can you at least require that they prove their identity before you take it down?
otherwise anyone can just ask anyone to take anything down claiming its their dox... such a slippery slope
That is already covered in the rule.
When the regulation does not apply
Your company is service provider based outside the EU. It provides services to customers outside the EU. Its clients can use its services when they travel to other countries, including within the EU. Provided your company doesn't specifically target its services at individuals in the EU, it is not subject to the rules of the GDPR.
Could this effectively be a work around?
Agreeing to data processing - consent
The GDPR applies strict rules for processing data based on consent. The purpose of these rules is to ensure that the individual understands what he or she is consenting to. This means that consent should be freely given, specific, informed and unambiguous by way of a request presented in clear and plain language. Consent should be given by an affirmative act, such as checking a box online or signing a form.
When someone consents to the processing of their personal data, you can only process the data for the purposes for which consent was given. You must also give them the opportunity to withdraw their consent.
Does consent get around this issue? If so we're right back to where we were about voting.
can you at least require that they prove their identity before you take it down?
otherwise anyone can just ask anyone to take anything down claiming its their dox... such a slippery slope
If Spatial had his way, all you'd have to do is be friends with the victim.
In such a setting, you wouldn't be able to request my dox down, but Xadem would be.
Turncoat, do you have any hobbies besides stewing in your own feces on these forums? Just curious.
They aren't really any better than this place when it comes to quality.
When the regulation does not apply
Your company is service provider based outside the EU. It provides services to customers outside the EU. Its clients can use its services when they travel to other countries, including within the EU. Provided your company doesn't specifically target its services at individuals in the EU, it is not subject to the rules of the GDPR.Could this effectively a work around?
It could only for non-EU members, but do you really want to start checking people's nationality now? And it would give an unfair advantage to non-EU members.
To me, that sounds like if your service gets only clients from the US, like a US bank, but they can still use your service while traveling, then it does not apply. But we have EU members.
Agreeing to data processing - consent
The GDPR applies strict rules for processing data based on consent. The purpose of these rules is to ensure that the individual understands what he or she is consenting to. This means that consent should be freely given, specific, informed and unambiguous by way of a request presented in clear and plain language. Consent should be given by an affirmative act, such as checking a box online or signing a form.
When someone consents to the processing of their personal data, you can only process the data for the purposes for which consent was given. You must also give them the opportunity to withdraw their consent.Does consent get around this issue? If so we're right back to where we were about voting.
Yeah, but they can revoke it. Which is why the rule requires a request from the doxxed person.
It is questionable if they can only revoke it for one piece of data, not for all, but if we assume they have to revoke all of it, then they must not use the forum, as thats the only way, they give consent by using the forum.
Maybe they can only request their doxes to be removed legally if they leave the forum. I am ok with that. We can have the vote for the people that chose to use the forum anyway. I may have to reread my TOS for this.
Here is another site:
so basicly all a mod has to do is claim someone proved their dox and they can delete w.e they want as a favor to their pals?
can you at least provide a log that shows a history of mod actions?
what must a user do to validate their identity to a mod? are the mods sworn to secrecy? will mods who leak info given to them for this reason be demodded if they leak that info elsewhere?
so basicly all a mod has to do is claim someone proved their dox and they can delete w.e they want as a favor to their pals?
can you at least provide a log that shows a history of mod actions?
what must a user do to validate their identity to a mod? are the mods sworn to secrecy? will mods who leak info given to them for this reason be demodded if they leak that info elsewhere?
"Doxed person" is any individual that has been uniquely identified by some collection of identifiers and the dox data relates to them.
I am capable of providing such a log.
When the regulation does not apply
Your company is service provider based outside the EU. It provides services to customers outside the EU. Its clients can use its services when they travel to other countries, including within the EU. Provided your company doesn't specifically target its services at individuals in the EU, it is not subject to the rules of the GDPR.Could this effectively a work around?
It could only for non-EU members, but do you really want to start checking people's nationality now? And it would give an unfair advantage to non-EU members.
"Your company is service provider based outside the EU."
Couldn't we use a host provider outside of the EU?
"Provided your company doesn't specifically target its services at individuals in the EU, it is not subject to the rules of the GDPR."
You don't specifically target EU individuals, they just happen to be members among other populations as well.
Agreeing to data processing - consent
The GDPR applies strict rules for processing data based on consent. The purpose of these rules is to ensure that the individual understands what he or she is consenting to. This means that consent should be freely given, specific, informed and unambiguous by way of a request presented in clear and plain language. Consent should be given by an affirmative act, such as checking a box online or signing a form.
When someone consents to the processing of their personal data, you can only process the data for the purposes for which consent was given. You must also give them the opportunity to withdraw their consent.Does consent get around this issue? If so we're right back to where we were about voting.
Yeah, but they can revoke it. Which is why the rule requires a request from the doxxed person.
It can't be as binding as a TOS agreement for signing up for and using the website?
How do they end up revoking what they just agreed to..?
It is questionable if they can only revoke it for one piece of data, not for all, but if we assume they have to revoke all of it, then they must not use the forum, as thats the only way, they give consent by using the forum.
Maybe they can only request their doxes to be removed legally if they leave the forum. I am ok with that. We can have the vote for the people that chose to use the forum anyway. I may have to reread my TOS for this.
We ought to look further into what goes into revoking.
