(03-19-2018, 05:11 AM)jdmfarms Wrote: Hello.
As the net nannies make the www more secure, i am inquiring to see if userspice developers keep these regulations in mind. Im confident security is the forefront of your mind. Some aspects of the topic require the use of industry standards which i am a novice at...only know when another developer points something out.
However, are u aware of this GDPR? https://www.eugdpr.org
It is for protecting EU members which means any site in the world may need to comply.
Thank you.
UserSpice it self has nothing to do with the new GDPR/AVG laws. It only creates a means to make registering and authenticating of users possible.
The developer that uses UserSpice for creating websites/app's need to take care for the GDPR/AVG laws.
GDPR/AVG states that no website/app may store or track user behavior without letting the user know and ask for his/her permission.
By registering the user already states he/she is storing his/her authentication credentials in the UserSpice part of the website/app with his/her permission.
Storing other information of the user is due to the scripting/programming of the developer and therefor out of the scope of UserSpice.
GDPR/AVG further states that the user must be able to view all the information that is stored about him/her and must be able to remove or edit this information. Also there must be an option to fully remove all information of that user under a “Forget me” option.
Taking this in account the developer needs to make sure these options are available to the users and that the scripting of UserSpice that removes the users account, also removes everything else from that user that is stored by the scripting/programming of the developer.
One thing is allowed though, and that is keeping the user statistic information after it is stripped from all information that can be related to a specific user/person.
For example, after a user requested a “Forget me” on a e-shop website, all information of that user must be removed from the site but statistic information like “gender
w, in the age range of
x till
y, mostly order
z” may still be used when all the re-traceable information is stripped from it.
But as said, this is all outside the scope of UserSpice it self.