Stephan Gebbers Posted February 19, 2018 Share Posted February 19, 2018 3 minutes ago, Dan Cole said: I'm no lawyer but I'm not sure this is true. As I understand it, the EU or any country for that matter only has the ability to write laws governing their own people...they can't impose laws or rules on the citizens of other countries nor could they enforce them. Dan Yes they can and they already did. Take a look at the VAT Rules if you sell digital services or digital goods into EU. You would have to register with one EU Country for VAT Moss and report for every tax rate on every eu country how much vat you added while selling to a eu customer. Sure, what the EU can do regarding non EU business not doing as regulated by EU is limited. Link to comment Share on other sites More sharing options...
burt Posted February 19, 2018 Share Posted February 19, 2018 12 minutes ago, Dan Cole said: I'm no lawyer but I'm not sure this is true. As I understand it, the EU or any country for that matter only has the ability to write laws governing their own people...they can't impose laws or rules on the citizens of other countries nor could they enforce them. Dan It's true Dan. https://www.forbes.com/sites/forbestechcouncil/2017/12/04/yes-the-gdpr-will-affect-your-u-s-based-business/#607bdeae6ff2 The link also clearly states that my previous post is incorrect. f some random french guy buys from you while he is outside the EU, GDPR does not apply. I guess: collect the IP address to prove it. Quote Accepting currency of that country and having a domain suffix -- say a U.S. website that can be reached with a .nl from the Netherlands -- would certainly seal the case. That is super interesting. Do you accept Euro or GBP on your site(s) ? Yikes. Quote This can get more complicated when a customer signs up for a service or buys something. The vendor will need to obtain explicit permission for each type of processing done on the personal data (i.e., email promotions or sharing with third-party affiliates will have separate checkboxes). Sounds like a separate checkbox needed for all external stuff; [ ] can we mailchimp you [ ] can we use Paypal [ ] can we Maxmind [ ] can we blah blah Link to comment Share on other sites More sharing options...
Stephan Gebbers Posted February 19, 2018 Share Posted February 19, 2018 9 minutes ago, MrPhil said: Can you imagine if even a small percentage of people in the EU suddenly demand that all their forum/blog posts, reviews, endorsements, tweets, etc. be immediately deleted? It will be chaos, but the GDPR says they can. Can you imagine having to ask people for permission to pass their shipping address on to the Post Office or shipping company? The intent (to protect privacy) is noble, but the execution is seriously flawed. It's one thing to implement reasonable data protection and privacy rules, but the GDPR goes beyond the Pale. maybe that is what we eu citizens should do. use the system and request data 24/7 until it becomes clear that it is stupid :) Link to comment Share on other sites More sharing options...
burt Posted February 19, 2018 Share Posted February 19, 2018 1 minute ago, Stephan Gebbers said: maybe that is what we eu citizens should do. use the system and request data 24/7 until it becomes clear that it is stupid :) I can tell you now, that I will be causing so much trouble to every site I ever signed up to... Maybe we all should ? Link to comment Share on other sites More sharing options...
Stephan Gebbers Posted February 19, 2018 Share Posted February 19, 2018 1 minute ago, burt said: I can tell you now, that I will be causing so much trouble to every site I ever signed up to... Maybe we all should ? sure, but no oscommerce stores ;) Link to comment Share on other sites More sharing options...
Stephan Gebbers Posted February 19, 2018 Share Posted February 19, 2018 6 hours ago, burt said: It would be really cool if you emailed these two companies, asking for their advice... When/if you get a reply post it back to this thread... I *guess* you will need to have extra tickboxes asking for customers permission to send some details to maxmind/fraudlabs. What customer details are sent? I have never used either of these, so I don't know... i just contacted maxmind with a request how they are prepared for GDPR (DSGVO in Germany). They are on it and plan to be ready in Q1 they say. And if i have any specific questions i can send my questions to their support. Link to comment Share on other sites More sharing options...
Dan Cole Posted February 19, 2018 Share Posted February 19, 2018 12 minutes ago, burt said: It's true Dan. I'm not convinced....I would love to see an article addressing the legal aspects of it, especially one written by an authority outside the EU. Fortunately I don't sell of ship anything outside of Canada or the US so I don't have to worry about it. Dan Need help? See this thread and provide the information requested. Is your version of osC up to date? You'll find the latest osC community version (CE Phoenix) here. Link to comment Share on other sites More sharing options...
Stephan Gebbers Posted February 19, 2018 Share Posted February 19, 2018 https://2016.export.gov/europeanunion/marketresearch/sellingusproductsandservicesintheeu/index.asp https://www.bizjournals.com/milwaukee/news/2018/02/02/many-u-s-businesses-will-be-surprised-to-discover.html Link to comment Share on other sites More sharing options...
♥14steve14 Posted February 19, 2018 Author Share Posted February 19, 2018 1 hour ago, burt said: I can tell you now, that I will be causing so much trouble to every site I ever signed up to... Maybe we all should ? Gary. If you emailed every one of them and they all asked for proof of your identity before they will let you know you would regret contacting them all. It would also waste your time. REMEMBER BACKUP, BACKUP AND BACKUP Link to comment Share on other sites More sharing options...
Dan Cole Posted February 19, 2018 Share Posted February 19, 2018 I did a little more research and it looks like there is an agreement between the EU and US which might account for the EUs over reach on this. I also noted that the US has complicated matters further but imposing obligations and sanctions for failing to preserve certain electronic data. Looks like this is getting to be a fairly complicated issue and it'll be interesting to see how this all plays out. https://www.inta.org/Advocacy/Documents/2017/Article - Compliance with the EU_S General Data Protection Regulation and US Discovery Law.pdf Dan Need help? See this thread and provide the information requested. Is your version of osC up to date? You'll find the latest osC community version (CE Phoenix) here. Link to comment Share on other sites More sharing options...
♥14steve14 Posted February 20, 2018 Author Share Posted February 20, 2018 From the webinar I took part in, it seems that you need to get explicit consent to store the data. When getting that consent you have to link to your privacy policy which should detail what you will do with that data once you have it, and how you will protect it. You don't need to ask for consent every time as they have already agreed to how you use it. One idea that was agreed that could eliminate some confusion for customers is to have pop up boxes when a customers clicks on say the email box when creating an account with a short bit of text as to why you need to give that information.The box would then disappear when they start typing assuming that they read it. What was stressed as being very important was storing the date that consent was given, which oscommerce could do as it records the date that the account was created. As long as there is a checkbox on that page then all should be fine. There will be a lot more confusion to come yet. It will be good to see what some of the larger websites do. REMEMBER BACKUP, BACKUP AND BACKUP Link to comment Share on other sites More sharing options...
burt Posted February 20, 2018 Share Posted February 20, 2018 12 hours ago, 14steve14 said: Gary. If you emailed every one of them and they all asked for proof of your identity before they will let you know you would regret contacting them all. It would also waste your time. It was a bit tongue-in-cheek. Although I do get a lot of spam mail from one particular place I signed up to, so hopefully I can stop that. Link to comment Share on other sites More sharing options...
♥Moxamint Posted February 25, 2018 Share Posted February 25, 2018 Hi, Is using Google Analytics module in osC considered GDPR's definition of profiling using personal information ? Thanks in advance for your input. Eddy Link to comment Share on other sites More sharing options...
burt Posted February 25, 2018 Share Posted February 25, 2018 7 hours ago, Moxamint said: Hi, Is using Google Analytics module in osC considered GDPR's definition of profiling using personal information ? Thanks in advance for your input. Eddy I don't use GA so I dont know the answer... But, what customer data is sent to the Google Servers? If you can find that out, we can at least make an educated guess. Link to comment Share on other sites More sharing options...
♥John W Posted February 27, 2018 Share Posted February 27, 2018 The Google Analytics data doesn't contain any personal data, but you can figure out who some people are with transactions. I'm not really a dog. Link to comment Share on other sites More sharing options...
ArtcoInc Posted February 27, 2018 Share Posted February 27, 2018 If ... you are a store owner, anywhere in the world, and are running the community version of osC (Gold or Edge) ... I strongly urge you to sign up for the 28-days code bundle that @burt has here: The GDPR modules alone (days 16, 18, and 24) are worth the price of admission! (plus, you'd be helping with the development of the software that you are using to run your businesses) Malcolm Link to comment Share on other sites More sharing options...
ArtcoInc Posted March 7, 2018 Share Posted March 7, 2018 *** update *** @burt has added two additional bonus GDPR modules to his 28-days bundle (as well as some other additional bonuses), making this bundle even more valuable! It's not too late to: 1) get these GDPR modules for your store, and 2) help support and move osCommerce to the next level! Malcolm Link to comment Share on other sites More sharing options...
♥14steve14 Posted March 9, 2018 Author Share Posted March 9, 2018 GDPR modules Thinking about GDPR some more and looking at some of the modules Gary has created, I was thinking about the contact us form. Should there be a box warning or consent check box on that page as the name, email and possibly phone number could be kept for future contact. The same sort of thing with the product notification page. Not too sure both pages have been set up to allow modules to be added to them, but should something be done just to cover business owners. REMEMBER BACKUP, BACKUP AND BACKUP Link to comment Share on other sites More sharing options...
burt Posted March 10, 2018 Share Posted March 10, 2018 On 3/9/2018 at 9:37 AM, 14steve14 said: GDPR modules Thinking about GDPR some more and looking at some of the modules Gary has created, I was thinking about the contact us form. Should there be a box warning or consent check box on that page as the name, email and possibly phone number could be kept for future contact. The same sort of thing with the product notification page. Not too sure both pages have been set up to allow modules to be added to them, but should something be done just to cover business owners. Hoping that [sooner rather than later], these sorts of ideas will come up for discussion and then whatever is decided needs doing...can be coded up in time for the GDPR start date. Link to comment Share on other sites More sharing options...
burt Posted March 10, 2018 Share Posted March 10, 2018 ps, split the last two posts off and into this thread as this thread is the more important (and visible) thread. Hope thats OK @14steve14 Link to comment Share on other sites More sharing options...
burt Posted March 10, 2018 Share Posted March 10, 2018 On 2/27/2018 at 3:38 PM, John W said: The Google Analytics data doesn't contain any personal data, but you can figure out who some people are with transactions. IP address ? Link to comment Share on other sites More sharing options...
♥John W Posted March 10, 2018 Share Posted March 10, 2018 No, it doesn't give ip info, but you can track order id numbers. it does have session tracking where you can see people over multiple sessions and their paths and actions. Also shows search terms they choose. All anonymous data though. I'm not really a dog. Link to comment Share on other sites More sharing options...
tgely Posted March 12, 2018 Share Posted March 12, 2018 Hi all, we definetly need anonimity process in admin backup download process and in account delete requests. I think that the best would be a database field selector where we could select the relevant fields to clear. There would be an admin setup page and this rules table could be used in account anonimity or special database export process. As developer I dont want to be in personal data incident when I use client's database on my development enviroment. So I start to develop an admin security module for v2.3.4 core. Why admin setup page? because there are different database installation everywhere so we dont have general rules to do it safety. First list of sensitive fields {"action_recorder":["user_name","identifier"],"address_book":["entry_firstname","entry_lastname","entry_street_address"],"customers":["customers_firstname","customers_lastname","customers_email_address"],"orders":["customers_name","customers_street_address","customers_email_address","delivery_name","delivery_street_address","billing_name","billing_street_address"],"orders_status_history":["comments"],"reviews":["customers_name"]} osCommerce based shop owner with minimal design and focused on background works. When the less is more.Email managment with tracking pixel, package managment for shipping, stock management, warehouse managment with bar code reader, parcel shops management on 3000 pickup points without local store. Link to comment Share on other sites More sharing options...
tgely Posted March 15, 2018 Share Posted March 15, 2018 Datatable field selector page is ready. Now I am working on field rule selectors and research. I will push it on github later.Required anonimity rules of sensitive fields rename, delete, changeNames - anonim name rule Don Joe -> anonim Street address -> anonimEmail - anonim provider rule [email protected] -> [email protected] (we can touch the email provider for stats later)Birthday - anonim date rule 1992-02-18 -> reset to year first day value (1992-01-01)IP address - anonim regio rule 192.168.1.1 -> 192.0.0.0 (keep the main interval for stats) what else? Please if you have any idea post here osCommerce based shop owner with minimal design and focused on background works. When the less is more.Email managment with tracking pixel, package managment for shipping, stock management, warehouse managment with bar code reader, parcel shops management on 3000 pickup points without local store. Link to comment Share on other sites More sharing options...
tgely Posted March 16, 2018 Share Posted March 16, 2018 GDPR modules, setup and backup functionality are ready so there is an easy way to develop customer GDPR compatible anonimity account module osCommerce based shop owner with minimal design and focused on background works. When the less is more.Email managment with tracking pixel, package managment for shipping, stock management, warehouse managment with bar code reader, parcel shops management on 3000 pickup points without local store. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.