[deleted] Here you go:
First, I 80 to 90% agree with you on this topic so don’t get me wrong. But, you are sticking to saying all forums need this. And, the law just isn’t clear enough to 100% determine that. Especially if you are an individual, outside of Europe, who doesn’t bring in revenue or track users. I too work at a company that has to comply with GDPR. That doesn’t make me an expert.
Here’s support for my part of this spirited, and great debate:
This seems like an official European site?
They list various reasons you may not have to comply or may not have to comply fully.
The GDPR applies to:
1) a company or entity which processes personal data as part of the activities of one of its branches established in the EU, regardless of where the data is processed; or
2) a company established outside the EU and is offering goods/services (paid or for free) or is monitoring the behaviour of individuals in the EU.
My forum falls into #2. I do not monitor the behavior of users. And point #2 states “company.” “Entity” which could make it apply to me isn’t listed in #2. I’m not a company. Point #1 does mention ANY entity, but, I don’t fall into point #1.
This site goes on to say, from what I understand, that small companies are low risk. So more good news for small businesses. But once again, I’m not a company. So, to me, that’s zero risk or close to zero risk.
I also read statements like this all the time (this one from a Vanilla Forums page):
If your community has a global reach (it probably does) and you want to do business in the EU, you should comply. Protecting your customers’ data privacy, no matter where they are, is probably a good idea anyway. And, by the way, the law imposes hefty fines up to 4% of your annual revenue!
Well, once again, I’m not a company, I don’t run ads, I don’t make revenue. So… 🤷♂️
In conclusion, is it important for every single forum owner? It doesn’t seem like it. Therefore is it required in core? It doesn’t seem like it. Is it important if you are a business or organization? Yes. So, you are right to be concerned about “Flarum Foundation”… possibly. But Flarum Foundation should consult a lawyer.
For my small forum(s) I’m not worried about it.
Super personal opinion:
EU needs to make the law less broad and more specific if they want the majority of website owners to follow it. Data privacy is important. I too want my data safe. But, the law causes (sometimes) unessessary cookie notices, and promotes propaganda and fear mongering. All because they must have been too afraid to be a little bit specific. And sure, the individual is well protected. But, what about the small, non-revenue generating niche website? The law doesn’t protect them. Again I want companies to treat my data well too… but it’s a bad law. It needs some amendments. #1 amendment should be: we won’t mess with small niche website owners.