154 Posts
Discussion Starter #8 (Edited)
The removal of any personally identifiable information so far as your profile,username,email and password etc is the lengths we go to as policy. As per the sites terms, you are not to openly post personally identifiable information, users that choose to do so take it upon their own risk. If this is of concern to you then please do contact the owners of OCN via [email protected] .

I completely understand the concerns surrounding ones privacy and we do go to lengths to ensure we are respecting user privacy/GDPR while also maintaining proper continuity of the sites content flow, but as I say, if you have particular concerns you are better to contact the site owners directly.
@ENTERPRISE doesn't actually answer the problem here...

GDPR compliance means that you can remove/request at will and the site has to comply otherwise the badge is completely useless and you're violating the rules

With that said, where can I request all my data, and request that the data not be sold?

I see you guys don't have CCPA either. Combined with fake GDPR this means that you're not even caring about users privacy and data rights.



And wouldn't it be better for you (mod) to contact the owners regarding this instead of me (insignificant user)?
 

·
Premium Member
Joined
·
1,170 Posts
As someone who has first hand experience of such matters (I was part of the EU taskforce working on the GDPR from 2012 to 2014), I often see many people who misunderstand some articles of the GDPR, most often article 17.
Another important thing to note is that many people think the GDPR only applies to EU citizens, or companies, or websites registered in the EU. It's actually much broader than that. As far as companies are concerned, as long as the service you offer is available in the EU, then you have to comply with the GDPR.
Simply put, the only way for a website to not have to comply with GDPR is to geoblock access from any EU and/or EEA (European Economic Area) member country.

Before I dive any deeper though, here's a link to the official text of law, directly from the website of the EU : GDPR

Now, one thing about GDPR is that wording is VERY important (as with most texts of law tbh).

Article 17 touches about "personal data" and personal data only. Not content, just personal data.
So what IS personal data? It's not a literal translation, as in, it's not data that belongs to you, or data that you make available on the web (ie content). Far from it.
It's any and all things that can be used in one way or another to identify you as a person with your real name.
Common examples often put forward would be your first name, surname, address, phone number...
Pertaining to online use, personal data is a little more detailed thanks to Recital 30 of the GDPR. That tells us that IP addresses, session cookies, RFID tags, are considered personal data.

So the bottom line is, as far as OCN is concerned, to be GDPR compliant, here's what they need to do if someone contacts them to invoke article 17:

  • Delete everything in the "Account details" page of the user profil
  • Erase the user's password from their databases, even if encrypted
  • Reset the user's timezone to GMT
  • Erase the user's signature
  • Remove any link to outside accounts (Facebook and Google links)
  • Remove everybody from "Following" and "Ignoring" in the user profile
  • Remove join date
  • Remove any media from the user profile that might include information that could be used to identify them
  • Remove any metadata from all medias from the user profile
Now the last 2 points is most often where problems arise.

When you signed up, you agreed to all the content you submit now being owned by OCN.
gonX is absolutely right. The ToS do state this. However it only covers content and not personal data. If the content you upload does contain personal data (even if you don't see if as such, or are not aware it is personal data at the time of upload) in any form, then when you invoke Article 17, VS has to delete said media from your profile.

As an example, here's a link to a screengrab I uploaded 5 years ago to OCN. As it contains my first name as well as the approximative date at which I purchased a specific product on a specific website the name of which can clearly be seen, any decent investigator could use it to try and track me by obtaining more info from said website. As such, it falls under the personal data category and would have to be removed by VS, even though I did upload it of my own free will back then, even though GDPR wasn't even a law back then.

The same thing goes for metadata of uploaded pics (which is why most websites implement a scrubber that removes all metadata as part of the upload process).


So I know this is a huge wall of text, but I hope it at least helped cleared things up.
 

·
Administrator
Joined
·
64,303 Posts
@ENTERPRISE doesn't actually answer the problem here...

GDPR compliance means that you can remove/request at will and the site has to comply otherwise the badge is completely useless and you're violating the rules

With that said, where can I request all my data, and request that the data not be sold?

I see you guys don't have CCPA either. Combined with fake GDPR this means that you're not even caring about users privacy and data rights.



And wouldn't it be better for you (mod) to contact the owners regarding this instead of me (insignificant user)?
As it is your concern, then it would make sense for you to articulate your concern to the site owners. Myself acting as a middle man in this particular case makes little sense.
 

·
ٴٴٴ╲⎝⧹˙͜>˙⧸⎠╱
Joined
·
6,154 Posts
Discussion Starter #11
As it is your concern, then it would make sense for you to articulate your concern to the site owners. Myself acting as a middle man in this particular case makes little sense.
So wait, you're not concerned about OCN potentially violating GDPR and people's privacy?

I know everyone has their own opinions but I'm just curious.
 

·
Administrator
Joined
·
64,303 Posts
So wait, you're not concerned about OCN potentially violating GDPR and people's privacy?

I know everyone has their own opinions but I'm just curious.
As I have no concern with respect to the site owners being non-compliant regarding GDPR it is not something I am actively going to investigate. As it is your concern (others may share it too) then it is up to you and others to validate your own curiosity with respect to A. What GDPR entails in this situation and B. Discuss said concerns with the site owners and to ask for a copy of your information.

Nothing to do with lack of care, I just do not share your concerns on the matter. As I say, we have been following the same procedure for years and updated said procedure to make sure it included new requirements set by GDPR.
 

·
FOCAL ARIA FTW
Joined
·
9,351 Posts
As I have no concern with respect to the site owners being non-compliant regarding GDPR it is not something I am actively going to investigate. As it is your concern (others may share it too) then it is up to you and others to validate your own curiosity with respect to A. What GDPR entails in this situation and B. Discuss said concerns with the site owners and to ask for a copy of your information.

Nothing to do with lack of care, I just do not share your concerns on the matter. As I say, we have been following the same procedure for years and updated said procedure to make sure it included new requirements set by GDPR.
I recall with the transition to Vertical Scopes, my first login to the new board had my ad-blockers block 20-30 tracking websites with whom I had no connections.
You guys had to fix that once we complained on the forums.
Given the above posts from myself and a few users, can you please provide evidence that OCN meets the, now old, GDPR requirements?
 

·
Administrator
Joined
·
64,303 Posts
I recall with the transition to Vertical Scopes, my first login to the new board had my ad-blockers block 20-30 tracking websites with whom I had no connections.
You guys had to fix that once we complained on the forums.
Given the above posts from myself and a few users, can you please provide evidence that OCN meets the, now old, GDPR requirements?
I will ask for a VS representative to make comment in this thread for you and others. I run the community and the site, I have no dealings with their privacy based policies. Though on the note of all the trackers, I did and have expressed concern with those all along. I have been told that this platform will have a reduced number of these, though again I have no control over what VS decides to do in this area.
 

·
ٴٴٴ╲⎝⧹˙͜>˙⧸⎠╱
Joined
·
6,154 Posts
Discussion Starter #16
I will ask for a VS representative to make comment in this thread for you and others. I run the community and the site, I have no dealings with their privacy based policies. Though on the note of all the trackers, I did and have expressed concern with those all along. I have been told that this platform will have a reduced number of these, though again I have no control over what VS decides to do in this area.
Any news from the VS guy?
 

·
Vermin Supreme 2020
Joined
·
25,774 Posts
good read... I hope those with concerns get their issues met with solid proof of OCN's mitigation efforts (account scrubbing & one off post clean up).

also just wanna say - I appreciate @eXe.Lilith for the breakdown.

The post above yours is there response.
this made me giggle.

Ent, should you even go by admin anymore? its 2020, Community Manager & Admin are very different these days. I think it might help elievate some of the never ending over leveraged expectations of you duties here?


gotta say, OC_Admin has an impressive post count.
 

·
ٴٴٴ╲⎝⧹˙͜>˙⧸⎠╱
Joined
·
6,154 Posts
Discussion Starter #19
1 - 20 of 20 Posts
Top