FlyerTalk Forums
Page 1 of 3
1
2
3
Show 40 post(s) from this thread on one page

FlyerTalk Forums (https://www.flyertalk.com/forum/index.php)
-   Technical Support and Feedback (https://www.flyertalk.com/forum/technical-support-feedback-386/)
-   -   GDPR compliance questions and discussion (https://www.flyertalk.com/forum/technical-support-feedback/1911089-gdpr-compliance-questions-discussion.html)

hailstorm May 25, 2018 5:54 am
GDPR compliance questions and discussion
 
On the https://www.flyertalk.com/forum/tech...ce-notice.html thread, it states:

Starting on or before May 25th, 2018, this site will become GDPR compliant in accordance with the EU GDPR regulation (Learn More).

If you are visiting this forum from an EU IP address, you will see a pop-up overlay that looks like this:
I don't think that this results in full compliance. GDPR rights are for EU citizens, not people that currently happen to be physically present within a European Union country. FlyerTalk admin especially should know that these people are all over the world.

JDiver May 25, 2018 8:34 am
1 Attachment(s)
Originally Posted by hailstorm (Post 29792773)
On the https://www.flyertalk.com/forum/tech...ce-notice.html thread, it states:



I don't think that this results in full compliance. GDPR rights are for EU citizens, not people that currently happen to be physically present within a European Union country. FlyerTalk admin especially should know that these people are all over the world.
I think that’s for the courts, not FT or IB administration, to decide, IMO. When I travel, I have certain rights as a US citizen. When I am in the EU, or anywhere else, those rights are generally superseded by local law. While GDPR rights may pretend to be portable, the facts of law seem to be contrary.

The issue that is getting traction in the EU, with at least four complaints filed against Facebook, Google, Instagram and WhatsApp, is whether sites can offer services to those within the EU by only offering an “all or nothing” (not merely agreeing to data collection related to the provision of service, but rather including data gathering for or by third parties, such as advertisers) acceptance policy in its TOU.

"The GDPR explicitly allows any data processing that is strictly necessary for the service - but using the data additionally for advertisement or to sell it on needs the users' free opt-in consent," said noyb.eu in a statement. Link to BBC article.
Does FT fully comply with GDPR? IANAL. That’s what IB legal will have to examine, depending on the EU courts’ decisions, I suspect. Particularly given several US news sites are currently unavailable to users within the EU because of GDLR requirements (link to BBC article).

SkiAdcock May 26, 2018 12:50 am
My 2 cents (so not enough to get you coffee at Starbucks): I think a lot of companies are taking a we don't know if you're in the EU or not approach, we're asking you to opt-in or opt-out or telling you what our privacy notice is across the board/protecting your privacy because it's easier to deal across the board than try to sort out EU etc. Heck, I've gotten privacy notices from multi-national firms as well as domestic firms, small-time book authors, local shops, etc.

BTW - for those unfamiliar w/ GDPR:

"What is the 'General Data Protection Regulation (GDPR)'

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). The GDPR sets out the principles for data management and the rights of the individual, while also imposing fines that can be revenue-based. The General Data Protection Regulation covers all companies that deal with data of EU citizens, so it is a critical regulation for corporate compliance officers at banks, insurers, and other financial companies. GDPR will come into effect across the EU on May 25, 2018."

hailstorm May 26, 2018 2:03 am
Exactly. This is the only forum that I frequent that has tried to filter required notices by IP address (an inexact science at best)

fransknorge May 26, 2018 1:04 pm
Well for the time being FT does not comply anyway, see Recital 43:

Recital 43
EU GDPR

(43) In order to ensure that consent is freely given, consent should not provide a valid legal ground for the processing of personal data in a specific case where there is a clear imbalance between the data subject and the controller, in particular where the controller is a public authority and it is therefore unlikely that consent was freely given in all the circumstances of that specific situation.

Consent is presumed not to be freely given if it does not allow separate consent to be given to different personal data processing operations despite it being appropriate in the individual case, or if the performance of a contract, including the provision of a service, is dependent on the consent despite such consent not being necessary for such performance.
=> Dossier: Consent

The black box that can not go away until “I agree” is ticked is illegal. There should be an option to disagree and continue using the service.

TomMM May 26, 2018 1:08 pm
Originally Posted by hailstorm (Post 29795465)
Exactly. This is the only forum that I frequent that has tried to filter required notices by IP address (an inexact science at best)
I am currently visiting in the EU and am receiving different levels of notices on sites I am registered on.(all US based sites) The most detailed notice listed each company that the site used and what information they shared with them. I was also able to select/deselect what site they shared my info with. Just for advertising purposes they used 72 companies!

I wouldn't mind having GDPR type regulation here.

airsurfer May 29, 2018 12:40 pm
This is annoying and violates GDPR.

The GDPR should allow the user to withhold unnecessary data tracking and only allow use of tracing which is absolutely necessary.

https://cimg9.ibsrv.net/gimg/www.fly...cfc0f0231b.png

fransknorge Jun 21, 2018 12:59 am
IB has absolutely no intention to respect GDPR. I got denied access to my personal data despite articles 2,15 and recitals 63,64 clearly stating this as a right.

IBJoel Jun 21, 2018 10:52 am
Originally Posted by fransknorge (Post 29889441)
IB has absolutely no intention to respect GDPR. I got denied access to my personal data despite articles 2,15 and recitals 63,64 clearly stating this as a right.
Frank, when/how did you request this data?

fransknorge Jun 21, 2018 12:10 pm
I did the request the 24th May 2018. IB denied it yesterday. The regulations put a deadline of 1 month from the initial request.
I did the request via the form provided on IB website, on the privacy policy page.

IBJoel Jun 21, 2018 12:55 pm
Originally Posted by fransknorge (Post 29891435)
I did the request the 24th May 2018. IB denied it yesterday. The regulations put a deadline of 1 month from the initial request.
I did the request via the form provided on IB website, on the privacy policy page.
I've PMed you

Sung Sam Jun 30, 2018 8:16 pm
Is Flyertalk GDPR compliant? Is there a way for EU resident to request their posts, replies, contributions, and accounts to be forgotten on Flyertalk?

Right to be Forgotten
Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. The conditions for erasure, as outlined in article 17, include the data no longer being relevant to original purposes for processing, or a data subjects withdrawing consent. It should also be noted that this right requires controllers to compare the subjects' rights to "the public interest in the availability of the data" when considering such requests.

JDiver Jul 1, 2018 8:31 am
With the archiving sites out there (waybackmachine at archive.org, etc.) there’s no such likelihood of “being forgotten”, IMO. A person could have every bit erased from FT, yet their posts could still be found.

Kagehitokiri Jul 1, 2018 9:42 am
FT's owner has counsel / teams for regulatory compliance

i hope EU regulations do not negatively impact archive.org

fransknorge Jul 1, 2018 12:57 pm
Originally Posted by Sung Sam (Post 29924783)
Is Flyertalk GDPR compliant? Is there a way for EU resident to request their posts, replies, contributions, and accounts to be forgotten on Flyertalk?

Right to be Forgotten
Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. The conditions for erasure, as outlined in article 17, include the data no longer being relevant to original purposes for processing, or a data subjects withdrawing consent. It should also be noted that this right requires controllers to compare the subjects' rights to "the public interest in the availability of the data" when considering such requests.
The privacy policy of Internet Brands (the owner of Flyertalk ) has a contact form.
https://www.internetbrands.com/priva...ntact-form.php

Deletion of personal information is among the choice. Make your request and FT has to comply within 30 days. If after this delay they did not act complain to your relevant regulatory data protection agency.


All times are GMT -6. The time now is 1:00 pm.
Page 1 of 3
1
2
3
Show 40 post(s) from this thread on one page


This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2026 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.