If you have any data privacy questions or concerns, or would like to see us address any other data privacy topic related to your personal data at UNIX.COM, please post back here in this discussion thread.
After receiving your comments, we will update the draft and ask all users to acceptthe rules again, which include this our new GDPR-upgraded privacy and personal data policy above.
Scanning quickly through the draft, the only hickup I have is in the second paragraph: "any personal or privacy data" - shouldn't that read "private data"?
And, in the "Removal of User Accounts, Posts and Name Changes" section, does "We are able to anonymize posts from accounts that have been deleted." imply editing posts that might have sensitive data in them? Which we already do right now, btw, on demand.
That line above is about what happens if we agree to delete a user account. The system will leave the posts as they are (the posts are public data without any sensitive or private data) and assign the posts to a "guest" user, and delete all other user-profile related data from the system (database).
Good question, Rudi! Thanks!!
All questions and comment welcome.
Unless all the other sites I have seen on the Internet who have recently updated their privacy policy due to GDPR, we have engaged our entire community for comments and questions prior to updating.
@Rudi - can there not be some kind of actual privacy threat? I encountered some posts (elsewhere) written by a guy who was doing a post doc. He was critical of someone's work - the same person to whom he is now applying for a faculty position.
Ignoring the fact that kind of criticism is not always okay to start with, we did edit out some few lines of two posts.
This kind of thing happens because moderators cannot read everything problematic that gets posted here, unless we are notified of a problem.
So, we can end up in a position like that. I'm not sure that type of thing is directly privacy related.
Not sure I get the subtleties of the English language ... if you say we can and will edit suspect posts, be it on demand or on our own findings, then I'm happy with that. I just wanted to emphasize that we are trying to keep high standards not only when asked to delete an account, but constantly day in day out, running the site.
Therefore, when a user posts any data, they are posting the data publicly.
When the user makes a mistake and posts data which moderators deem to be private data (for example email addresses), moderators generally delete or mask private data, which we have done here for a very long time.
The part of the policy which you quoted earlier was not related to the content of posts, except when a user requests their account to be completely deleted; and those posts which were posted by that users (all posts belong to the forums are are public data after posting), are reassigned to a different username (in this case "guest")
As I recall, all of this information above is discussed in the privacy policy; but if not, please let me know and where and what to add to the policy.
"deemed by the poster and the moderation team" ...
If we state "deemed by the poster" then they could demand anything to be deleted, even things which are not privacy related.
The bottom line is that we already state, as I recall, that posting is a public action.
The GDRP data, in general, is related to information which the user has not posted for public consumption and viewing (email address, sex, date of birth, etc).
When someone posts in a forum or makes a comment on a news article on some news website, they understand by posting that they are making public comments and that data that posted is not in the public domain and belongs to the web site.
