Jul 20, 2018, 2:43 pm
Last edit by: TWA884
Internet Brands - FlyerTalk has adopted GDPR standards and a consent popup appears to those logging on from the European Union.
If you wish to request you be “forgotten” on the basis of your rights under GDPR, please PM IBjoel.
If you wish to inquire or communicate with Internet Brands - FlyerTalk regarding GDPR, please email [email protected].
Thank you,
cblaisd and JDiver, Co-Moderators
NOTE: Only Moderators and Admin have permission to edit this Wikipost.
If you wish to request you be “forgotten” on the basis of your rights under GDPR, please PM IBjoel.
If you wish to inquire or communicate with Internet Brands - FlyerTalk regarding GDPR, please email [email protected].
Thank you,
cblaisd and JDiver, Co-Moderators
NOTE: Only Moderators and Admin have permission to edit this Wikipost.
GDPR compliance questions and discussion
May 25, 2018, 5:54 am
#1
FlyerTalk Evangelist
Original Poster
Join Date: Jul 2011
Programs: Hyatt Discoverist, SEIBU PRINCE CLUB Silver, Marriott Gold
Posts: 20,436
GDPR compliance questions and discussion
On the https://www.flyertalk.com/forum/tech...ce-notice.html thread, it states:
I don't think that this results in full compliance. GDPR rights are for EU citizens, not people that currently happen to be physically present within a European Union country. FlyerTalk admin especially should know that these people are all over the world.
Starting on or before May 25th, 2018, this site will become GDPR compliant in accordance with the EU GDPR regulation (Learn More).
If you are visiting this forum from an EU IP address, you will see a pop-up overlay that looks like this:
If you are visiting this forum from an EU IP address, you will see a pop-up overlay that looks like this:
May 25, 2018, 8:34 am
#2
Moderator: American AAdvantage
Join Date: May 2000
Location: NorCal - SMF area
Programs: AA LT Plat; HH LT Diamond, Maître-plongeur des Muccis
Posts: 62,948
On the https://www.flyertalk.com/forum/tech...ce-notice.html thread, it states:
I don't think that this results in full compliance. GDPR rights are for EU citizens, not people that currently happen to be physically present within a European Union country. FlyerTalk admin especially should know that these people are all over the world.
I don't think that this results in full compliance. GDPR rights are for EU citizens, not people that currently happen to be physically present within a European Union country. FlyerTalk admin especially should know that these people are all over the world.
The issue that is getting traction in the EU, with at least four complaints filed against Facebook, Google, Instagram and WhatsApp, is whether sites can offer services to those within the EU by only offering an “all or nothing” (not merely agreeing to data collection related to the provision of service, but rather including data gathering for or by third parties, such as advertisers) acceptance policy in its TOU.
"The GDPR explicitly allows any data processing that is strictly necessary for the service - but using the data additionally for advertisement or to sell it on needs the users' free opt-in consent," said noyb.eu in a statement. Link to BBC article.
Last edited by JDiver; May 25, 2018 at 11:53 am
May 26, 2018, 12:50 am
#3
A FlyerTalk Posting Legend
Join Date: Aug 2002
Programs: UALifetimePremierGold, Marriott LifetimeTitanium
Posts: 71,110
My 2 cents (so not enough to get you coffee at Starbucks): I think a lot of companies are taking a we don't know if you're in the EU or not approach, we're asking you to opt-in or opt-out or telling you what our privacy notice is across the board/protecting your privacy because it's easier to deal across the board than try to sort out EU etc. Heck, I've gotten privacy notices from multi-national firms as well as domestic firms, small-time book authors, local shops, etc.
BTW - for those unfamiliar w/ GDPR:
BTW - for those unfamiliar w/ GDPR:
"What is the 'General Data Protection Regulation (GDPR)'
The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). The GDPR sets out the principles for data management and the rights of the individual, while also imposing fines that can be revenue-based. The General Data Protection Regulation covers all companies that deal with data of EU citizens, so it is a critical regulation for corporate compliance officers at banks, insurers, and other financial companies. GDPR will come into effect across the EU on May 25, 2018."
May 26, 2018, 2:03 am
#4
FlyerTalk Evangelist
Original Poster
Join Date: Jul 2011
Programs: Hyatt Discoverist, SEIBU PRINCE CLUB Silver, Marriott Gold
Posts: 20,436
Exactly. This is the only forum that I frequent that has tried to filter required notices by IP address (an inexact science at best)
May 26, 2018, 1:04 pm
#5
Join Date: Nov 2012
Location: Rhineland-Palatinate
Programs: *A Gold (A3), HHonor Gold
Posts: 5,699
Well for the time being FT does not comply anyway, see Recital 43:Recital 43
(43) In order to ensure that consent is freely given, consent should not provide a valid legal ground for the processing of personal data in a specific case where there is a clear imbalance between the data subject and the controller, in particular where the controller is a public authority and it is therefore unlikely that consent was freely given in all the circumstances of that specific situation.
Consent is presumed not to be freely given if it does not allow separate consent to be given to different personal data processing operations despite it being appropriate in the individual case, or if the performance of a contract, including the provision of a service, is dependent on the consent despite such consent not being necessary for such performance.
=> Dossier: Consent
The black box that can not go away until “I agree” is ticked is illegal. There should be an option to disagree and continue using the service.
Recital 43
EU GDPR
(43) In order to ensure that consent is freely given, consent should not provide a valid legal ground for the processing of personal data in a specific case where there is a clear imbalance between the data subject and the controller, in particular where the controller is a public authority and it is therefore unlikely that consent was freely given in all the circumstances of that specific situation.Consent is presumed not to be freely given if it does not allow separate consent to be given to different personal data processing operations despite it being appropriate in the individual case, or if the performance of a contract, including the provision of a service, is dependent on the consent despite such consent not being necessary for such performance.
=> Dossier: Consent
The black box that can not go away until “I agree” is ticked is illegal. There should be an option to disagree and continue using the service.
May 26, 2018, 1:08 pm
#6
FlyerTalk Evangelist
Join Date: Mar 2014
Location: 4éme
Posts: 12,042
I wouldn't mind having GDPR type regulation here.
May 29, 2018, 12:40 pm
#7
Join Date: Dec 2009
Posts: 552
This is annoying and violates GDPR.
The GDPR should allow the user to withhold unnecessary data tracking and only allow use of tracing which is absolutely necessary.
The GDPR should allow the user to withhold unnecessary data tracking and only allow use of tracing which is absolutely necessary.
Jun 21, 2018, 12:59 am
#8
Join Date: Nov 2012
Location: Rhineland-Palatinate
Programs: *A Gold (A3), HHonor Gold
Posts: 5,699
IB has absolutely no intention to respect GDPR. I got denied access to my personal data despite articles 2,15 and recitals 63,64 clearly stating this as a right.
Jun 21, 2018, 10:52 am
#9
Administrator
Join Date: Sep 2015
Location: Los Angeles
Programs: Internet Brands
Posts: 3,867
Jun 21, 2018, 12:10 pm
#10
Join Date: Nov 2012
Location: Rhineland-Palatinate
Programs: *A Gold (A3), HHonor Gold
Posts: 5,699
I did the request the 24th May 2018. IB denied it yesterday. The regulations put a deadline of 1 month from the initial request.
I did the request via the form provided on IB website, on the privacy policy page.
I did the request via the form provided on IB website, on the privacy policy page.
Jun 21, 2018, 12:55 pm
#11
Administrator
Join Date: Sep 2015
Location: Los Angeles
Programs: Internet Brands
Posts: 3,867
Jun 30, 2018, 8:16 pm
#12
Join Date: Jun 2018
Posts: 113
Is Flyertalk GDPR compliant? Is there a way for EU resident to request their posts, replies, contributions, and accounts to be forgotten on Flyertalk?
Right to be Forgotten
Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. The conditions for erasure, as outlined in article 17, include the data no longer being relevant to original purposes for processing, or a data subjects withdrawing consent. It should also be noted that this right requires controllers to compare the subjects' rights to "the public interest in the availability of the data" when considering such requests.
Right to be Forgotten
Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. The conditions for erasure, as outlined in article 17, include the data no longer being relevant to original purposes for processing, or a data subjects withdrawing consent. It should also be noted that this right requires controllers to compare the subjects' rights to "the public interest in the availability of the data" when considering such requests.
Jul 1, 2018, 8:31 am
#13
Moderator: American AAdvantage
Join Date: May 2000
Location: NorCal - SMF area
Programs: AA LT Plat; HH LT Diamond, Maître-plongeur des Muccis
Posts: 62,948
With the archiving sites out there (waybackmachine at archive.org, etc.) there’s no such likelihood of “being forgotten”, IMO. A person could have every bit erased from FT, yet their posts could still be found.
Jul 1, 2018, 9:42 am
#14
FlyerTalk Evangelist
Join Date: Jun 2006
Location: IAD/DCA
Posts: 31,797
FT's owner has counsel / teams for regulatory compliance
i hope EU regulations do not negatively impact archive.org
i hope EU regulations do not negatively impact archive.org
Jul 1, 2018, 12:57 pm
#15
Join Date: Nov 2012
Location: Rhineland-Palatinate
Programs: *A Gold (A3), HHonor Gold
Posts: 5,699
Is Flyertalk GDPR compliant? Is there a way for EU resident to request their posts, replies, contributions, and accounts to be forgotten on Flyertalk?
Right to be Forgotten
Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. The conditions for erasure, as outlined in article 17, include the data no longer being relevant to original purposes for processing, or a data subjects withdrawing consent. It should also be noted that this right requires controllers to compare the subjects' rights to "the public interest in the availability of the data" when considering such requests.
Right to be Forgotten
Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. The conditions for erasure, as outlined in article 17, include the data no longer being relevant to original purposes for processing, or a data subjects withdrawing consent. It should also be noted that this right requires controllers to compare the subjects' rights to "the public interest in the availability of the data" when considering such requests.
https://www.internetbrands.com/priva...ntact-form.php
Deletion of personal information is among the choice. Make your request and FT has to comply within 30 days. If after this delay they did not act complain to your relevant regulatory data protection agency.