Help support TMP


"TMP and the EU GDPR legal query." Topic


21 Posts

All members in good standing are free to post here. Opinions expressed here are solely those of the posters, and have not been cleared with nor are they endorsed by The Miniatures Page.

For more information, see the TMP FAQ.


Back to the TMP Talk Message Board


Areas of Interest

General

1,407 hits since 27 Dec 2018
©1994-2019 Bill Armintrout
Comments or corrections?

138SquadronRAF Supporting Member of TMP27 Dec 2018 10:14 a.m. PST

Let's unpack the alphabet soup.

The European Union (EU) has in force the General Data Protection Regulations (GDPR) designed to protect the personal data of European Union Residents on all websites. This would include foreign based websites with no physical presence in the EU but collect personal data on members, for example the TMP. Checking through the FAQ's we don't seem to have a privacy policy.

So what is TMP policy on privacy and does it comply with GDPR? If there isn't one, what steps will be taken to comply?

I wonder how many other wargames companies are caught in this legal trap?

link

Rakkasan27 Dec 2018 10:24 a.m. PST

The editor's comments are here:
TMP link

138SquadronRAF Supporting Member of TMP27 Dec 2018 10:32 a.m. PST

My google fu is weak today.

Oberlindes Sol LIC27 Dec 2018 10:40 a.m. PST

Europe has neither class actions nor contingency fee agreements, so the only enforcement of GDPR will be by governmental regulators.

How will they respond to a complaint about a small website? Will they see it as a weak target that can be made into an example, or will they see it as not worth the resources required for prosecution?

martin goddard Sponsoring Member of TMP27 Dec 2018 11:02 a.m. PST

With the UK exit taking centre stage the GDPR will need time to come into the limelight.
I think there is a very very small chance of any of the smaller 1 person type businesses being prosecuted. i base this on the fact that many small war-game businesses don't even comply with putting a proper address on their site. Others quote illegal postal conditions too. They seem to "just carry on". The other reason being, that the small companies don't have much money to go after thus not much justification for legal pursuit. It would not be headline enough to deter others??

GDPR is a consideration for professional companies though.

We have already put GDPR into action here.

Personal logo PrivateSnafu Supporting Member of TMP27 Dec 2018 1:37 p.m. PST

Those dam,n banners on EU websites are terribly annoying and degrading the quality of websites to where I've stopped bothering to go to some.

I've been told by someone in the UK who runs a wargaming related website that use of the "cookie warning" was unenforceable or moot as it may be, so they dropped it from their site.

Some of you Nottingham netters should grab the gumption to do likewise.

I'm going to be governed by US law for the website I run. I'm not sharing anything other than what is necessary to fulfill orders. People can make their own judgments about my integrity. They don't need a bureaucrat in Brussels to do it for them.

Winston Smith27 Dec 2018 2:52 p.m. PST

I think the EU will have to send Gunboats up the Hudson River to enforce any imagined non-compliance.
Given the state of readiness in the German Navy (and what cute name are they calling it to avoid reminding sensitive souls of the Bismarck and U-boats?), I wouldn't hold my breath.

Dn Jackson27 Dec 2018 3:48 p.m. PST

I find it amazing that lawmakers in Brussels think they can tell people in China, Russia, or the US how to run their websites. Sounds like something that should be handled by treaty.

Dynaman878927 Dec 2018 6:47 p.m. PST

On the flipside the people in those countries have (at least indirectly) elected the people in Brussels to represent their interests in the world and if you want to do business with THEM you have to do so following the rules their representatives established.

Northern Monkey27 Dec 2018 7:19 p.m. PST

Actually, the real power in the EU, the commissioners, are NOT elected directly by the people. The people elect a "parliament" of MEPs which is there to rubber stamp directives which are nothing more than pronouncements handed down by the God-like commission. It's unrecognisable as democratic in any sense that those used to a Westminster-based system of directly elected representatives with clear manifesto commitments would recognise. Hence the British withdrawal.

Only today a friend of mine in Britain received an email to say that the EU was changing its VAT legislation and that British companies must change their systems during the remaining couple of months of their association with that body. It's an organisation that is completely unaware of the concept of small government, instead wanting to control every aspect of its citizens lives as well as anyone who has the temerity to do business with any of them.

Thresher01 Supporting Member of TMP27 Dec 2018 10:08 p.m. PST

Yep, I suspect assertions by Brussels' bureaucrats will have little if any affect on the far side of the pond.

Giles the Zog28 Dec 2018 4:41 a.m. PST

WRT the original request, GDPR does apply to anyone trading with citizens of the EU. IN reality, most war-games companies as single man outfits will sail under the radar unless they do something really stupid.

The UK's Information Commissioner's Office (ICO) made it clear that they would give leeway for the legislation to bed in. As you will have seen in my comments on the referenced thread, my council implemented all the relevant documentation and procedures on time as I have a very keen clerk, and one of my councillors is an IT geek (as am I). The village hall I am deputy chair of took longer but I was fairly certain there would be no problem as I was really the only holder of personal information and having had the training could justify its retention.

Basically it is just about not allowing personal details to pass outside your organisation, its really that simple. Hackers love to get hold of lists of e-mails, details of financial info etc, and regardless of GDPR you really wouldn't want your company to hit the headlines with details of deliberate or inadvertent leaks to hackers, spammers and scammers. If you do something stupid you'll lose trade, and that will be the most immediate problem, not any of the EU's various enforcement agencies like the ICO.

There are off the shelf items of paperwork available which you can cut and paste your company's name into and if you read them you'll soon see this is a storm in a teacup.

Giles the Zog28 Dec 2018 5:21 a.m. PST

As for the EU's actions, as a representative democracy, commissioners are subject to appointment by our representatives.

To draw a parallel, none of my constituents voted for me as chairman of the council. I was voted in by the councillors. the same goes for my deputy. None of the constituents voted for the sub group we have looking at our finances and hiking our budget, they were appointed by me in agreement with the council…ditto the sub group who did our development plan of where the new houses and businesses were going. My clerk and the secretary(s) then hammer out the documentation with the relevant councillors and its agreed by the council at large. We get expert advice in from external organisations and consultants as need be.

The GDPR legislation will have been done in the same way by the EU. All the members of the union will have had input for and against. The UK ICO will have had input as an expert organisation to the UK's representations to the relevant EU commissioner which they (UK govt) will have had a say in appointing. Relevant trade agreements will also have been consulted, amended or found to already cover this change in legislation.

AIUI, the only country trading under WTO terms only is Mauretania, all other nations have FTAs with other nations, and this sort of legislation will feature in those FTAs. This is why Farcebook, Cambridge Alanytica, Google and others are in hot water over the sharing of personal data.

That's representative democracy, as Edmund Burke put it:

Your representative owes you, not his industry only, but his judgment; and he betrays, instead of serving, you if he sacrifices it to your opinion.

As stated in my comments on the referenced thread, if you're not protecting customer data, backing it up, protecting it, cleansing it, and so on already, then that is when it becomes a problem both commercially and legally.

When the original Data protection Act came in, my company (defence and security) had to go through a data cleansing exercise. This is nothing new.

138SquadronRAF Supporting Member of TMP28 Dec 2018 10:43 a.m. PST

Checking through the FAQ's I can't find the Privacy Policy.

Where exactly is it please?

Whirlwind29 Dec 2018 3:59 a.m. PST

Could, theoretically, someone complain in the EU about TMP, the EU issue a fine, the Editor refuse to pay and then the EU block TMP in all its member states (and other signatories to the GDPR legislation)?

Legion 429 Dec 2018 9:50 a.m. PST

They will have to talk to my lawyer … evil grin

forrester29 Dec 2018 3:46 p.m. PST

It's very easy to just say "it's those interfering foreign bureaucrats", but do you WANT the organisations and companies you deal with to pass your data onto anyone prepared to pay for it? Or store it in such a way that anyone can help themselves?

In the past there has been far too much of that, and that's why you end up with legislation.

Giles the Zog29 Dec 2018 3:50 p.m. PST

Could, theoretically, someone complain in the EU about TMP, the EU issue a fine, the Editor refuse to pay and then the EU block TMP in all its member states (and other signatories to the GDPR legislation)?

No.
A person would have to complain to their relevant data authority (so in my case the ICO).

The ICO would then adjudicate and if the breach of law was egregious enough issue a fine. If the fine was large enough it would then be passed on to the relevant legal authorities (in my case the Crown Prosecution Service)who may then forward it to Interpol.

So it depends on how bad the offence was, how stupid it was and so on before international law enforcements agencies picked it up and did something about it.

It may affect visas and so on.

Its more likely that a breach of privacy would come under US law first as that is where TMP is based.

Personal logo Editor in Chief Bill The Editor of TMP Fezian31 Dec 2018 1:33 p.m. PST

Checking through the FAQ's I can't find the Privacy Policy.

Where exactly is it please?

What do you think should be there, which is currently not there? Be specific, and I will be glad to make updates to the FAQ.

138SquadronRAF Supporting Member of TMP08 Jan 2019 8:27 a.m. PST

What do you think should be there, which is currently not there? Be specific, and I will be glad to make updates to the FAQ.

Something like my firm is required to do under the Gramm–Leach–Bliley Act.

Have a Section of the FAQ notated as "Privacy Policy"

State clearly what you do to protect our personal information and how you do it.

State what you're 'Cookie" policy is and how it effects our privacy.

State clearly the actions you take to protect your site from unauthorised access.

State how you comply with the GDPR legislation. The US is far behind Europe in regulating privacy of the internet for many areas of business, my section is an exception.

Personal logo Editor in Chief Bill The Editor of TMP Fezian11 Jan 2019 12:09 p.m. PST

State clearly what you do to protect our personal information and how you do it.

We don't have any personal information about you on our server, except for email addresses. That database is not available to the public.

State what you're 'Cookie" policy is and how it effects our privacy.

We use cookies to recognize you so that you don't have to log in every time you visit TMP. Has no effect on your privacy.

State clearly the actions you take to protect your site from unauthorised access.

Standard website security procedures, handled by our hosting service.

State how you comply with the GDPR legislation. The US is far behind Europe in regulating privacy of the internet for many areas of business, my section is an exception.

We do not recognize the GDPR as having jurisdiction over us. It appears the current case against Google is about to reach the same conclusion.

Sorry - only verified members can post on the forums.