Textpattern CMS support forum

You are not logged in. Register | Login | Help

#261 2018-05-09 08:24:23

philwareham
Core designer
From: Farnham, Surrey, UK
Registered: 2009-06-11
Posts: 3,112
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

Thanks people! I’ll ask the other devs if we can get this release out ASAP.

Offline

#262 2018-05-09 08:38:45

Dragondz
Moderator
From: Algérie
Registered: 2005-06-12
Posts: 1,300
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

Congrat phil, life design dont match any grid ;)

Offline

#263 2018-05-09 09:55:43

etc
Developer
Registered: 2010-11-11
Posts: 3,042
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

Congrats and best wishes to you, Phil, raise high the txp bits! I hope RC is a question of hours now, will do some tests this afternoon.


etc_[ query | search | pagination | date | tree | cache ]

Offline

#264 2018-05-09 12:14:29

jstubbs
Moderator
From: Hong Kong
Registered: 2004-12-13
Posts: 2,394
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

philwareham wrote #311642:

I’m getting married on 18th May

Congratulations and best wishes!

Offline

#265 2018-05-10 08:23:28

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 8,524
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#266 2018-05-10 11:08:52

uli
Moderator
From: Cologne
Registered: 2006-08-15
Posts: 4,168

Re: Txp cookies, visitor logging, and GDPR stuff in general

Congratulations, Phil, for finding the perfect match for the busy Textpatterner you are!


In bad weather I never leave home without wet_plugout, smd_where_used and adi_form_links

Offline

#267 2018-05-12 23:59:37

Destry
Moderator
From: Haut-Rhin
Registered: 2004-08-04
Posts: 4,062
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

Bloke wrote #311657:

@planeth Looks like DigitalOcean can go on the list in your database. Yay.

Adobe too, if not already in the database. I can’t remember.


The text persuades, the *notes prove。

Offline

#268 2018-05-14 07:45:27

Destry
Moderator
From: Haut-Rhin
Registered: 2004-08-04
Posts: 4,062
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

planeth wrote #311430:

GDPR applies to companies, not individuals.

Returning to this point again because it’s not very clear in the GDPR.

Article 4, Alinea 18 says (bold mine):

‘enterprise’ means a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity;

Let’s begin with the fact an ‘enterprise’ is bound by the Reg.

Next, let’s try to make clear what a ‘natural person’ means in this context. According to Article 4, Alinea 1, a ‘natural person’ is defined equivalently as a ‘data subject’, which we know means any EU citizen/resident, business owner or not. So this much seems to refute what you’re saying, Planeth.

But the distinction seems to be from taking the two bold parts together. A natural person engaged in economic activity.

Now we need to make clear what is meant by ‘an economic activity irrespective of its legal form’. On one hand it could simply mean what type of business it is (i.e. freelance to international corporation), but that would not jive with the fact anyone could just be a ‘natural person’. So on the other hand an ‘economic activity’ here could mean any activity where money is transferred, such as PayPal donations.

So in fact the Reg could be binding to any non-business website that has a PayPal button, or uses a Patreon or Liberepay account, etc. Anything where money and the personal data of two parties is shared/transferred.

If that’s true, then a non-business owner who has such a website as just described, would still need to have a clear data privacy statement on the site, with all the expected details laid out, and DPAs with whatever third-party is handling the funds transfer process (e.g. PayPal, Liberepay, etc).

Is this making sense to anyone or am I reading this wrong? Because if it’s making sense, then I may need to get another DPA in the future from a processor like PP or Liberepay for my personal site.

This would also have implications for open source projects like Txp.


The text persuades, the *notes prove。

Offline

#269 2018-05-14 08:16:00

jakob
Moderator
From: Germany
Registered: 2005-01-20
Posts: 3,253
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

I don’t know what the legal answer here is, but my thinking along the lines of the spirit of the regulations is:

  • If you are just a blogger, author, publisher writing about something or other or showing your photos, artwork, creations to the world, then you are an individual not engaged in an economic activity.
  • If you show adverts on that site that results in personally identifiable data being collected, e.g. third-party ad networks, then you need a consent option, privacy policy, & dpa.
  • If you sell (or take donations for) some of said photos, artworks, creations, writings … via your website, and as a result some personally identifiable information is collected and processed, e.g. by a payment gateway, then you need a consent option, privacy policy, & dpa.
  • If you don’t show advertising that involves data collection or take payment but you collect anonymised site statistics, it would be polite to let people know but is not transgressing the regulations.

I’d be interested to know what you think about the following situations, though:

  • People like you and me who advertise services via a homepage but don’t take any payments online or earn via the homepage through ads etc. We have personal sites as individuals and are legally-speaking economic entities even when self-employed/sole traders, but we do not earn through our sites nor take or pass on data used in conjunction with our economic activity. My feeling is that anonymised stats and server logs is not a problem as they are not processed or profiled for economic gain but it would be polite/prudent to inform users.
  • Advertising that is paid but doesn’t process any personal data, e.g. like “The Deck” used to be or what Gruber now does manually on Daring Fireball. As far as I am aware, there is no cookie involved, but it is feasible that Gruber – or the respective advertiser – collects data on clicks on the ad. That may or may not count as processed personal data, e.g. counting the number of clicks is non-personalised, communicating the referrer is arguably non-personalised but passing the ip of the clicker is personalised.

TXP Builders – finely-crafted code, design and txp

Offline

#270 2018-05-14 08:30:15

phiw13
Plugin Author
From: Japan
Registered: 2004-02-27
Posts: 1,578
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

jakob wrote #311734:

I’m thinking along the same line as you, regarding your first bulleted list.

As far as I understand it, your, mines, Destroys personal website, describing and advertising our services, we’re good to go, as long as we don’t collect money directly. The contact form needs to make clear what it collects though (by filling in the form and pressing the Send button, there is an implied consent for collecting the email address).

Regarding you “The Deck” type of advertisement, that is a tricky tricky thing.

(I am of course not a legal eye, the bit of law classes I followed was 30+ years ago)

Offline

Board footer

Powered by FluxBB