Comply with GDPR (Strict EU privacy law)

Status

Ajdin

I used to be a big deal on here but now irrelevant
Supreme
Feedback score
12
Posts
2,419
Reactions
3,404
Resources
0
Hi,

So before you start shitting on me for absolutely no reason, I'd like to note the importance of this, but first, quick introduction.

I work as a freelance data protection officer. I'm responsible for the privacy, security, availability and integrity of data for a handful of businesses so I definitely know a bit about internet laws.

So a while back, the EU announced the enforcement of GDPR (General Data Protection Regulation). It's basically a +100 page law that explains new privacy and data laws for the EU. I'm not going to go into detail as to what rules the GDPR actually has (because that would essentially take several hours). But it's worth nothing that this is actually quite serious. Just Googling a little after GDPR articles, you'll find more information about this:
http://www.wired.co.uk/article/what-is-gdpr-uk-eu-legislation-compliance-summary-fines-2018
http://www.bbc.com/news/business-40441434

Well, you might think, but bosny! MC-Market is ran under a company in Australia, we do not need to follow this.

Well, that's where you're wrong kiddo.

To make it all easy for you guys, go read this page real quick: https://www.oaic.gov.au/media-and-s...regulation-guidance-for-australian-businesses

Official Aus gov site:
From 25 May 2018 Australian businesses of any size may need to comply with the GDPR if they have an establishment in the European Union (EU), if they offer goods and services in the EU, or if they monitor the behaviours of individuals in the EU.

Now you might also think, "Ha, but MCM is just a blockgame forum, who cares honestly?"

Again, that's where you're wrong kiddo. The GDPR is something very new. We haven't seen anything closely similar to it previously. It's scary. It's also actually going to be very easy to report businesses who do not follow this law. It's nothing like COPPA or similar.

MC-Market would need to go under some changes in terms of database structure, privacy policy, terms of service, data retention, etc etc.

1 requirement that I am going to say is that every company/institute needs a DPO (Data protection officer). This person is responsible for ensuring that the company/website complies with all laws(including a compliant privacy policy which MC-Market doesn't have at the moment). Additionally, this person is going to be responsible for ensuring that all site visitors can have their questions answered regarding this law.

As I've done over 35 audits in the past 12 months, I can say that MC-Market doesn't need any fundamental changes to comply before the final enforcement date (25th of May 2018) so getting yourself safe for the GDPR shouldn't be that difficult.

Thanks for reading.
 
Type
Suggestion
Status
Implemented
Last edited:
PebbleHost
High performance, consistent uptime and fast support. Minecraft hosting that just works.

Ally

gσ∂∂єѕѕ σƒ мαтнѕ αη∂ мєℓσηѕ χσ
Supreme
Feedback score
37
Posts
2,042
Reactions
2,194
Resources
0
1 requirement that I am going to say is that every company/institute needs a DPO (Data protection officer).
This statement says everything about this suggestion Kappa
 

Zyger

Middleman
Supreme
Feedback score
414
Posts
2,207
Reactions
2,615
Resources
0
1 requirement that I am going to say is that every company/institute needs a DPO (Data protection officer). This person is responsible for ensuring that the company/website complies with all laws(including a compliant privacy policy which MC-Market doesn't have at the moment). Additionally, this person is going to be responsible for ensuring that all site visitors can have their questions answered regarding this law.

I work as a freelance data protection officer. I'm responsible for the privacy, security, availability and integrity of data for a handful of businesses so I definitely know a bit about internet laws.

How convenient.
 

Pixel

Premium
Feedback score
6
Posts
223
Reactions
120
Resources
1
This statement says everything about this suggestion Kappa
So?

It's the truth. McM has to comply. Also, if he's offering to do it for free, that's amazing for Mick but if it was me, I'd charge.
 
Last edited:

Ally

gσ∂∂єѕѕ σƒ мαтнѕ αη∂ мєℓσηѕ χσ
Supreme
Feedback score
37
Posts
2,042
Reactions
2,194
Resources
0
So?

It's the truth. McM has to comply. Also, if he's offering to do it for free, that's amazing for Mick but if it was me, I'd charge.
No, you completely missed the point of my statement.
 

Ajdin

I used to be a big deal on here but now irrelevant
Supreme
Feedback score
12
Posts
2,419
Reactions
3,404
Resources
0
How convenient.

No, you completely missed the point of my statement.

I don't think even 0.0000001% of this forum knows what GDPR is. It's obvious that I want to make it clear as to why I think I know a bit about this topic because most business/site owners underestimate this.

Additionally, one of the sections I'm the most active in is the suggestions section. I make suggestions and posts here all the time so this isn't just some bullshit thread to land me a quick job for a forum.
 

buildblox

Entrepreneur
Deactivated
Feedback score
16
Posts
471
Reactions
429
Resources
0
Hi,

So before you start shitting on me for absolutely no reason, I'd like to note the importance of this, but first, quick introduction.

I work as a freelance data protection officer. I'm responsible for the privacy, security, availability and integrity of data for a handful of businesses so I definitely know a bit about internet laws.

So a while back, the EU announced the enforcement of GDPR (General Data Protection Regulation). It's basically a +100 page law that explains new privacy and data laws for the EU. I'm not going to go into detail as to what rules the GDPR actually has (because that would essentially take several hours). But it's worth nothing that this is actually quite serious. Just Googling a little after GDPR articles, you'll find more information about this:
http://www.wired.co.uk/article/what-is-gdpr-uk-eu-legislation-compliance-summary-fines-2018
http://www.bbc.com/news/business-40441434

Well, you might think, but bosny! MC-Market is ran under a company in Australia, we do not need to follow this.

Well, that's where you're wrong kiddo.

To make it all easy for you guys, go read this page real quick: https://www.oaic.gov.au/media-and-s...regulation-guidance-for-australian-businesses

Official Aus gov site:


Now you might also think, "Ha, but MCM is just a blockgame forum, who cares honestly?"

Again, that's where you're wrong kiddo. The GDPR is something very new. We haven't seen anything closely similar to it previously. It's scary. It's also actually going to be very easy to report businesses who do not follow this law. It's nothing like COPPA or similar.

MC-Market would need to go under some changes in terms of database structure, privacy policy, terms of service, data retention, etc etc.

1 requirement that I am going to say is that every company/institute needs a DPO (Data protection officer). This person is responsible for ensuring that the company/website complies with all laws(including a compliant privacy policy which MC-Market doesn't have at the moment). Additionally, this person is going to be responsible for ensuring that all site visitors can have their questions answered regarding this law.

As I've done over 35 audits in the past 12 months, I can say that MC-Market doesn't need any fundamental changes to comply before the final enforcement date (25th of May 2018) so getting yourself safe for the GDPR shouldn't be that difficult.

Thanks for reading.

Thanks, I didn’t know about this. Do you happen to know whether American-hosted and operating sites would have to conform to these standards?
 

jaykk

Web Developer
Supreme
Feedback score
7
Posts
91
Reactions
56
Resources
0
This person is responsible for ensuring that the company/website complies with all laws.
Easy - some manager can take responsibility of that.

This person is going to be responsible for ensuring that all site visitors can have their questions answered regarding this law.
Easy - if a player needs any info on this they can submit a support request
 

AdamEdits

Supreme
Feedback score
41
Posts
741
Reactions
489
Resources
0
Mick can just come to the US problem solved
 

Ajdin

I used to be a big deal on here but now irrelevant
Supreme
Feedback score
12
Posts
2,419
Reactions
3,404
Resources
0
Easy - some manager can take responsibility of that.

Easy - if a player needs any info on this they can submit a support request

The thing is, you actually need to know what you're doing. You need to somewhat understand the GDPR before you become a DPO for a company. This is because the DPO of each business is actually responsible for informing the business as to what steps they need to take to be compliant.

Mick can just come to the US problem solved

Except US based businesses fall under GDPR too.

ee7a54ddcdb6a4e8de27540024c39bc9.png


Correct me if I'm wrong, but I don't think MCM applies to this ^

It does. MC-Market offers services within the EU. Additionally they hold data of EU customers so yes, MC-Market does fall under this.
 

Ajdin

I used to be a big deal on here but now irrelevant
Supreme
Feedback score
12
Posts
2,419
Reactions
3,404
Resources
0
Yeah, but they don't analyse the data to predict what a person would do, and the site is english based
Read your own screenshot. Literally 3 points in your screenshot make MC-Market fall under GDPR.
 

Zyger

Middleman
Supreme
Feedback score
414
Posts
2,207
Reactions
2,615
Resources
0
Read your own screenshot. Literally 3 points in your screenshot make MC-Market fall under GDPR.
  • an Australian business with an office in the EU
The website does not have an office in the EU.
  • an Australian business whose website targets EU customers for example by enabling them to order goods or services in a European language (other than English) or enabling payment in euros
The website does not target EU customers, and it forces you to pay in USD.
  • an Australian business whose website mentions customers or users in the EU
It's not mentioned anywhere on the site. (not including posts made by users, since they don't own the site)
  • an Australian business that tracks individuals in the EU on the internet and uses data processing techniques to profile individuals to analyse and predict personal preferences, behaviours and attitudes.
They don't analyse anyone's data like that.
 

Ajdin

I used to be a big deal on here but now irrelevant
Supreme
Feedback score
12
Posts
2,419
Reactions
3,404
Resources
0
  • an Australian business with an office in the EU
The website does not have an office in the EU.
  • an Australian business whose website targets EU customers for example by enabling them to order goods or services in a European language (other than English) or enabling payment in euros
The website does not target EU customers, and it forces you to pay in USD.
  • an Australian business whose website mentions customers or users in the EU
It's not mentioned anywhere on the site. (not including posts made by users, since they don't own the site)
  • an Australian business that tracks individuals in the EU on the internet and uses data processing techniques to profile individuals to analyse and predict personal preferences, behaviours and attitudes.
They don't analyse anyone's data like that.
You can honestly do some basic Googling before writing your posts.

The Australian website does actually use somewhat vague statements. For example, "targeting" isn't elaborated.
Just noticed that the screenshot you made doesn't come from the Australian government website, it'd be surprised if it did.
However, luckily the GDPR is one of the most detailed privacy laws in existence and it's pretty obvious (to everyone who does a little research) that compliance is necessary by almost any online website.

Even though the website processes payments in USD, it still allows EU customers to purchase services on here. It still holds personal data of EU customers, hence it's required to comply with the GDPR. Nonetheless, let's pull up the actual GDPR regulation.

You can find it here: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN
Article 3, Territorial scope states the following:
This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: (a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or (b) the monitoring of their behaviour as far as their behaviour takes place within the Union.

To break it down in simple English. The quote firstly clarifies that the specific rule also applies to personal data as to where the controller of processor are not established in the EU. The controller is the one who controls the data e.g has the power to say what kind of data will be collected and how it'll be stored. The processor is in this case the host, which is AWS. They both aren't in the EU but MC-Market still falls under GDPR because (according to the quote), you're required to be compliant if you have EU customers or process personal EU data. Additionally, MC-Market does actually monitor it's user's behaviour. I'm not going to go into much detail but simple things like Google analytics, servers logs, access logs, etc fall under monitoring.

I'm also not sure where you found that screenshot. If you go to the link I posted in my thread, you are taken to the gov website which has this URL: https://www.oaic.gov.au/agencies-an...and-the-eu-general-data-protection-regulation

That page also states the following:
Some Australian businesses covered by the Australian Privacy Act 1988 (Cth) (the Privacy Act) (known as APP entities), may need to comply with the GDPR if they:
  • do not have an establishment in the EU, but offer goods and services or monitor the behaviour of individuals in the EU.

Once again, I do not need to elaborate on how MC-Market does actually monitor visitors through various ways.
 
Last edited:

Pixel

Premium
Feedback score
6
Posts
223
Reactions
120
Resources
1
ee7a54ddcdb6a4e8de27540024c39bc9.png


Correct me if I'm wrong, but I don't think MCM applies to this ^

Correcting you: yes it does. It doesn't matter where it's hosted.

McM is doing "business" with EU users, therefore it follows EU laws.
 

Ajdin

I used to be a big deal on here but now irrelevant
Supreme
Feedback score
12
Posts
2,419
Reactions
3,404
Resources
0
Tagging staff members in threads/suggestions isn't suggested.

Additionally, it is getting quite urgent since the enforcement deadline for this is the 28th of May.
 
Status
Top