No internet connection
  1. Home
  2. Support

Talkyard hosted comments and GDPR, CCPA

By Aris J Green @greenaj
    2021-04-03 04:24:02.887Z

    I singed up for the Almost Free plan for hosting comments a new programming blog. I am not using Google Analytics and wondered if the Talkyard hosting in is GDPR compliant and hopefull if also compliant with CCPA laws in the state of California.

    Any help appreciated. I may just shut the blog down in lieu of descending down a never ending legal rabbit holes of more never ending questions and answers.

    • 1 replies
    1. KajMagnus @KajMagnus2021-04-04 06:35:44.240Z2021-04-04 09:19:22.350Z

      Hi Aris, good question. I'm just re-reviewing 3rd party data processors used by our Software as a Service (incl Amazon Simple Email Service, Google Cloud Project, Automattic Akismet).

      There's one that doesn't have its own Data Processing Agreement: Stopforumspam .com. I suspect Talkyard will need to stop using Stopforumspam or make it opt-in.

      Stopforumspam has a GDPR policy but no DPA — then what? I'm not sure. Here's their GDPR policy:

      I also need to enable some code that purges already soft deleted Talkyard sites. (Have been "dry running" that code for a while, to catch any bugs — purging / hard deleting whole sites makes me nervous.)

      I'm writing a GDPR DPA (Data Processing Agreement) document that we can agree about if you want.

      shut the blog down in lieu of descending down a never ending legal rabbit holes

      I suspect that all that's needed by you, is a make sense privacy policy, and review our DPA, and ... maybe mentioning how your blog commenters can delete their Talkyard accounts — maybe you could link to: How to delete your own personal data (GDPR), from your privacy policy? (But I'm not a lawyer, this is not intended as legal advice.)

      compliant with CCPA laws

      Having had a look at CCPA here: it seems to me that CCPA is less strict than GDPR:

      CCPA differs in definition of personal information from GDPR as in some cases the CCPA only considers data that was provided by a consumer. The GDPR does not make that distinction and covers all personal data

      I might be mistaken, having had just a quick look at CCPA, but it seems to me that all companies living up to GDPR, also are CCPA compliant.