General personal stats (e.g. Discourse) and legislation/GDPR

Hi,

This community is using the Discourse software intensively by many users from all over the globe.

It seems that extensive user (personal) statistics are visable to every visitor. e.g:

image2064×602 62.9 KB

In the old days (90-ties), this was fun to see and know, however today we have learned that personal (online) information/behaviour/activity is protected by legislation e.g. GDPR . I can’t remember, but I never agreed for Nethesis (Italian) to share all my forum activity/info with anybody or the whole globe?

Today the default privacy consent is to ‘opt-in’ regarding the very specific question of a company for sharing your personal info/statistics. How to opt out at the least for now?

TIA

TIA

@Nick I wonder if it is not your area of expertise ?

Hi there. I’m Nick working @ nethesis developing cyber security area (that’s why @stephdl pinged me).

I think we need to make some clarifications:

• ‘personal data’ means any information relating to an identified or identifiable natural person (so your stats are not PII) Art. 4 point 1 of GDPR
• in our profiles the username and nickname are the only PII
• NethServer Community is a different entity from Nethesis Srl U. (the company)
• I desume (from a quick check but we should verify the thing) that the servers are directly managed from Discourse as from the CNAME community.nethserver.org is an alias for nethserver.discoursehosting.net
• when we all created the accounts we agreed to the Privacy Policy and the TOS

This said, since we are now in 2024, I agree that a review and a clarification to the reported policies dated 2013 may be nice.

Why do you need this? What do you want to hide?

Thanks for taking the time.

The stats ARE related to an identified/identifiable natural person, all the data in the profile is, apart from NOT filling out your real name, city, what you like etc. On the social media platforms (X, FB, Insta, Tiktok etc), a profile and data can be hidden, including all details.
( Restrict public viewing of user profile - #14 by JSey - feature - Discourse Meta )

So who is responsible for the data? For the Privacy is invalid, it should clearly state a policy between legal entities/natural persons. "We’ is not a valid thing.

The TOS is ofcourse complete bogus. Terms of Service - NethServer Community

Again, that is not true, for “We” and “example.com” is not valid.

Yep

That question is irrelevant.

While I’m not sure about the TOS, the privacy policy seems legit.

Again, @Nick it’s the most knowledgeable person about this topic I’d stick to his knowledge and what he says.

It’s never about the “showing” the info, it’s about the “gathering” of it.

Sticking to what said above, the mere numbers regarding what you do on the platform are not related to you, if you strip the name or nickname from these stats, no one will be able to be pinpoint its you, which means it doesn’t fall in the “personal information” part

That is not possible. It is the whole profile or no profile in this Discourse instance.

There is an option to hide the public profile.
User’s Profile → Preferences → Interface:

Perhaps you already tried that and is not what you expect… (you want separate control on profile and stats)

Spot on! Thanks so much.

The question on which legal entity is responsible for all data and how is it handled still remains. For the data may not be visible, it is still gathered and stored somewhere, and IS identifiable and relatable to a person.

Also, the privacy policy is not valid at all for there is no agreement between two legal entities. The TOS is an example page, and never did get any attention and, again, no agreement between two legal entities. Nobody here legally agreed to anything or anyone.