Advertisement:

Author Topic: GDPR Compliance and Osclass script  (Read 14057 times)

Aficionado

  • Guest
Re: GDPR Compliance and Osclass script
« Reply #180 on: May 08, 2018, 09:01:56 pm »
Why a user need download from your own data information? He can see what he did on registration account, and on your profile settings, inclusive delete your own account.

So in your opinion what missing? Because I see a lot of information here, but I don't see anything like a list job to do a plugin.

Regards

Because GDPR says so. Users should be able to get their data in downloadable format (still i haven't seen that anywhere).

An other thing missing is the way we MUST alert users in case of a hack or something. No way to do that with Osclass and even if there was a way, i have thousands of users and mass email them is not tecnically possible (for me).


calinbehtuk

  • Sr. Member
  • ****
  • Posts: 445
Re: GDPR Compliance and Osclass script
« Reply #181 on: May 08, 2018, 09:03:39 pm »
The easy way to check what you need to provide to your users is to see on google or facebook. A simple html format of the page, i think that this is not enough.
It simple, go in your google or facebook account and you will find the option to export your data.

Aficionado

  • Guest
Re: GDPR Compliance and Osclass script
« Reply #182 on: May 08, 2018, 09:04:05 pm »


The issue remain with the option to export the data stored. You have to provide this on your users. And here is the issue. All the ads and images and the stored data which is related with the user.

maybe some kind of ZIPing all together the images and the exported text ?

calinbehtuk

  • Sr. Member
  • ****
  • Posts: 445
Re: GDPR Compliance and Osclass script
« Reply #183 on: May 08, 2018, 09:05:28 pm »


The issue remain with the option to export the data stored. You have to provide this on your users. And here is the issue. All the ads and images and the stored data which is related with the user.

maybe some kind of ZIPing all together the images and the exported text ?

Google and facebook provide a zip archive with this data.

fog

  • Hero Member
  • *****
  • Posts: 1062
Re: GDPR Compliance and Osclass script
« Reply #184 on: May 08, 2018, 09:07:11 pm »
Why a user need download from your own data information? He can see what he did on registration account, and on your profile settings, inclusive delete your own account.

Right to access:

He have access to your own info. He can copy all information in an electronic format. He can: erase, edit, Copy/paste and save is not enought to him? He have a computer, so the minimal he can do is save the file on notpad.

To right to be forgotten:

Another option in profile settings to user choose. Admin need be alerted when the options was edited by user.

I don't see anything special to do on user side to follow the rules, just simple things to do. Just my opinion.

A simple free plugin can do that, by hooks, no need change current theme.

So in your opinion what missing? Because I see a lot of information here, but I don't see anything like a list job to do a plugin.

Regards
Read the topic from the begining. You will find some replies from me with basic solutions, except the data stored by plugins.


Regarding forgoting the user, I gues deletion of it's account resolves that, among anonymisation. What do you think?


I not will read all pages of this topic.  ???

I think is more easy, if someone can create a list, is just a start to try do something.

If user delete own account all ads related and all information will be deleted. You can try use a subdomain and clone your website content with your users, and delete their accounts, to check that. On database I think not exists duplicate content, or something similar to do store these type of information.

To users not registered, these data, I no idea, I never checked before for this type of content, what exists on database with that or temporary, etc. But it need be temporary, or no make sense to store data not used.

I back later to this topic, now I need leave.

Regards

marius-ciclistu

  • issues
  • Hero Member
  • *
  • Posts: 1619
  • "BE GRATEFUL TO THOSE THAT SUPPORTED YOU"
Re: GDPR Compliance and Osclass script
« Reply #185 on: May 08, 2018, 09:08:58 pm »
I'll try to make a static page unlisted in footer, in wich to dump all user related data( user profile and items) that when finishes loading prompts the user to save it as html page, thus saving all the images from it in a folder. It will not load the host server with archives etc.

Aficionado

  • Guest
Re: GDPR Compliance and Osclass script
« Reply #186 on: May 08, 2018, 09:11:55 pm »
Ok i tried that on Facebook. After my request i got an email that my "archive" is currently building and i will be notified.

One minute later, i was able to download a ZIP file, with everything in HTML format.




marius-ciclistu

  • issues
  • Hero Member
  • *
  • Posts: 1619
  • "BE GRATEFUL TO THOSE THAT SUPPORTED YOU"
Re: GDPR Compliance and Osclass script
« Reply #187 on: May 08, 2018, 09:15:15 pm »
@fog SO is the deletion of user and item solving the forgot rule?

@Aficionado I think html format is good for export.

@Calin What is your opinion?

calinbehtuk

  • Sr. Member
  • ****
  • Posts: 445
Re: GDPR Compliance and Osclass script
« Reply #188 on: May 08, 2018, 09:19:25 pm »
Ok i tried that on Facebook. After my request i got an email that my "archive" is currently building and i will be notified.

One minute later, i was able to download a ZIP file, with everything in HTML format.





Yes.But all the data is in your pc in those folders. Images and style. This will be hard.

@fog SO is the deletion of user and item solving the forgot rule?

@Aficionado I think html format is good for export.

@Calin What is your opinion?

As long as the data is in that archive and the html page does not have to take pictures or style from the original site. I think it will be okay.

marius-ciclistu

  • issues
  • Hero Member
  • *
  • Posts: 1619
  • "BE GRATEFUL TO THOSE THAT SUPPORTED YOU"
Re: GDPR Compliance and Osclass script
« Reply #189 on: May 08, 2018, 09:25:28 pm »
Good.

I export now the user data , except items like this

https://forums.osclass.org/general-help/gdpr-compliance-and-osclass/msg161276/#msg161276

I will post the solution including images, that will include this one.

EDIT.
I tested with blocked and published item on a new registered account.
Deleting the account deletes all ads.
« Last Edit: May 08, 2018, 09:31:10 pm by marius-ciclistu »

calinbehtuk

  • Sr. Member
  • ****
  • Posts: 445
Re: GDPR Compliance and Osclass script
« Reply #190 on: May 08, 2018, 09:31:25 pm »
This is Google, Facebook. Some big fish with resources. We are small, with little resources, so this will be hard for a small business. To allow a safe export of this data you have to store this on your server, and allow acces to that data oly to the right owner. Imagine if you have 1000 ads with images how much space this images  take from your server.

I see no option like this on olx. at least on olx.ro. But some extra info about data collection from google analytics and other services

marius-ciclistu

  • issues
  • Hero Member
  • *
  • Posts: 1619
  • "BE GRATEFUL TO THOSE THAT SUPPORTED YOU"
Re: GDPR Compliance and Osclass script
« Reply #191 on: May 08, 2018, 09:37:41 pm »
This is Google, Facebook. Some big fish with resources. We are small, with little resources, so this will be hard for a small business. To allow a safe export of this data you have to store this on your server, and allow acces to that data oly to the right owner. Imagine if you have 1000 ads with images how much space this images  take from your server.

I see no option like this on olx. at least on olx.ro. But some extra info about data collection from google analytics and other services

That's why I'll make this solution with a new page in which all the data will be published only for the logged user.

p206ab

  • Sr. Member
  • ****
  • Posts: 335
Re: GDPR Compliance and Osclass script
« Reply #192 on: May 08, 2018, 09:57:37 pm »
This is Google, Facebook. Some big fish with resources. We are small, with little resources, so this will be hard for a small business. To allow a safe export of this data you have to store this on your server, and allow acces to that data oly to the right owner. Imagine if you have 1000 ads with images how much space this images  take from your server.

I see no option like this on olx. at least on olx.ro. But some extra info about data collection from google analytics and other services

What if you ZIP it on request and then its removed from the server after download? Basically a session file of some kind.
Does anyone know if there is a helper in form if(cookies=accepted) do this... then we would be able to put this over all scripts that make third-party cookies to prevent the load before accepting cookies.

As for other data, contact form should only include a note that data won't be stored and only used for email communication from buyer to seller.

fog

  • Hero Member
  • *****
  • Posts: 1062
Re: GDPR Compliance and Osclass script
« Reply #193 on: May 08, 2018, 10:10:34 pm »
Quote from: marius-ciclistu
@fog SO is the deletion of user and item solving the forgot rule?

If you not have any special plugin to store any data of user, in a different custom table, yes, deleting account will erase all.

marius-ciclistu

  • issues
  • Hero Member
  • *
  • Posts: 1619
  • "BE GRATEFUL TO THOSE THAT SUPPORTED YOU"
Re: GDPR Compliance and Osclass script
« Reply #194 on: May 08, 2018, 10:18:54 pm »
Ok. By chance, does any of you know how to load views in static page?
I know I saw in the forums in the past the solution but now I can't find it.

osc_user() returns nothing but osc_logged_user_id() works fine...