You are not logged in.

#1 2018-06-15 10:16:34

Spirit
Administrator

Help wanted for GDPR compliance

So Quaddicted and QuakeWiki need a privacy policy and all that. I could use some help from anyone experienced or enthusiastic about that. Post here if you are willing to invest time and sweat into it and prepare to hold my hand. I would create a new subforum for coordination if needed. Thanks!

#2 2018-07-10 17:51:02

Spirit
Administrator

Re: Help wanted for GDPR compliance

This is a serious, scary issue and I need competent help on it. Otherwise it will be good bye to these sites to protect my personal safety.

#3 2018-07-10 18:32:17

dumptruck_ds
Member

Re: Help wanted for GDPR compliance

I assume you are not running Quaddicted as a business. All I see is information for businesses. I'd be happy to pitch in $ for you to hire a consultant.

An interactive "self assessment"
https://ico.org.uk/for-organisations/re … ssessment/

Last edited by dumptruck_ds (2018-07-10 18:39:21)

#4 2018-07-10 19:20:16

Gez
Guest

Re: Help wanted for GDPR compliance

Feel free to look at the Doom Wiki and perhaps contact Quasar.

#5 2018-07-11 13:37:13

Quasar
Guest

Re: Help wanted for GDPR compliance

I'll definitely second what Gez said. For the Doom Wiki, we have basically copied the WMF's privacy policy, with a couple of additions we felt were necessary due to differences between the way we run things and the way they do (for example, they don't allow video embedding from YouTube on Wikipedia, so that's an example of something we need to spell out).

#6 2018-07-12 06:56:00

Spirit
Administrator

Re: Help wanted for GDPR compliance

Thanks you guys! I'll try to adapt the Doom Wiki page for Quake Wiki but I guess we also need all that cookie warning stuff?

For Quaddicted it's more complicated, considering the file archive where personal details can be in every zip, etc... :\

#7 2018-07-12 19:11:59

Gez
Guest

Re: Help wanted for GDPR compliance

Any personal information placed in the text files for the mods that are archived there was volunteered by the people who wrote the text file and send it for archiving there. It's entirely under users' control. Worst case, allow people to contact you to edit hosted files to remove information they'd want to see removed, if they cannot already update the files by themselves. From what I see on the public browsing interface, the "author" field can be pretty much anything (including a team name), the "homepage" field doesn't have to be filled, and none of the other fields appear to contain personal information.

#8 Yesterday 16:09:30

Spirit
Administrator

Re: Help wanted for GDPR compliance

Could someone else please take a look at Doom Wiki's policy and adapt it for Quake Wiki? Just add the page there and make sure it applies. Ask if you need information about logs and such.

For Quaddicted I don't think it is as easy as Gez suggests. I don't know enough about GDPR and the fear-mongering about it is widespread. File editing is never going to happen with me, nor would I remove releases or information from their readme files.

I'll probably follow some other sites' approach and block European IPs as potential countermeasure next month as interim solution. :(

#9 Yesterday 18:48:59

negke
Moderator

Re: Help wanted for GDPR compliance

Blocking users on a site like this sounds like an overreaction.
We'll have to do some digging - maybe there's some official place to ask?

As far as I know, the following things may be of concern:

  • IP logging - which has been deactivated for years here

  • Email adresses - for the forum/DB accounts, not publically visible

  • Personal information in releases/readmes - sometimes real names and email addresses; however, the files were uploaded voluntarily by the authors (and moreso they are only mirrored on Quaddicted); this may not count as collection of personal data by the site?

  • Third-party sites accessing/logging user data - e.g. embedded stuff like ads (no such thing here) or social media buttons which afaik are regular links on this site, with locally hosted images.

  • Monetary aspects possibly? - e.g. the donation button, I don't really know if it's relevant

  • Transparency statement - some sort of legal notice ("Impressum") and information on what kind of data is stored; needs to be easily accessible, ideally from every page

Quick reply

Write your message and submit
Are you human or robot? If you have trouble, mail to spirit åt quaddicted døt c

Checking if this is requested by a real person and not an automated program.

Board footer