AstroBinAstroBin

Help needed to review new documents needed for GDPR compliance AstroBin Beta Testers · Salvatore Iovene · ... · 11 · 205 · 0

siovene
Salvatore Iovene
...
· 
·  4 likes
Dear members of the AstroBin Beta Testers group,

in order to be fully compliant with the GDPR, I need to make some changes to AstroBin.

I apologize for being late to this party, I should've done this much earlier.

The changes that will happen soon are:
  • New cookie banner with explicit opt-in, categorization of cookies that can be accepted or declined (functional, performance, analytics, advertising...) and explanation of each category, and, for first-party cookies, each cookie.
  • New documents to explain exactly what AstroBin does with your data:
    • Privacy Policy
    • Cookie Policy

  • New document to detail acceptable conduct on AstroBin


In practical terms, the benefits you will receive are two:
  1. If you choose to not opt-in to analytics cookie, AstroBin will not use Google Analytics when you visit
  2. If you choose to not opt-in to advertising cookies, AstroBin will instruct Google Ad Manager to not use cookie. Please note that AstroBin never used cookies to do personalized advertising: only to enable frequency caps (e.g. if a customer says "don't show my ad to one person more than twice a day")


For everything else, nothing really changes except that things are more transparent now, in accordance to the GDPR.

AstroBin has always been privacy-minded:
  • It doesn't collect anything more than needed
  • It doesn't show your email address or location, or even country, anywhere
  • It only displays information that you voluntarily provide
  • It does not track you or follow you around to learn patterns to personalize ads to you
  • It doesn't share your contact information with advertisers
  • It doesn't store any personally identifiable information other than what you provide
  • It stores your IP address only in cases where it might be needed for moderation purposes


So, as a member of the Beta Testers group, I would really love to get some help in reviewing the new documents.

Please keep in mind that:
  • I did not hire a layer for this
  • I used a third-party service that's specialized in generating such policies (I had to fill a questionnaire with lots of questions, probably over 50, and the website generated the policies for me)
  • I made slight customizations to the generated policies when needed


I would like to get feedback in terms of:
  • Is there anything in the policies that is not GDPR compliant?
  • Is there anything that needs more clarification, that you didn't understand?
  • Is there anything missing?
  • Is there anything that's incorrect, because I didn't notice?


These are the new policies to review:

https://welcome.astrobin.com/privacy-policy-test
https://welcome.astrobin.com/cookie-policy-test
https://welcome.astrobin.com/acceptable-use-policy-test

These are the other existing policies, which might be good to check too:

https://welcome.astrobin.com/terms-of-service
https://welcome.astrobin.com/community-guidelines
https://welcome.astrobin.com/ad-policy

Thank you very much in advance to anyone willing to read them and provide feedback!

I would like to thank Rüdiger who brought the issue of GDPR compliance to my attention and helped with the most pressing cookie opt-in issues!

Salvatore
Like
×

Sorry :-(

Editing a post is only allowed within 24 hours after creating it.
Linwood 5.76
Linwood Ferguson
...
· 
It's probably just not done yet but in case otherwise in the cookie policy this link fails with a 404  (in the paragraph "What are your cookie options"):

https://www.astrobin.com/cookies/

Its a shame that the legal disclaimers now probably take up as much text as the underlying programming code.
Like
×

Sorry :-(

Editing a post is only allowed within 24 hours after creating it.
siovene
Salvatore Iovene
...
· 
Linwood Ferguson:
It's probably just not done yet but in case otherwise in the cookie policy this link fails with a 404  (in the paragraph "What are your cookie options"):

https://www.astrobin.com/cookies/

Yeah I know, the page is ready to be released, but I just wanted some feedback for the policy pages. It's a page where you can customize cookie options and change them at any time, as required for the GDPR.
Linwood Ferguson:
Its a shame that the legal disclaimers now probably take up as much text as the underlying programming code.

Luckily not nearly close :-D I obviously want to run AstroBin as lawfully as possible, and these GDPR laws are there for a reason. The engineer in me of course would rather work on astro related features, but I understand why stuff like this is necessary.
Like
×

Sorry :-(

Editing a post is only allowed within 24 hours after creating it.
Linwood 5.76
Linwood Ferguson
...
· 
Salvatore Iovene:
Linwood Ferguson:
Its a shame that the legal disclaimers now probably take up as much text as the underlying programming code.

Luckily not nearly close :-D I obviously want to run AstroBin as lawfully as possible, and these GDPR laws are there for a reason. The engineer in me of course would rather work on astro related features, but I understand why stuff like this is necessary.

Yeah, not a shot at astrobin but politicians and lawyers. In apparently trying to do a good thing, all they do is ensure virtually no one ever reads any of this (absent a law suit) and annoys everyone with the continual cookie prompts. Maybe we will be better off when the AI's take over. 

I read though (well, skimmed though) all the documents, nothing really jumped out at me. I think some could be more concise (e.g. if you say unlawful is prohibited is it necessary to list unlawful things), but what actually sunk in was fairly clear.
Like
×

Sorry :-(

Editing a post is only allowed within 24 hours after creating it.
siovene
Salvatore Iovene
...
· 
Linwood Ferguson:
I think some could be more concise (e.g. if you say unlawful is prohibited is it necessary to list unlawful things), but what actually sunk in was fairly clear.


Personally, I agree with this and everything else you've said. But, regarding being concise, it's much easier for me to stick with the generated content.

I used https://www.websitepolicies.com/ and I will be notified when some laws change and I need to amend something in my policies. The least I deviated from the generated content, the easiest it is for me when that happens.
Like
×

Sorry :-(

Editing a post is only allowed within 24 hours after creating it.
javaruck 5.05
Bob Rucker
...
· 
·  1 like
Salvatore,

Now I know why I've been getting so many pop ups on other sites. It seems that many others are working to become GDPR compliant as well. At any rate, I have read through all of the policies and nothing jumps out as being problematic.

It's a shame that this sort of work is necessary but it is a reality in todays world. I used to work with contracts during my professional career and know from working with our legal team that it is much better to use accepted boiler plate language for standard terms and conditions. Even though the text can be long, you are absolutely correct in using the generated content from a source specializing in legal compliance for these laws. Going off script can cause unintended consequences.

Bob
Like
×

Sorry :-(

Editing a post is only allowed within 24 hours after creating it.
umasscrew39 12.64
Bruce Donzanti
...
· 
Salvatore

I read all of the links and they seem straightforward to me.  I would not try to explain more in them as the wordier they get, the more people will either ignore them or get irritated and ask you more questions.  Also, remember that the US does not fall under GDPR, so most in the US will not even know what GDPR is unless they have been working for a EU company like I have for the past 30+ years.  The closest thing the US has is HIPPA.  So, you may want to spell out what GDPR is for all and that this is a mandated EU law.  Other than that, I think being concise, organized, and clear with regard to this requirement and how it pertains to AB and its members is the way to go..........which I think you have done here.

Bruce
Like
×

Sorry :-(

Editing a post is only allowed within 24 hours after creating it.
siovene
Salvatore Iovene
...
· 
Hi @Bruce Donzanti,

the way the code is tentatively set up now, I will only show the cookie banner and use opt-in cookies to visitors in countries where the GDPR applies.

California has a privacy act too, so I might need to see if I can detect access for a specific state.
Like
×

Sorry :-(

Editing a post is only allowed within 24 hours after creating it.
umasscrew39 12.64
Bruce Donzanti
...
· 
Salvatore Iovene:
Hi @Bruce Donzanti,

the way the code is tentatively set up now, I will only show the cookie banner and use opt-in cookies to visitors in countries where the GDPR applies.

California has a privacy act too, so I might need to see if I can detect access for a specific state.

hmmm....ok, if you want to but I lived in California many years and I am not aware of anything special even though CA does some "odd" things.  I am pretty sure each state has privacy laws at a state level too.  CA might not be special in that regard.
Like
×

Sorry :-(

Editing a post is only allowed within 24 hours after creating it.
siovene
Salvatore Iovene
...
· 
Bruce Donzanti:
hmmm....ok, if you want to but I lived in California many years and I am not aware of anything special even though CA does some "odd" things.  I am pretty sure each state has privacy laws at a state level too.  CA might not be special in that regard.


I'm talking about this specifically: https://en.wikipedia.org/wiki/California_Privacy_Rights_Act

And yes, other states have different rules as well. And of course many countries not in Europe.

To be honest, complying with everything at all time would be a nightmare, so for now I'm complying with the GDPR and the CPRA and confiding in the fact that this would cover things in case somebody from some whatever country has a problem...
Like
×

Sorry :-(

Editing a post is only allowed within 24 hours after creating it.
umasscrew39 12.64
Bruce Donzanti
...
· 
yes- I agree about, " complying with everything at all time would be a nightmare", but I am still not sure what  https://en.wikipedia.org/wiki/California_Privacy_Rights_Act really adds.  However, up to you, just my 2 cents.
Like
×

Sorry :-(

Editing a post is only allowed within 24 hours after creating it.
MichaelRing 3.94
Michael Ring
...
· 
One thing that would be nice is the option to persist the cookie preferences in the user profile .
The reason is that I use Firefox and delete all cookies on exit, this now means that Astrobin nags me every time when I open the page. When my settings have my preferences for cookies you could use them on next screen refresh after login.

Michael
Like
×

Sorry :-(

Editing a post is only allowed within 24 hours after creating it.
 
Register or login to create to post a reply.
×

Warning!

This operation will reload the current page. If you have any unsaved information in a form, it will be lost.

You can also dismiss this window, and your operation will be applied at the next page navigation.