New Terms of Service

jtmagee

I’ll take a Latest Token for my Birthday!

Reecoh

Quebbster said:

Reecoh said:

Is there a law that requires them to ask us to cut & paste a URL to visit the page? Because if not I feel like the forum admins don't understand how to HTML.

It may not be possible for them to get the link to work in the announcement field. I bet if they could have made it clickable, they would have made it clickable.

I highly doubt this since the close "x" is an anchor tag.

Phumade and/or madoctor are probably closer to the real reason. It just one of those things that irritated me more than it probably should.

The_A_Train

BlackWidower said:

The_A_Train said:

They are doing this to be compliant with GDPR, so we can assume the information will be stored appropriately. 

I believe the DoB is commonly used as an unique identifier in the medical industry so i can see why you maybe shouldn't be passing it around. At the same time, HIPAA rules that roost and you can probably look to those regs for a more detailed explanation of the practices you were a part of.

The point of my (very long-winded - sorry) explanation was that, ethically, D3 should only store NECESSARY information.  Your day of birth (nor the month) is not necessary if you state you are born in 1945.

Like the person I quoted specified, a button that states, "I certify that I am 18 years or older" would suffice.
There are no such regulations in my country, so GDPR regulations are completely inconsequential.  Those that are required to provide such information should be identified via IP address.

No worries for being long winded, I understand. Just asking for the year of birth wouldn't do, though, since that leaves the company open to *almost* 18yo kids on the forum. A button might suffice, but I don't know the regs well enough to say for sure. Maybe it's too easy for the minors to say "I accidentally clicked that button", leaving D3 on the hook?

There might bot be GDPR regs in your country but they apply to every country. Any kind of opt-out would expose a company to greater harm than good, especially if the determination was based on an IP address.

The_A_Train

Taganov said:

The_A_Train said:

They are doing this to be compliant with GDPR, so we can assume the information will be stored appropriately. 

Oh, you sweet summer child . I did take some time to read their Privacy Notice, which is a huge part of GDPR compliance, and they mentioned that your username & password would be encrypted. No mention of PII being encrypted, though.

I guess I do tend to be naive on these things. My assumption is based on the penalties of a breach that is due to negligence. Not encrypting PII at rest or in motion, at least on public networks, would be negligent imo.