MG-Rover.org Forums banner

1 - 9 of 9 Posts

·
Registered
'06 MG ZR +120 (HQM) '04 MG ZR 105 (IAB)
Joined
·
9,188 Posts
Discussion Starter #1
In spite of the new forum carrying the 'GDPR Compliant' logo, the method of handling cookie/data harvesting permission as it stands most definitely does NOT comply with the requirements of the General Data Protection Regulations covered by the Data Protection Act 2018.

It is a requirement that consent must be obtained from the user via a positive opt-in - in other words, the user must actively select consent to their personally identifiable data being harvested. Use of pre-ticked boxes with the default being the consent option pre-ticked is not permissable; the user must physically tick the 'yes' box to give consent.

Makes me wonder if VerticalScope are also using other more surreptitious means to try and circumvent the law?
 

·
Registered
'06 MG ZR +120 (HQM) '04 MG ZR 105 (IAB)
Joined
·
9,188 Posts
Discussion Starter #3
I do not need contact information for 'Policy Support'!!!! You are the admin, it is for you to sort it out with them.

You and your organisation need to read the requirements of the General Data Protection Regulations carefully, and understand them - it is not permissible for the 'YES' option to be selected by default.

It is time that many web based organisations woke up to the fact that what GDPR is telling them is that they should not be harvesting peoples' personal data beyond what is strictly necessary for provision of the goods or services which are supplied. If an effort is made to comply, rather than thinking they can circumvent the legislation, website owners and administrators would get on better??
 

·
Administrator
cityrover
Joined
·
960 Posts
I am truly sorry, but I am not involved with GDPR. This is handled through the Policy Support team.

I have passed on your concerns.

- Cricket
 

·
Administrator
cityrover
Joined
·
960 Posts
In spite of the new forum carrying the 'GDPR Compliant' logo, the method of handling cookie/data harvesting permission as it stands most definitely does NOT comply with the requirements of the General Data Protection Regulations covered by the Data Protection Act 2018.

It is a requirement that consent must be obtained from the user via a positive opt-in - in other words, the user must actively select consent to their personally identifiable data being harvested. Use of pre-ticked boxes with the default being the consent option pre-ticked is not permissable; the user must physically tick the 'yes' box to give consent.

Makes me wonder if VerticalScope are also using other more surreptitious means to try and circumvent the law?
Good morning, we are currently investigating what looks to be an error on the site. You should still be seeing a consent wall with partner listings and all relevant cookie information when you log into the site from a new session. Meaning the only reason you wouldn't see it is you've already accepted it and no changes have been made to it or something is malfunctioning. The GDPR compliance badge is not posted on our sites without actually ensuring we are compliant. However, it does not account for potential misfires of scripts.

Kyle
 

·
Registered
'06 MG ZR +120 (HQM) '04 MG ZR 105 (IAB)
Joined
·
9,188 Posts
Discussion Starter #6
There are no misfires of scripts - your GDPR consent wall is deliberately set to acceptance/yes to non-essential cookies and scripts by default. This is a flagrant breach of the requirements of GDPR which requires explicit informed consent to be given by the user - in short, the default is required by the law to be 'decline/off' and it is for the user/member to physically switch/click for consent/yes.

Most people of course, will not consent; but that is the fault of the online advertising industry who have been robbing us of our personal details and tracking us for years, and playing fast and loose with that information to their own ends to the point where none of us trust them at all any more!

Two months on from the forum change and a month on from the last post by Admin, and still nothing has been done.

Not good enough!
 

·
Administrator
cityrover
Joined
·
960 Posts
Please show me where you are seeing it defaulting you to accept in a screenshot. Our consent wall was designed and affirmed by legal counsel to give us that compliance icon. So please show me where you are seeing the violation.

Thank you

Kyle
 

·
Registered
'06 MG ZR +120 (HQM) '04 MG ZR 105 (IAB)
Joined
·
9,188 Posts
Discussion Starter #8
The compliance wall shows all the yes boxes highlighted/turned on by default; the legal position is that the default must be 'NO' or Reject, and the user must physically select 'YES' or Accept, having had sight of information regarding what data they are permitting to be taken and what it is used for and by whom.

I am not surprised if you legal advisors have told you to it this way. Far too many websites legal advisors seem to think they can get away with having acceptance preselected by default, but this is simply an illegal circumvention of the rules, which in time I have no doubt that the Information Commissioners Office will act against!

Those websites which are more forward looking and mindful of their legal obligations actual have a simple 'Accept All' or 'Reject All' set-up, with 'Reject All' the default option.

I (and I suspect others) had to give eBay a sharp prod about the same sort of thing, but they eventually got the message and got things set to Reject as the default option. The only question left is whether we trust North American organisations to actually be abiding by the option we in Europe select - the answer of course, is that we don't trust NA (and USA in particular) at all. Not even a little bit.
 

·
Administrator
cityrover
Joined
·
960 Posts
I have submitted your feedback to our legal department and they will consult with our external legal representation as well as our GDPR support team which is itself a third party agency that specializes in the technical facet of GDPR requirements. As of this date until the compliance rules are changed to reflect what you are addressing we do stand to compliance requirements. Likewise, your trust of other organizations is entirely up to you however it is worth noting that regardless of where the organization is located they do answer to complaints and sanctions from the ICO and where we specifically are, Canada, the OPC.

Kyle
 
1 - 9 of 9 Posts
Top