I absolutely understand the economic motivations behind this move. I’m concerned because it seems that if other smaller players do the same (migrate over to established players like Reddit) then it’ll drive more users to incumbent companies. Someone in the thread included a link to an instruction how to deal with GDPR trolling which I’m bookmarking right now just in case.
If you get a data request and it’s reasonable to do so, simply answer it. “Hi, my online identifier is ‘geocar’ what information do you have on me?” - I only have the information you already know about1. If that’s true, it’s easy. If you’re building a profile of me, likes/preferences and whether you sell them individually or in aggregate, then you have to tell me that, but if it’s just my own comments and my own email address (which I entered) then I should already know about that.
If it’s worded in legalese, or you find it otherwise difficult, you can ask for administrative costs to be posted with the request to you. That way you’ll know they’re at least serious too. You’re not required to figure out what information might be connected to the person2, so if you buy some audience data from somebody like Lotame to show targeted ads to your users, even though you have a online identifier (username) you aren’t required to link them if you don’t ordinarily do this, and only very big websites will do this.
Finally, if it’s onerous, you can ask for further “reasonable fees”. Trolls will get bored, but if you need to pull logs out of your s3 glacier and it’s going to take a week (or more) without paying the expedited fees there’s no reason you have to be on the hook for this.
Right now, all this seems scary because it’s “new”, but eventually it will become normal, and we’ll realise the GDPR isn’t the boogeyman out to get us.
“Hi, my online identifier is ‘geocar’ what information do you have on me?”
You also need to prove that you are indeed geocar, otherwise anyone could have requested to view/delete the personal data. So some kind of vetting needs to be done.
Like already stated in another comment before, you can simply ask people to use predefined forms of request from your website once logged in, and have pre-defined answers to them.
Seems like there’s a business opportunity here - “we will host and run your forum / comments / community in a fully GDPR-compliant fashion” or “we give you all the tools to easily comply with GDPR requests”
The link I posted above also suggests another solution which might be a better fit for smaller companies and projects: provide a self-service interface for users where they’ll be able to access all GDPR-related stuff. I’d love to see this approach gain traction so that we’d avoid centralization.
That’s what Im thinking. Lets them pool resources on legal and maybe operational side. Even an existing seller of forum software might make it an extra servicevor differentiator. Alternatively, this stuff might get outsourced to specialized firms.
I absolutely understand the economic motivations behind this move. I’m concerned because it seems that if other smaller players do the same (migrate over to established players like Reddit) then it’ll drive more users to incumbent companies. Someone in the thread included a link to an instruction how to deal with GDPR trolling which I’m bookmarking right now just in case.
If you get a data request and it’s reasonable to do so, simply answer it. “Hi, my online identifier is ‘geocar’ what information do you have on me?” - I only have the information you already know about1. If that’s true, it’s easy. If you’re building a profile of me, likes/preferences and whether you sell them individually or in aggregate, then you have to tell me that, but if it’s just my own comments and my own email address (which I entered) then I should already know about that.
If it’s worded in legalese, or you find it otherwise difficult, you can ask for administrative costs to be posted with the request to you. That way you’ll know they’re at least serious too. You’re not required to figure out what information might be connected to the person2, so if you buy some audience data from somebody like Lotame to show targeted ads to your users, even though you have a online identifier (username) you aren’t required to link them if you don’t ordinarily do this, and only very big websites will do this.
Finally, if it’s onerous, you can ask for further “reasonable fees”. Trolls will get bored, but if you need to pull logs out of your s3 glacier and it’s going to take a week (or more) without paying the expedited fees there’s no reason you have to be on the hook for this.
Right now, all this seems scary because it’s “new”, but eventually it will become normal, and we’ll realise the GDPR isn’t the boogeyman out to get us.
You also need to prove that you are indeed geocar, otherwise anyone could have requested to view/delete the personal data. So some kind of vetting needs to be done.
Indeed, but in this case, I think of at least one way to do that :)
This is reasonable, but when you’re a tiny little startup (I’m pretty sure drone.io is a one man operation) any of this could still be onerous.
Like already stated in another comment before, you can simply ask people to use predefined forms of request from your website once logged in, and have pre-defined answers to them.
Seems like there’s a business opportunity here - “we will host and run your forum / comments / community in a fully GDPR-compliant fashion” or “we give you all the tools to easily comply with GDPR requests”
The link I posted above also suggests another solution which might be a better fit for smaller companies and projects: provide a self-service interface for users where they’ll be able to access all GDPR-related stuff. I’d love to see this approach gain traction so that we’d avoid centralization.
In other words: “pay us money or the government will shut you down”.
All to “protect the consumers” of course. The very same consumers who willingly put all their information up on facebook.
That’s what Im thinking. Lets them pool resources on legal and maybe operational side. Even an existing seller of forum software might make it an extra servicevor differentiator. Alternatively, this stuff might get outsourced to specialized firms.