Go Back  FlyerTalk Forums > Support&Services > Technical Support and Feedback
Reload this Page >

GDPR compliance questions and discussion

GDPR compliance questions and discussion

    Hide Wikipost
Old Jul 20, 18, 6:45 am   -   Wikipost
Please read: This is a community-maintained wiki post containing the most important information from this thread. You may edit the Wiki once you have been on FT for 90 days and have made 90 posts.
 
Last edit by: JDiver
Wiki Link
Internet Brands - FlyerTalk has adopted GDPR standards and a consent popup appears to those logging on from the European Union.

If you wish to request you be “forgotten” on the basis of your rights under GDPR, please PM IBobi or IBjoel.

If you wish to inquire or communicate with Internet Brands - FlyerTalk regarding GDPR, please email [email protected].

Thank you,

cblaisd and JDiver, Co-Moderators

NOTE: Only Moderators and Admin have permission to edit this Wikipost.
Print Wikipost

Old May 25, 18, 5:54 am
  #1  
FlyerTalk Evangelist
Original Poster
 
Join Date: Jul 2011
Programs: SEIBU PRINCE CLUB Platinum, Hyatt Explorist, Marriott Gold, Cocos Gold
Posts: 14,656
GDPR compliance questions and discussion

On the https://www.flyertalk.com/forum/tech...ce-notice.html thread, it states:

Starting on or before May 25th, 2018, this site will become GDPR compliant in accordance with the EU GDPR regulation (Learn More).

If you are visiting this forum from an EU IP address, you will see a pop-up overlay that looks like this:
I don't think that this results in full compliance. GDPR rights are for EU citizens, not people that currently happen to be physically present within a European Union country. FlyerTalk admin especially should know that these people are all over the world.
hailstorm is offline  
Old May 25, 18, 8:34 am
  #2  
Moderator: American AAdvantage, TAP, Mexico, Technical Support and Feedback, and The Suggestion Box
 
Join Date: May 2000
Location: NorCal - SMF area
Programs: AA LT Plat; HH LT Diamond, Maître-plongeur des Muccis
Posts: 61,505
Originally Posted by hailstorm View Post
On the https://www.flyertalk.com/forum/tech...ce-notice.html thread, it states:



I don't think that this results in full compliance. GDPR rights are for EU citizens, not people that currently happen to be physically present within a European Union country. FlyerTalk admin especially should know that these people are all over the world.
I think that’s for the courts, not FT or IB administration, to decide, IMO. When I travel, I have certain rights as a US citizen. When I am in the EU, or anywhere else, those rights are generally superseded by local law. While GDPR rights may pretend to be portable, the facts of law seem to be contrary.

The issue that is getting traction in the EU, with at least four complaints filed against Facebook, Google, Instagram and WhatsApp, is whether sites can offer services to those within the EU by only offering an “all or nothing” (not merely agreeing to data collection related to the provision of service, but rather including data gathering for or by third parties, such as advertisers) acceptance policy in its TOU.

"The GDPR explicitly allows any data processing that is strictly necessary for the service - but using the data additionally for advertisement or to sell it on needs the users' free opt-in consent," said noyb.eu in a statement. Link to BBC article.
Does FT fully comply with GDPR? IANAL. That’s what IB legal will have to examine, depending on the EU courts’ decisions, I suspect. Particularly given several US news sites are currently unavailable to users within the EU because of GDLR requirements (link to BBC article).
Attached Images  

Last edited by JDiver; May 25, 18 at 11:53 am
JDiver is offline  
Old May 26, 18, 12:50 am
  #3  
A FlyerTalk Posting Legend
 
Join Date: Aug 2002
Programs: UALifetimePremierGold, Marriott LifetimeTitanium
Posts: 66,232
My 2 cents (so not enough to get you coffee at Starbucks): I think a lot of companies are taking a we don't know if you're in the EU or not approach, we're asking you to opt-in or opt-out or telling you what our privacy notice is across the board/protecting your privacy because it's easier to deal across the board than try to sort out EU etc. Heck, I've gotten privacy notices from multi-national firms as well as domestic firms, small-time book authors, local shops, etc.

BTW - for those unfamiliar w/ GDPR:

"What is the 'General Data Protection Regulation (GDPR)'

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). The GDPR sets out the principles for data management and the rights of the individual, while also imposing fines that can be revenue-based. The General Data Protection Regulation covers all companies that deal with data of EU citizens, so it is a critical regulation for corporate compliance officers at banks, insurers, and other financial companies. GDPR will come into effect across the EU on May 25, 2018."
SkiAdcock is offline  
Old May 26, 18, 2:03 am
  #4  
FlyerTalk Evangelist
Original Poster
 
Join Date: Jul 2011
Programs: SEIBU PRINCE CLUB Platinum, Hyatt Explorist, Marriott Gold, Cocos Gold
Posts: 14,656
Exactly. This is the only forum that I frequent that has tried to filter required notices by IP address (an inexact science at best)
hailstorm is offline  
Old May 26, 18, 1:04 pm
  #5  
Hilton 5+ BadgeAccor 10+ Badge
 
Join Date: Nov 2012
Location: Rhineland-Palatinate
Programs: OW Ruby (BA), *A Gold (A3), Le Club Accor Silver, HHonor Gold
Posts: 2,333
Well for the time being FT does not comply anyway, see Recital 43:

Recital 43
EU GDPR

(43) In order to ensure that consent is freely given, consent should not provide a valid legal ground for the processing of personal data in a specific case where there is a clear imbalance between the data subject and the controller, in particular where the controller is a public authority and it is therefore unlikely that consent was freely given in all the circumstances of that specific situation.

Consent is presumed not to be freely given if it does not allow separate consent to be given to different personal data processing operations despite it being appropriate in the individual case, or if the performance of a contract, including the provision of a service, is dependent on the consent despite such consent not being necessary for such performance.
=> Dossier: Consent

The black box that can not go away until “I agree” is ticked is illegal. There should be an option to disagree and continue using the service.
Dave_C likes this.
fransknorge is offline  
Old May 26, 18, 1:08 pm
  #6  
 
Join Date: Mar 2014
Location: JAX
Programs: UA 1K, Hilton Gold, Marriott Gold
Posts: 4,569
Originally Posted by hailstorm View Post
Exactly. This is the only forum that I frequent that has tried to filter required notices by IP address (an inexact science at best)
I am currently visiting in the EU and am receiving different levels of notices on sites I am registered on.(all US based sites) The most detailed notice listed each company that the site used and what information they shared with them. I was also able to select/deselect what site they shared my info with. Just for advertising purposes they used 72 companies!

I wouldn't mind having GDPR type regulation here.
TomMM is offline  
Old May 29, 18, 12:40 pm
  #7  
 
Join Date: Dec 2009
Posts: 499
This is annoying and violates GDPR.

The GDPR should allow the user to withhold unnecessary data tracking and only allow use of tracing which is absolutely necessary.

airsurfer is offline  
Old Jun 21, 18, 12:59 am
  #8  
Accor 10+ BadgeHilton 5+ Badge
 
Join Date: Nov 2012
Location: Rhineland-Palatinate
Programs: OW Ruby (BA), *A Gold (A3), Le Club Accor Silver, HHonor Gold
Posts: 2,333
IB has absolutely no intention to respect GDPR. I got denied access to my personal data despite articles 2,15 and recitals 63,64 clearly stating this as a right.
hailstorm likes this.
fransknorge is offline  
Old Jun 21, 18, 10:52 am
  #9  
Administrator
 
Join Date: Sep 2015
Programs: Internet Brands
Posts: 1,780
Originally Posted by fransknorge View Post
IB has absolutely no intention to respect GDPR. I got denied access to my personal data despite articles 2,15 and recitals 63,64 clearly stating this as a right.
Frank, when/how did you request this data?
IBJoel is offline  
Old Jun 21, 18, 12:10 pm
  #10  
Accor 10+ BadgeHilton 5+ Badge
 
Join Date: Nov 2012
Location: Rhineland-Palatinate
Programs: OW Ruby (BA), *A Gold (A3), Le Club Accor Silver, HHonor Gold
Posts: 2,333
I did the request the 24th May 2018. IB denied it yesterday. The regulations put a deadline of 1 month from the initial request.
I did the request via the form provided on IB website, on the privacy policy page.
fransknorge is offline  
Old Jun 21, 18, 12:55 pm
  #11  
Administrator
 
Join Date: Sep 2015
Programs: Internet Brands
Posts: 1,780
Originally Posted by fransknorge View Post
I did the request the 24th May 2018. IB denied it yesterday. The regulations put a deadline of 1 month from the initial request.
I did the request via the form provided on IB website, on the privacy policy page.
I've PMed you
IBJoel is offline  
Old Jun 30, 18, 8:16 pm
  #12  
 
Join Date: Jun 2018
Posts: 113
Is Flyertalk GDPR compliant? Is there a way for EU resident to request their posts, replies, contributions, and accounts to be forgotten on Flyertalk?

Right to be Forgotten
Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. The conditions for erasure, as outlined in article 17, include the data no longer being relevant to original purposes for processing, or a data subjects withdrawing consent. It should also be noted that this right requires controllers to compare the subjects' rights to "the public interest in the availability of the data" when considering such requests.
Sung Sam is offline  
Old Jul 1, 18, 8:31 am
  #13  
Moderator: American AAdvantage, TAP, Mexico, Technical Support and Feedback, and The Suggestion Box
 
Join Date: May 2000
Location: NorCal - SMF area
Programs: AA LT Plat; HH LT Diamond, Maître-plongeur des Muccis
Posts: 61,505
With the archiving sites out there (waybackmachine at archive.org, etc.) there’s no such likelihood of “being forgotten”, IMO. A person could have every bit erased from FT, yet their posts could still be found.
IBJoel likes this.
JDiver is offline  
Old Jul 1, 18, 9:42 am
  #14  
FlyerTalk Evangelist
 
Join Date: Jun 2006
Location: IAD/DCA
Posts: 31,510
FT's owner has counsel / teams for regulatory compliance

i hope EU regulations do not negatively impact archive.org
IBJoel likes this.
Kagehitokiri is offline  
Old Jul 1, 18, 12:57 pm
  #15  
Accor 10+ BadgeHilton 5+ Badge
 
Join Date: Nov 2012
Location: Rhineland-Palatinate
Programs: OW Ruby (BA), *A Gold (A3), Le Club Accor Silver, HHonor Gold
Posts: 2,333
Originally Posted by Sung Sam View Post
Is Flyertalk GDPR compliant? Is there a way for EU resident to request their posts, replies, contributions, and accounts to be forgotten on Flyertalk?

Right to be Forgotten
Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. The conditions for erasure, as outlined in article 17, include the data no longer being relevant to original purposes for processing, or a data subjects withdrawing consent. It should also be noted that this right requires controllers to compare the subjects' rights to "the public interest in the availability of the data" when considering such requests.
The privacy policy of Internet Brands (the owner of Flyertalk ) has a contact form.
https://www.internetbrands.com/priva...ntact-form.php

Deletion of personal information is among the choice. Make your request and FT has to comply within 30 days. If after this delay they did not act complain to your relevant regulatory data protection agency.
IBJoel and Sung Sam like this.
fransknorge is offline  

Thread Tools
Search this Thread