As you may (or may not) be aware, the EU last year passed a strong set of guidelines aimed at protecting individual data privacy rights.
Those guidelines are called “GDPR,” or General Data Protection Regulation, and they apply to any entity who collects or processes identifiable data from EU citizens (in short, almost everyone).
There are a few primary principles:
- Users must be notified specifically whenever data is being collected from them.
- Users have the right to delete or export the data you’ve collected in a “portable” format.
- Users have the right to revoke permission to collect data as easily as they give it.
Here is a link to the more detailed guidelines: https://ec.europa.eu/commissio...-protection-rules_en.
Here is what is considered “personal data” under the GDPR:
- a name and surname;
- a home address;
- an email address such as [email protected];
- an identification card number;
- location data (for example the location data function on a mobile phone);
- an Internet Protocol (IP) address;
- a cookie ID;
- the advertising identifier of a phone;
- data held by a hospital or doctor, which could be a symbol that uniquely identifies a person
Obviously, anyone using a modern community platform is collecting much of this data, either passively (cookies and IP address) or proactively (profile information). Therefore, Social Strata has been working to ensure that we provide the tools so that our customers can comply with GDPR.
We strongly recommend that you do your own internal audit and legal review of GDPR and how it might relate to your organization and community. Our goal is to make it easy for you to follow through on the privacy strategy you’ve chosen.
So what are we doing?
- We have already implemented an update that allows hoop.la members to delete themselves (their profile account) from a community. (https://hey.crowdstack.com/b...deactivation-release). Our current approach is to leave the posted content in-place when a user takes this action; leaving only “guest” as the author.
- We will be implementing a tool that allows members to download/export their own personal profile data and content (in csv format, for portability).
- We will be providing a mechanism for members to request deletion of all of their content by the admin (Right to be Forgotten). There will be an additional option for Admins to allow users to delete all of their content when deleting their own account.
- We will be making the affirmation/agreement to the TOS in your community discoverable (and revokable) after the member registers, via their profile settings. We will also provide options for the admin to enforce a ban if a member chooses to withdraw consent to your TOS, and for the member to delete themselves in this same process.
- Social Strata is part of the EU-US Privacy Shield framework.
We will be updating our own privacy policy in the coming months to ensure that we’re following the guidelines ourselves as well. Look for some additional blog posts here, to help you consider what you might need to tweak in your community’s TOS (for example, you’ll want to alert your members that their data is being processed by Social Strata, and for what purpose; you may want to include a link to our privacy policy as well).
We are committed to offering the updates described above prior to the May 25, 2018 deadline for compliance.
If you're interested in learning more about global privacy initiatives/regulations, this is another great resource: https://www.dlapiperdataprotection.com/
Stay tuned for additional updates!
Title image: Photo by Dayne Topkin on Unsplash
Comments (9)