Comply with GDPR (Strict EU privacy law)

Status

Ajdin

I used to be a big deal on here but now irrelevant
Supreme
Feedback score
12
Posts
2,419
Reactions
3,404
Resources
0
Hi,

So before you start shitting on me for absolutely no reason, I'd like to note the importance of this, but first, quick introduction.

I work as a freelance data protection officer. I'm responsible for the privacy, security, availability and integrity of data for a handful of businesses so I definitely know a bit about internet laws.

So a while back, the EU announced the enforcement of GDPR (General Data Protection Regulation). It's basically a +100 page law that explains new privacy and data laws for the EU. I'm not going to go into detail as to what rules the GDPR actually has (because that would essentially take several hours). But it's worth nothing that this is actually quite serious. Just Googling a little after GDPR articles, you'll find more information about this:
http://www.wired.co.uk/article/what-is-gdpr-uk-eu-legislation-compliance-summary-fines-2018
http://www.bbc.com/news/business-40441434

Well, you might think, but bosny! MC-Market is ran under a company in Australia, we do not need to follow this.

Well, that's where you're wrong kiddo.

To make it all easy for you guys, go read this page real quick: https://www.oaic.gov.au/media-and-s...regulation-guidance-for-australian-businesses

Official Aus gov site:
From 25 May 2018 Australian businesses of any size may need to comply with the GDPR if they have an establishment in the European Union (EU), if they offer goods and services in the EU, or if they monitor the behaviours of individuals in the EU.

Now you might also think, "Ha, but MCM is just a blockgame forum, who cares honestly?"

Again, that's where you're wrong kiddo. The GDPR is something very new. We haven't seen anything closely similar to it previously. It's scary. It's also actually going to be very easy to report businesses who do not follow this law. It's nothing like COPPA or similar.

MC-Market would need to go under some changes in terms of database structure, privacy policy, terms of service, data retention, etc etc.

1 requirement that I am going to say is that every company/institute needs a DPO (Data protection officer). This person is responsible for ensuring that the company/website complies with all laws(including a compliant privacy policy which MC-Market doesn't have at the moment). Additionally, this person is going to be responsible for ensuring that all site visitors can have their questions answered regarding this law.

As I've done over 35 audits in the past 12 months, I can say that MC-Market doesn't need any fundamental changes to comply before the final enforcement date (25th of May 2018) so getting yourself safe for the GDPR shouldn't be that difficult.

Thanks for reading.
 
Type
Suggestion
Status
Implemented
Last edited:
PebbleHost
High performance, consistent uptime and fast support. Minecraft hosting that just works.

Ajdin

I used to be a big deal on here but now irrelevant
Supreme
Feedback score
12
Posts
2,419
Reactions
3,404
Resources
0
Maybe tagging them is needed
ea3245c%252'1%C3%A9'51%C3%A9'1%C3%A9'51%C3%A9'1%C3%A9'1rxc6eef14ef.png


I know that there's 19 pages of suggestions but I'm confident that this thread has been seen and if they choose to not take action, it's a risk that they are taking, not us (the users).
 

Ajdin

I used to be a big deal on here but now irrelevant
Supreme
Feedback score
12
Posts
2,419
Reactions
3,404
Resources
0
But It nesds to be implemeneted due to the fact Mick has a website that he currently uses as a financial income rn. He should comply with the updated laws and not stay behind bc you never know when shit may happen
You're absolutely right. However, you can't force someone to comply with something.
 

Lockett

Supreme
Feedback score
9
Posts
434
Reactions
158
Resources
0
There is a way around this by adding a section to the TOS regarding Governing Law and Jurisdiction/ Choice of law and Venture that would exclude MCM from having to comply with GDPR due to the fact that it would be exclusively governed by the laws of Australia and not the EU. You can find many example clauses on the internet for example. Here is a link to a bunch of them.
 
Last edited:

Ajdin

I used to be a big deal on here but now irrelevant
Supreme
Feedback score
12
Posts
2,419
Reactions
3,404
Resources
0
There is a way around this by adding a section to the TOS regarding Governing Law and Jurisdiction/ Choice of law and Venture that would exclude MCM from having to comply with GDPR due to the fact that it would be exclusively governed by the laws of Australia and not the EU. You can find many example clauses on the internet for example. Here is a link to a bunch of them.
No. This is not how the GDPR works at all.
 

Lockett

Supreme
Feedback score
9
Posts
434
Reactions
158
Resources
0
No. This is not how the GDPR works at all.
Explain further then please. I’m not an expert by any means so I’m not going to bother arguing this however I would atleast like to know your reasoning. As I believe that would get around it for US Buissness maybe I’m missing something for Australia.
 

Ajdin

I used to be a big deal on here but now irrelevant
Supreme
Feedback score
12
Posts
2,419
Reactions
3,404
Resources
0
Explain further then please. I’m not an expert by any means so I’m not going to bother arguing this however I would atleast like to know your reasoning. As I believe that would get around it for US Buissness maybe I’m missing something for Australia.
To put it simple, there's no "get around" for the GDPR. You're processing EU datasets so the EU (more specifically, it's privacy commission) has the power apply these laws anywhere, no matter the origin or location. This is because the EU dataset is property of the EU.

So saying something like "We fall under x law because we choose to" does not work mainly because the GDPR is a global law. Other governments (in this case Australia) have agreed and acknowledged the GDPR so you're actually forced to comply. Even if a country decides not to acknowledge the GDPR, the EU can still hold the entity accountable for not enforcing the law because it's dealing with EU datasets (which are EU property as stated previously).
 

Ajdin

I used to be a big deal on here but now irrelevant
Supreme
Feedback score
12
Posts
2,419
Reactions
3,404
Resources
0
Exactly what personal data is this site storing, or otherwise processing?
Email & IP's are 2 examples.

The GDPR is far more than just storing/processing personal data.

Some other things MCM does not comply with at this current time:
  • Right to be forgotten
  • Privacy policy
  • Explaining what datasets are being processed and collected and under what GDPR grounds
  • Explaining involvement of 3rd parties
  • Explaining how one would have their personal data removed from the website
  • Be able to request all data the site is holding for a specific user
  • Explain how data is protected
  • Explain what procedures are taken when a data leak occurs.
  • Etc..
The list just goes on however those are a few examples.[DOUBLEPOST=1521396827][/DOUBLEPOST]
Oh PLEASE! STOP!


Have to learn about this stupid GDPR shi* on my college course and im getting tired of it :'(
Then you definitely know how important compliance is :)
 
Last edited:

Overlord

Supreme
Feedback score
2
Posts
569
Reactions
276
Resources
0
Ajdin Do you plan to make these changes to Anvilnode's policies, as well? Looks like your own privacy policies are a bit lacking.[DOUBLEPOST=1521397297][/DOUBLEPOST]You might slightly be exaggerating the GDPR. Emails and IPs of people on a Minecraft forum are hardly at the top of the GDPR's protections criteria. Enforcement, especially outside of Europe, especially on small entities will be nil. The same goes for VAT MOSS, for example, there are massive tech corporations based in the US that aren't charging VAT properly.

Not that I encourage weak data protection policies or not adhering to the GDPR, but this is not exactly the kind of site the GDPR was created for. Your host is a far greater candidate for requiring full compliance.
 
Last edited:

Ajdin

I used to be a big deal on here but now irrelevant
Supreme
Feedback score
12
Posts
2,419
Reactions
3,404
Resources
0
Do you plan to make these changes to Anvilnode's policies, as well? Looks like your own privacy policies are a bit lacking.
My privacy policy is ready however it's not online yet. There's no point in missing out on precious marketing and other statistical data because the enforcement date is the 28th of May.

Marketing emails are a good example. They are a really efficient way of making sales and increasing customer retention. With the GDPR, it's becoming much more difficult.
 

Overlord

Supreme
Feedback score
2
Posts
569
Reactions
276
Resources
0
My privacy policy is ready however it's not online yet. There's no point in missing out on precious marketing and other statistical data because the enforcement date is the 28th of May.

Marketing emails are a good example. They are a really efficient way of making sales and increasing customer retention. With the GDPR, it's becoming much more difficult.
25th of May.

The GDPR is a welcome change, in my opinion. Businesses have used consumer data improperly and consumers have been given little access and choice into how their data is used, with lower levels of transparency. Hopefully this should increase accountability for businesses and enforce rights for citizens on their own data.

This is something that should've been universal a long time ago. Sucks the US hasn't bothered to deal with it, glad the EU is finally doing it.
 

Ajdin

I used to be a big deal on here but now irrelevant
Supreme
Feedback score
12
Posts
2,419
Reactions
3,404
Resources
0
25th of May.

The GDPR is a welcome change, in my opinion. Businesses have used consumer data improperly and consumers have been given little access and choice into how their data is used, with lower levels of transparency. Hopefully this should increase accountability for businesses and enforce rights for citizens on their own data.

This is something that should've been universal a long time ago. Sucks the US hasn't bothered to deal with it, glad the EU is finally doing it.
I don't mind the GDPR either. Having worked with it in the past year has actually made me love it due to the amount of detail and thought that has been put into it unlike some other global laws (VAT MOSS).

But you get the point of this thread. On MCM's scale it's not hard to comply with GDPR. It actually shouldn't be anything scary either (to some people it is e.g online marketing is slightly less efficient) because all it does is provide clarity/transparency and fairly reasonable rules to protect online consumers.
 

Ajdin

I used to be a big deal on here but now irrelevant
Supreme
Feedback score
12
Posts
2,419
Reactions
3,404
Resources
0
Deadline is tomorrow and no update has been given.
 

roy

I just exist
Supreme
Feedback score
17
Posts
396
Reactions
348
Resources
1
(I do agree MC-M should comply)

So, I saw a lot of people arguing about whether MC-M really does need to comply with the GDPR, yes, they do.
In very simple terms- If someone whom is European uses your website, you have to comply. Simple as that.
Now if you literally ONLY allow U.S. citizens to use your site then you don't need to follow it, but, that likely isn't the case for any website.

So yeah, stop arguing about it now.
 
Status
Top