• Hey Guest, don't forget to VOTE on each RFC topic. Your voting determine Chevereto development! No votes, no development.

DSGVO/GDPR conformity request 2021

Jobsti

Chevereto Member
💡Describe your Feature request

Since the german DSGVO (and similar laws in the rest of EU), I think we need some Features/Optimisations.

1.)
• The Cookie-Hint should have an accept and decline button
• On decline the site should block all external cookies like google ads, analytics, matomo etc.
• At minimum, the X "close" should be an "Accept" button, but it has to Block other cookies.
• "Choose your cookies" would be the best way, but I think it's to complicated?!

2.)
• The Contact-Form needs a checkbox "I read and accept the terms", if not checked, you can't use the send-button.
• Same for Guest-Uploads (best on upload-site, where the user can choose the categorie and edit Imageinfos, below the green "Upload-Button")

3.)
• The User should have the option to delete his Account.
• Best with option "Keep files" and "delete my files". If keep, the pictures should be assigned to guest or change the Username to "guest" or "Deleted User"

4.)
• Because the user has the right to request all his stored information, it would be nice to have a button in the profile
to download all the user-information as CSV or TXT.

I have this option in my phpbb board, the user can download 2 csv:
  • All his stored Userinfos, like IP, last login, Browser, all profile fields. So everything about the user in the Database.
  • All his posted contet. I think on this site it should be the picturenames with date, Likes, Follows etc.

5.)
• A line in the profile with the date, the user has accepted the Privacy policy,
with a Revoke button.
• If the User clicked on Revoke, he can't use the site/features except his profile
• Admin-Option to list and remove/delete Users which revoked the Privacy policy (or Automatic remove after 14 days, with "keep" checkbox like 3. )

6.) All IP adresses have to be anonymized after a certain time (14 days for me)

7.)
• Litte other Request: an internal comment-system, so we don't have to use Disqus, which is better for everything above.

8.)
• Also Important: Option to report Images to Admin/moderation with a small reason text (or predefined dropdown reasons)
• Would be nice to have a new tab "reported" on the /moderate site.


👏Where did you saw this?

On many other sites in the EU and my own sites like my phpbb board.

Point 2:
dsgvocontact.png

Point 4 and 5:

Bild_2021-04-15_175259.png


______________________________________________________________________________
If someone has some solutions an tips, please post it, I will try it out ;-)
Much thanks and greetings from germany.

Yes, I know, DSGVO/GDPR is very very annoying!
 
Last edited:

DarkTexas 🦄

Chevereto Member
Community Manager
Pro
Those things are actually more important for EU Users than anyone can think of.
Some lawyers are just looking for pages like chevereto and those missing "points" to sue people. Those options or rather "features" need to find a way into chevereto, otherwise it's a high risk of usage of EU Users.

However, I do not agree with all points above, e.g. the IP Anonymization, that's something not requiered I think?
I agree with 1-5 and 7+8
 

Rodolfo

⭐ Chevereto Godlike
Chevereto Staff
Administrator
I need each point with its corresponding legal background (link to the law). I don't know what is actually required and which are just nice haves you added on your own 🤔.
 

JakeSully

👽 Chevereto Freak
https://gdpr.eu/checklist/ is a good list, otherwise https://gdpr-info.eu/ is the entire law.

https://loyaltymatters.co.uk/website-gdpr-compliant/ - A practical guide, how to get your website GDPR compliant
you know that GPDR only applies to registered business? So if your site is a community or image host that is not a business then GPDR does not apply.

Since only registered company can get SUED over GPDR since it's a actual registered company. Private people cannot get sued or GPDR complained on.
 

DarkTexas 🦄

Chevereto Member
Community Manager
Pro
That's not correct afaik, same as All German Websites need to have an 'Impressum'. And even if, for example as soon as you run ads on your site and gain money in any kind you'd have to register a Business as well. (I can just speak for Germany.)
 

imghut

💖 Chevereto Fan
For a small website to comply with GDPR is actaully very easy (yes no matter how big your Chev site is, on the scale of things it's small)

A good privacy policy is pretty much all you need, cover things like Ad networks you use, Analytics services or providers you use, list personal information you collect, in our case it's just email address and registration ip and as DarkTexas said above this does not need to be anonymized, good luck anonymizing your apache or nginx logs,

https://www.gdprprivacynotice.com/ there are many more also ;)
 
Last edited:

JakeSully

👽 Chevereto Freak
That's not correct afaik, same as All German Websites need to have an 'Impressum'. And even if, for example as soon as you run ads on your site and gain money in any kind you'd have to register a Business as well. (I can just speak for Germany.)
I disagree since I read and heard from many that GPDR only applies to business/corporations but not private people. So I'm just gona wait for correct info that actually shows it counts for private people too.
 

internetprofi

Chevereto Member
Hi @Rodolfo,

any update?
Informed consent is required from the beginning of 2022. For example, Google analytics is not a necessary cookie, and to activate it on the website, the user must agree to its use.
 

imghut

💖 Chevereto Fan
internetprofi,
Don't worry about it ;) think of the billions of sites that don't comply, they are not coming after you and never will 😆
 

DarkTexas 🦄

Chevereto Member
Community Manager
Pro
internetprofi,
Don't worry about it ;) think of the billions of sites that don't comply, they are not coming after you and never will 😆
Dont get me wrong BUT German lawyers do specialise on this. Just Google the term "Abmahnanwälte".
 

DarkTexas 🦄

Chevereto Member
Community Manager
Pro
Because everyone gives a damn about law stuff, even if important. Don't get me wrong, Rudolfo, but I think this is seen wrong.
I would not consider this as an RFC really, rather as a "request to make your software GDPR compliant". Nothing else.
 

Rodolfo

⭐ Chevereto Godlike
Chevereto Staff
Administrator
For me this is no different from any other request, it needs voting. Also, I don't promote this software as being gdpr compliant in all countries so users know what they purchase.

If helps, I voted +1 for this. I will also link to this on the new upcoming blog update post as this needs to be seen by more users. If that doesn't trigger more attention from other users I don't know what else will do.
 
Top