DragonPrime - LoGD Resource Community
Welcome Guest
  • Good morning, Guest.
    Please log in, or register.
  • October 23, 2018, 04:26:14 AM
Home Forums News Downloads Login Register Advanced Search
* * *
DragonPrime Menu
Login
 
 
Resource Pages
Search

Pages: 1 2 [3] 4 5   Go Down
  Print  
Author Topic: GDPR Privacy in the EU (and those who accept EU players) - Issues with Lotgd  (Read 6962 times)
0 Members and 1 Guest are viewing this topic.
TGTarheel
Codemeister
****
Offline Offline

Posts: 466


View Profile
« Reply #30 on: February 04, 2018, 05:30:55 PM »

I think I attached it in this thread "charrestore".
But I fixed minor things, mostly a search bug which did not show any chars saved if you leave the email address.

The very same actually, just minor modifications.

It works on my site well, I already restored a few.
And I like it  better w/o user email - you don't have to dally around "I can't tell you what email that char was made", because you simply don't know anymore Cheesy

So should I now use this one you just attached...or the one I was using?  The first one you posted?
Logged
Nightborn
Captain of the Guard
***
Offline Offline

Posts: 216


View Profile WWW
« Reply #31 on: March 26, 2018, 09:42:31 AM »

The last one Tongue

I'll make hopefully the last stuff on easter.

I updated my lotgd install to 16.04 with php7 + myslq 5.7.
Not a lot of fun though.

I had double-encoded utf8 strings in my db -_- now it's all fixed.
Logged
Nightborn
Captain of the Guard
***
Offline Offline

Posts: 216


View Profile WWW
« Reply #32 on: May 20, 2018, 09:38:25 AM »

Well, busy on the last couple of days.

I used the "creationaddon" to show my privacy policy statements, but it has one drawback: it *only* confirms them on creation(hence the name), and it has no way to do so afterwards. I had to expand that function, and also add a date as to when the privacy was accepted.
If somebody needs it, I will attach it.

here is the last version of the gdpr extension (=manages only the data export for the user and the 100% safe deletion and no restoral - if you push the mysql functions in you have to execute after you pushed the data in, but that can be set automatically if you need to).

Due to the fact that it's not install-and-done, but needs mysql adaptions, I apologize.
The mysql stuff has to be done in the db, which is something not being able to easily put into a module (no synctable for functions).

EDIT: Just as a summary, you need(!) a privacy statement accessible like an imprint on any page, it has to declare a lot of things. That's mandatory. Mine: https://shinobilegends.com/gdpr/SL%20Data%20Privacy%20Agreement%20and%20Transparency%20Report.pdf
« Last Edit: May 20, 2018, 09:48:23 AM by Nightborn » Logged
TGTarheel
Codemeister
****
Offline Offline

Posts: 466


View Profile
« Reply #33 on: May 27, 2018, 09:15:42 AM »

Well, busy on the last couple of days.

I used the "creationaddon" to show my privacy policy statements, but it has one drawback: it *only* confirms them on creation(hence the name), and it has no way to do so afterwards. I had to expand that function, and also add a date as to when the privacy was accepted.
If somebody needs it, I will attach it.

here is the last version of the gdpr extension (=manages only the data export for the user and the 100% safe deletion and no restoral - if you push the mysql functions in you have to execute after you pushed the data in, but that can be set automatically if you need to).

Due to the fact that it's not install-and-done, but needs mysql adaptions, I apologize.
The mysql stuff has to be done in the db, which is something not being able to easily put into a module (no synctable for functions).

EDIT: Just as a summary, you need(!) a privacy statement accessible like an imprint on any page, it has to declare a lot of things. That's mandatory. Mine: https://shinobilegends.com/gdpr/SL%20Data%20Privacy%20Agreement%20and%20Transparency%20Report.pdf

Or just don't allow character restore, yes??

Seems like this is just too much work.  Seriously.

I believe I simply am just not gonna allow restore...that way, when someone deletes or is deleted they are just gone.  I will put a note in the character deletion that states character will not be able to be restored and a confirm button...and have the note explain it is due to new laws in the EU.

To hell with it.  Not worth the risk of getting into trouble.
Logged
Aeolus
Mod God
*****
Online Online

Posts: 1896


You're welcome.


View Profile WWW
« Reply #34 on: May 28, 2018, 01:46:47 AM »

Or just don't allow character restore, yes??

Seems like this is just too much work.  Seriously.

I believe I simply am just not gonna allow restore...that way, when someone deletes or is deleted they are just gone.  I will put a note in the character deletion that states character will not be able to be restored and a confirm button...and have the note explain it is due to new laws in the EU.

To hell with it.  Not worth the risk of getting into trouble.

Good on you. We'll keep up with our own choices.
Logged

TGTarheel
Codemeister
****
Offline Offline

Posts: 466


View Profile
« Reply #35 on: May 28, 2018, 11:03:59 AM »

Just as a thought...would there NOT...be a way, within the Character Restorer itself...to have a user-settable pref...that would allow the restorer to fire on deletion (retaining data or not) based on user pref?

And have it default set to OFF...allowing players to OPT-IN? and if that pref is there, THEN the data is retained...otherwise lost.  Would that not be easier??  And accomplish the same thing??

Just saying!!

(As we all know, "OPT-OUT" is the American way...and OPT-IN in the EU way.  I wish, in this case, America would be a lot more like the EU...and we would go OPT-IN instead of OPT-OUT)
« Last Edit: May 28, 2018, 11:16:16 AM by TGTarheel » Logged
pharis
Militia
**
Offline Offline

Posts: 59


Take this it's dangerous to go alone


View Profile
« Reply #36 on: May 29, 2018, 06:40:38 AM »

I found this to be the easiest way to get out of the line of fire as far as cookies go :

https://www.cookiebot.com/en/pricing/

Take the free option as it covers one domain free of charge.
You can set it up within minutes.
 
Logged
TGTarheel
Codemeister
****
Offline Offline

Posts: 466


View Profile
« Reply #37 on: May 29, 2018, 09:31:24 PM »

I found this to be the easiest way to get out of the line of fire as far as cookies go :

https://www.cookiebot.com/en/pricing/

Take the free option as it covers one domain free of charge.
You can set it up within minutes.
 

But if you are not doing character restoration at all...do you need this?

Again, not sure why a user-settable pref can't be added to the Restorer...set default OFF, so that one must OPT-IN...to allow Restoration t happen at all.  The pref can be changed by user ONLY when they attempt to delete.

Then have a confirm step added in the user-originated deletion.  It checks the pref and informs the player of the status.

if the pref is set "off" as is default:

According to GDPR laws enacted in the EU, we are required to inform you that you must OPT-IN to allow for possible character restoration at a alter date.  Right now, this option is turned off, meaning all your personal data will be destroyed and unrecoverable.  Do you wish to delete...or do you wish first to change this option?

And then they have to pick.  If no...the chacter is deleted and no data stored.  if yes...then the pref is set Yes...and we go back to the confirm screen...

if the pref is set YES - since player just set it so....

You are about to delete your character.  In accordance with GDPR laws in the EU, we are required to inform you that your data will be stored for the purposes of restoring this character at a later date should you so choose.  Should you not wish your data to be retained, we will not be able to restore this character at any time.  You may choose to have your data forgotten....or go ahead with deletion, with data retained for the purpose of recreating the character.

And have a confirm nav that they could either re-set the pref to NO...and back to the landing screen...or YES...and character deleted with data retained.

In this way, you are informing them that their data is stored...for what purpose...and giving them an option to not have it stored...and explaining the consequences of that choice.

Obviously...if there is an Admin-generated delete..then the Restorer would be set to automatically wipe out any data....because likely you do not want that player to come back, anyway.

Just seems like what I have in mind would serve the purpose of what we are doing here.

By the way...add something that...if they choose to abort the delete...and not delete the character...the pref gets set back to NO SAVE.

This way it automatically is no save...unless user specifically says save JUST BEFORE DELETION.

And an Admin-generated delete would happen with the pref already set at NO SAVE as that is the permanent default.

Thus the Restorer only fires after the player has been informed that it will...and for what purpose...and gives them the right to opt-IN to have it saved.  Thus, implied consent.

I am not a lawyer or anything, but it seems this would be sufficient for what we are doing here...just a little RPG...right??
Logged
pharis
Militia
**
Offline Offline

Posts: 59


Take this it's dangerous to go alone


View Profile
« Reply #38 on: May 30, 2018, 10:43:41 AM »

I agree with you on everything.
I meant „as far as cookies go“ and not anything lotgd specific.

But keep in mind that as soon as you have a cookie set or a session started , and that often happens a lot ( like say a paypal donation button that could have a tracker ), you are already in the line of fire. Its really that simple. I am located in switzerland where technically you are not in the EU, and yet a lawyer we had to hire to check the status of the pages of our small company, urged us to put a thorough privacy disclaimer ( on every cookie and why its needed , etc.. ) on every page, even if technically they were public pages.

Its not about your page not being compliant with the gdpr, its about putting your ass in safety if there is a moron that decides to sue you from within europe if he thinks your disclaimer is not good enough. And since you never know when some shit in your page sets a new cookie that is not declared, you might be subject to have to prove that you handle data correctly by the authorities.

Its a freaking nightmare and no one knows whats gonna happen . People now start realizing that their simple pages are collecting data through their plugins.

Its a great time for lawyers and ppl that want to sue others. If someone does not like your site, he / she just has to create an account, and mess with you. Its completely irrelevant if it is a game or a wordpress site.
« Last Edit: May 30, 2018, 10:48:22 AM by pharis » Logged
TGTarheel
Codemeister
****
Offline Offline

Posts: 466


View Profile
« Reply #39 on: May 30, 2018, 10:01:23 PM »

I agree with you on everything.
I meant as far as cookies go and not anything lotgd specific.

But keep in mind that as soon as you have a cookie set or a session started , and that often happens a lot ( like say a paypal donation button that could have a tracker ), you are already in the line of fire. Its really that simple. I am located in switzerland where technically you are not in the EU, and yet a lawyer we had to hire to check the status of the pages of our small company, urged us to put a thorough privacy disclaimer ( on every cookie and why its needed , etc.. ) on every page, even if technically they were public pages.

Its not about your page not being compliant with the gdpr, its about putting your ass in safety if there is a moron that decides to sue you from within europe if he thinks your disclaimer is not good enough. And since you never know when some shit in your page sets a new cookie that is not declared, you might be subject to have to prove that you handle data correctly by the authorities.

Its a freaking nightmare and no one knows whats gonna happen . People now start realizing that their simple pages are collecting data through their plugins.

Its a great time for lawyers and ppl that want to sue others. If someone does not like your site, he / she just has to create an account, and mess with you. Its completely irrelevant if it is a game or a wordpress site.


But if PayPal is collecting the info...isn't that PayPal's problem and not mine?

If I and my actual site are not collecting the data??

I think a disclaimer at character creation stating that you agree to hold harmless the operators of this site...could be a good idea.
Logged
Aeolus
Mod God
*****
Online Online

Posts: 1896


You're welcome.


View Profile WWW
« Reply #40 on: May 30, 2018, 11:19:34 PM »

You use cookies, therefore you collect data. FK, for reference, uses a privacy policy.
Logged

TGTarheel
Codemeister
****
Offline Offline

Posts: 466


View Profile
« Reply #41 on: May 31, 2018, 12:01:46 AM »

You use cookies, therefore you collect data. FK, for reference, uses a privacy policy.

Must have a look.  Does your privacy policy (I assume you mean a disclaimer statement) actually serve to keep you from trouble with this new law?

I see your front page discloses that you have cookies.

Is that actually good enough?

Wondering if an agreement, at charactger creation that says, creating a character here means that you, the user, agree to hold harmless under any EU laws concerning data privacy.

We have external links that do use cookies, as does this site.  This game is not playable without them.

Data gathered is used only for the purposes of this game and is not disseminated or sold to any third party.

Something along those lines....

I am just trying to figure a way to make sure that there is "implied consent" - I will still, of course, do everything possible to be in full compliance...among them, either not using the character restorer...or allowing the pref I mention above if I do...but I am just looking to cover any possible cracks in this.


So far, I have added the following code to my creation page, beginning at line 102 in create.php
Code:
page_header("Create A Character");
if (getsetting("allowcreation",1)==0){
output("`\$Creation of new accounts is disabled on this server.");
output("You may try it again another day or contact an administrator.");
}else{
if ($op=="create"){
rawoutput("<big>");
output("`#Notice to all players residing in the European Union (EU):  Due to the new GDPR laws concerning Data Privacy enacted in the EU, creation of a character on this site gives site operators");
output(" implied consent to store and use your data for the purposes of gameplay on this site.  This site does use cookies and has links to third-party sites.  While the site operators will");
output(" do everything reasonable to protect the personal data of players, and will, on request, delete a character along with all personal data, `n`n`^creation of a character on this site");
output(" constitutes implied consent to store such data for the purposes of, and in the manner above described.  `n`n`QAny user of this site agrees to hold harmless from any and all liability");
output(" under the GDPR laws of the EU, or any similar laws in the jurisdiction in which the user may reside.");
rawoutput("</big>");
addnav("`b`^Agree and Continue`b","create.php?op=create2");
addnav("`b`QDo Not Agree`b","home.php");
page_footer();
}
if ($op=="create2"){
attached file is how it looks on my site.

If they do not agree, it aborts character creation and takes them back to the home screen.




« Last Edit: May 31, 2018, 12:54:52 AM by TGTarheel » Logged
Sunday
Codemeister
****
Offline Offline

Posts: 399


So meme'd up.


View Profile
« Reply #42 on: May 31, 2018, 01:10:41 AM »

You use cookies, therefore you collect data. FK, for reference, uses a privacy policy.

Must have a look.  Does your privacy policy (I assume you mean a disclaimer statement) actually serve to keep you from trouble with this new law?
Privacy policies are required by law. So in a way, yes, they do keep you out of trouble.

I see your front page discloses that you have cookies.

Is that actually good enough?

Wondering if an agreement, at charactger creation that says, creating a character here means that you, the user, agree to hold harmless under any EU laws concerning data privacy.

We have external links that do use cookies, as does this site.  This game is not playable without them.

Data gathered is used only for the purposes of this game and is not disseminated or sold to any third party.

Something along those lines....
That's essentially what the new legislation requires.
Logged

Slowly progressing fork with PHP 7 support: https://github.com/stephenKise/Legend-of-the-Green-Dragon
Cheap VPS Hosting (10$ credit!): https://m.do.co/c/acde75b086c5

A new server in the making...
TGTarheel
Codemeister
****
Offline Offline

Posts: 466


View Profile
« Reply #43 on: May 31, 2018, 01:20:02 AM »

You use cookies, therefore you collect data. FK, for reference, uses a privacy policy.

Must have a look.  Does your privacy policy (I assume you mean a disclaimer statement) actually serve to keep you from trouble with this new law?
Privacy policies are required by law. So in a way, yes, they do keep you out of trouble.

I see your front page discloses that you have cookies.

Is that actually good enough?

Wondering if an agreement, at charactger creation that says, creating a character here means that you, the user, agree to hold harmless under any EU laws concerning data privacy.

We have external links that do use cookies, as does this site.  This game is not playable without them.

Data gathered is used only for the purposes of this game and is not disseminated or sold to any third party.

Something along those lines....
That's essentially what the new legislation requires.

Good deal.
I have added, as indicated, a step to my character creation screen.  It functions as I intended, and a screenshot is available in my post above.

Additionally, since players may already exist, I have posted an MOTD about it.  I also added a line to the home screen informing players residing in the EU to read that MOTD.

The MOTD outlines all of this and states that if any player in the EU does not agree with this, for any reason, to immediately contact site Admin for character deletion, along with deletion of all personal data as is maintained by my site.
Logged
pharis
Militia
**
Offline Offline

Posts: 59


Take this it's dangerous to go alone


View Profile
« Reply #44 on: May 31, 2018, 10:44:57 AM »

@tgtarheel :what is your page again ?
Logged
Pages: 1 2 [3] 4 5   Go Up
  Print  
 
Jump to:  


*
DragonPrime Notices
Please take the time to read the FAQ and browse the DragonPedia

Support Us
No funds raised yet this year
Your help is greatly appreciated!
Recent Topics
DragonPrime LoGD
Who's Online
51 Guests, 2 Users
BombChel, Aeolus
Home Forums News Downloads Login Register Advanced Search