• Hey Guest, don't forget to VOTE on each RFC topic. Your voting determine Chevereto development! No votes, no development.
  • Welcome to the Chevereto user community!

    Here users from all over the world gather around to learn the latest about Chevereto and contribute with ideas to improve the software.

    Please keep in mind:

    • 😌 This community is user driven. Be polite with other users.
    • 👉 Is required to purchase a Chevereto license to participate in this community (doesn't apply to Pre-sales).
    • 💸 Purchase a Pro Subscription to get access to active software support and faster ticket response times.

DSGVO/GDPR conformity request 2021

Jobsti

Chevereto Member
💡Describe your Feature request

Since the german DSGVO (and similar laws in the rest of EU), I think we need some Features/Optimisations.

1.)
• The Cookie-Hint should have an accept and decline button
• On decline the site should block all external cookies like google ads, analytics, matomo etc.
• At minimum, the X "close" should be an "Accept" button, but it has to Block other cookies.
• "Choose your cookies" would be the best way, but I think it's to complicated?!

2.)
• The Contact-Form needs a checkbox "I read and accept the terms", if not checked, you can't use the send-button.
• Same for Guest-Uploads (best on upload-site, where the user can choose the categorie and edit Imageinfos, below the green "Upload-Button")

3.)
• The User should have the option to delete his Account.
• Best with option "Keep files" and "delete my files". If keep, the pictures should be assigned to guest or change the Username to "guest" or "Deleted User"

4.)
• Because the user has the right to request all his stored information, it would be nice to have a button in the profile
to download all the user-information as CSV or TXT.

I have this option in my phpbb board, the user can download 2 csv:
  • All his stored Userinfos, like IP, last login, Browser, all profile fields. So everything about the user in the Database.
  • All his posted contet. I think on this site it should be the picturenames with date, Likes, Follows etc.

5.)
• A line in the profile with the date, the user has accepted the Privacy policy,
with a Revoke button.
• If the User clicked on Revoke, he can't use the site/features except his profile
• Admin-Option to list and remove/delete Users which revoked the Privacy policy (or Automatic remove after 14 days, with "keep" checkbox like 3. )

6.) All IP adresses have to be anonymized after a certain time (14 days for me)

7.)
• Litte other Request: an internal comment-system, so we don't have to use Disqus, which is better for everything above.

8.)
• Also Important: Option to report Images to Admin/moderation with a small reason text (or predefined dropdown reasons)
• Would be nice to have a new tab "reported" on the /moderate site.


👏Where did you saw this?

On many other sites in the EU and my own sites like my phpbb board.

Point 2:
dsgvocontact.png

Point 4 and 5:

Bild_2021-04-15_175259.png


______________________________________________________________________________
If someone has some solutions an tips, please post it, I will try it out ;-)
Much thanks and greetings from germany.

Yes, I know, DSGVO/GDPR is very very annoying!
 
Last edited:
  • Like
Reactions: iyi
Those things are actually more important for EU Users than anyone can think of.
Some lawyers are just looking for pages like chevereto and those missing "points" to sue people. Those options or rather "features" need to find a way into chevereto, otherwise it's a high risk of usage of EU Users.

However, I do not agree with all points above, e.g. the IP Anonymization, that's something not requiered I think?
I agree with 1-5 and 7+8
 
I need each point with its corresponding legal background (link to the law). I don't know what is actually required and which are just nice haves you added on your own 🤔.
 
https://gdpr.eu/checklist/ is a good list, otherwise https://gdpr-info.eu/ is the entire law.

https://loyaltymatters.co.uk/website-gdpr-compliant/ - A practical guide, how to get your website GDPR compliant
you know that GPDR only applies to registered business? So if your site is a community or image host that is not a business then GPDR does not apply.

Since only registered company can get SUED over GPDR since it's a actual registered company. Private people cannot get sued or GPDR complained on.
 
That's not correct afaik, same as All German Websites need to have an 'Impressum'. And even if, for example as soon as you run ads on your site and gain money in any kind you'd have to register a Business as well. (I can just speak for Germany.)
 
For a small website to comply with GDPR is actaully very easy (yes no matter how big your Chev site is, on the scale of things it's small)

A good privacy policy is pretty much all you need, cover things like Ad networks you use, Analytics services or providers you use, list personal information you collect, in our case it's just email address and registration ip and as DarkTexas said above this does not need to be anonymized, good luck anonymizing your apache or nginx logs,

https://www.gdprprivacynotice.com/ there are many more also ;)
 
Last edited:
That's not correct afaik, same as All German Websites need to have an 'Impressum'. And even if, for example as soon as you run ads on your site and gain money in any kind you'd have to register a Business as well. (I can just speak for Germany.)
I disagree since I read and heard from many that GPDR only applies to business/corporations but not private people. So I'm just gona wait for correct info that actually shows it counts for private people too.
 
Hi @Rodolfo,

any update?
Informed consent is required from the beginning of 2022. For example, Google analytics is not a necessary cookie, and to activate it on the website, the user must agree to its use.
 
internetprofi,
Don't worry about it ;) think of the billions of sites that don't comply, they are not coming after you and never will 😆
 
Because everyone gives a damn about law stuff, even if important. Don't get me wrong, Rudolfo, but I think this is seen wrong.
I would not consider this as an RFC really, rather as a "request to make your software GDPR compliant". Nothing else.
 
For me this is no different from any other request, it needs voting. Also, I don't promote this software as being gdpr compliant in all countries so users know what they purchase.

If helps, I voted +1 for this. I will also link to this on the new upcoming blog update post as this needs to be seen by more users. If that doesn't trigger more attention from other users I don't know what else will do.
 
Anything new?
No news about this, but it got a decent voting. I realize that EU customers may need this when using the service for public purposes.

🚨 Keep in mind that a RFC with about 12 different requests will take years/decades to fill in and it is very hard to keep it on track. The reason why we always ask to fill in one request per RFC is to be able to divide and conquer, out of these 5 votes, on what of the we focus first? I understand these votes for cookie control, nothing else.

Regarding third-party cookies

Chevereto doesn't use third party cookies for its functionality, these are add-on codes configured by customers therefore, handling for third-party cookies should be also on client's end. Due to the complication of such editing it defaults falls back to us, but at this time we can't prioritize this for development. Will try on 4.X.

Contact form

There's a RFC here. Vote.

If it is a problem for you then disable contact page.

Guests uploads

There's an RFC here, also a customization guide in a linked post. I labeled the RFC to accepted, and it should arrive in V4.0 beta.

If it is a problem for you then disable guest uploads.

User deletion

User deletion is already available for admin. There are no plans to add it to normal users. There's an RFC here. Vote.

Data exporting

There's an admin tool that exports user metadata, not user data. There's an RFC here. Vote.

Report system

This has been requested and voted long ago, here. It is very likely that this will arrive on early 4.X.

...And for all the other minor points

I won't track anything else besides cookie usage in this RFC, there's too many requirements. Some requirements already had a previous RFC.

For the issues not mentioned in this reply feel free to open an RFC for each item.
 
Back
Top