@ Mods? Nyx? Anyone?

[Marilyn]

Because it’s illegal. Guess you didn’t actually read my post. It is the site’s responsibility to comply with these matters and they aren’t doing so. Blaming it on their own shitty infrastructure is not a good enough reason.

Why do you keep posting here then?

[Rocking Horse Fly]

I mean if it's illegal, it's illegal. They have to comply to the law whether it fucks up the site or not. So theoretically that's a valid argument, if we're talking about privacy concerns and not just addiction.

Regarding the latter, we're all supposed to be adults here, responsible for our choices, and even if someone's account was deleted noone stops them from creating another one or just looking at the forum without registering. Even if you got IP banned you could just use a different device, so it's not like the mods can do much about that.

[honeycrisp]

It's not illegal, it's in the Terms of Use that PULL owns the data. Something you agree to before you can even make your account. It's perfectly legal for websites to never delete accounts. Do you just ignore the contracts you agree to when signing up for websites or......?

[RdR]

Actually GDPR is a big part of my IRL job and, in very simplistic terms, if a PULL user were to request that their data was erased from the website, EU law is that they would have to comply IF they're storing data on EU citizens and it gets a bit trickier from there on out. Some US websites I've used (especially online shops) have actually ceased trading with EU customers because they can't comply with these new laws, specifically Article 3. It's unfortunately not as simple as 'but it's in the TOS!!!!' because legally someone can't sign a contract which already breaks a law. Now for me the majority of websites have a big 'WE'RE COLLECTING YOUR COOKIE INFORMATION HOLY MOLEY JUST TO MAKE YOU AWARE IF YOU DON'T WANT US TO DO THIS PLEASE GO AWAY GDPR GDPR GDPR!' button slapped across them.

I presume that PULL at the very least would store IP addresses? If so the admins should probably be able to delete and wipe an account at the request of someone residing in the EU or they might get fined but eh, I've not heard of an online forum being subject to such and GDPR is more to regulate businesses and those selling and pushing user data onwards so I guess it's one of those things where TECHNICALLY it's not compliant but the likelihood of PULL getting slamdunked is mini.

[honeycrisp]

Actually GDPR is a big part of my IRL job and, in very simplistic terms, if a PULL user were to request that their data was erased from the website, EU law is that they would have to comply IF they're storing data on EU citizens and it gets a bit trickier from there on out. Some US websites I've used (especially online shops) have actually ceased trading with EU customers because they can't comply with these new laws, specifically Article 3. It's unfortunately not as simple as 'but it's in the TOS!!!!' because legally someone can't sign a contract which already breaks a law. Now for me the majority of websites have a big 'WE'RE COLLECTING YOUR COOKIE INFORMATION HOLY MOLEY JUST TO MAKE YOU AWARE IF YOU DON'T WANT US TO DO THIS PLEASE GO AWAY GDPR GDPR GDPR!' button slapped across them.

I presume that PULL at the very least would store IP addresses? If so the admins should probably be able to delete and wipe an account at the request of someone residing in the EU or they might get fined but eh, I've not heard of an online forum being subject to such and GDPR is more to regulate businesses and those selling and pushing user data onwards so I guess it's one of those things where TECHNICALLY it's not compliant but the likelihood of PULL getting slamdunked is mini.

So I read through that and it seems like as long as they're requesting consent to collect the data and are clear how it's being used/store they're compliant, if they haven't included that in the TOS then they need to rectify the issue by providing an option for how data is stored for the user. Pretty much seems like as long as EU users can request to be forgotten and those terms are clear then it's chill.

[RdR]

So I read through that and it seems like as long as they're requesting consent to collect the data and are clear how it's being used/store they're compliant, if they haven't included that in the TOS then they need to rectify the issue by providing an option for how data is stored for the user. Pretty much seems like as long as EU users can request to be forgotten and those terms are clear then it's chill.

Yes correct! EU citizens have, under GDPR, what is known as the 'Right to Erasure' which means if they ask someone who is storing their personal data (name, address, birthday, IP address, etc.) to tip it off their database into the digital ocean you (normally, there are some exceptions and naturally they're very vague and wordy) have to comply within one month. So if an EU PULL member asks for all their data to be erased because they don't want it stored any more, a website needs to be compliant.

This also goes doubly so for children (and the definition of 'child' varies from EU country to EU country but can be as low as 13) who by GDPR guidelines cannot consent to having their data stored so woomp woomp I guess.

So basically:

- Be extremely transparant about what data is being collected, how it is stored and for what purpose.
- If someone from the EU goes 'delete me', whacking that YEET button within a month to be on the safe side.

[Biscuit]

Actually GDPR is a big part of my IRL job and, in very simplistic terms, if a PULL user were to request that their data was erased from the website, EU law is that they would have to comply IF they're storing data on EU citizens and it gets a bit trickier from there on out. Some US websites I've used (especially online shops) have actually ceased trading with EU customers because they can't comply with these new laws, specifically Article 3. It's unfortunately not as simple as 'but it's in the TOS!!!!' because legally someone can't sign a contract which already breaks a law. Now for me the majority of websites have a big 'WE'RE COLLECTING YOUR COOKIE INFORMATION HOLY MOLEY JUST TO MAKE YOU AWARE IF YOU DON'T WANT US TO DO THIS PLEASE GO AWAY GDPR GDPR GDPR!' button slapped across them.

I presume that PULL at the very least would store IP addresses? If so the admins should probably be able to delete and wipe an account at the request of someone residing in the EU or they might get fined but eh, I've not heard of an online forum being subject to such and GDPR is more to regulate businesses and those selling and pushing user data onwards so I guess it's one of those things where TECHNICALLY it's not compliant but the likelihood of PULL getting slamdunked is mini.

See, THAT is how you argue a claim. Calmly, politely, and with sources.

In any case, PULL is based in the US. So there’s that.

I’m not sure if I can look at the TOS without trying to create another account which is against the rules and I haven’t been able to find a link to anything at least on my phone. There’s a tab that says “guidelines” but it tells me I don’t have permission to view even though I’m logged in.

In any case, @Nyx might want to consider reviewing the TOS to ensure its legality just in case.

Edited Friday at 11:11 PM by Biscuit

[Filthy Angel]

Yes correct! EU citizens have, under GDPR, what is known as the 'Right to Erasure' which means if they ask someone who is storing their personal data (name, address, birthday, IP address, etc.) to tip it off their database into the digital ocean you (normally, there are some exceptions and naturally they're very vague and wordy) have to comply within one month. So if an EU PULL member asks for all their data to be erased because they don't want it stored any more, a website needs to be compliant.
This also goes doubly so for children (and the definition of 'child' varies from EU country to EU country but can be as low as 13) who by GDPR guidelines cannot consent to having their data stored so woomp woomp I guess.

So basically:

- Be extremely transparant about what data is being collected, how it is stored and for what purpose.
- If someone from the EU goes 'delete me', whacking that YEET button within a month to be on the safe side.

If I could give you five million likes I could. Bravo!

Also thank you for teaching me something new! Even though I live in the US this is good to know!

[honeycrisp]

Yes correct! EU citizens have, under GDPR, what is known as the 'Right to Erasure' which means if they ask someone who is storing their personal data (name, address, birthday, IP address, etc.) to tip it off their database into the digital ocean you (normally, there are some exceptions and naturally they're very vague and wordy) have to comply within one month. So if an EU PULL member asks for all their data to be erased because they don't want it stored any more, a website needs to be compliant.
This also goes doubly so for children (and the definition of 'child' varies from EU country to EU country but can be as low as 13) who by GDPR guidelines cannot consent to having their data stored so woomp woomp I guess.

So basically:

- Be extremely transparant about what data is being collected, how it is stored and for what purpose.
- If someone from the EU goes 'delete me', whacking that YEET button within a month to be on the safe side.

You learn something new everyday, very cool thank you RdR!

[Qualle]

I'm pretty sure PULL shouldn't even be online anymore in the EU since it's breaking so many rules of GDPR, but it's way too small for the authorities to care about it much (especially because the page isn't earning money). It's the annoying popups about allowing cookies and what not on every homepage that allows the usage of those here in Europe. PULL doesn't have that, but PULL also doesn't have a page with legal information which is one of the other big musts over here now or they can just take your website down. Just one of those things the admins should be working on I guess 🤷‍♀