Talkyard hosted comments and GDPR, CCPA

Hi Aris, good question. I'm just re-reviewing 3rd party data processors used by our Software as a Service (incl Amazon Simple Email Service, Google Cloud Project, Automattic Akismet).

There's one that doesn't have its own Data Processing Agreement: Stopforumspam .com. I suspect Talkyard will need to stop using Stopforumspam or make it opt-in.

Stopforumspam has a GDPR policy but no DPA — then what? I'm not sure. Here's their GDPR policy: https://www.stopforumspam.com/gdpr

I also need to enable some code that purges already soft deleted Talkyard sites. (Have been "dry running" that code for a while, to catch any bugs — purging / hard deleting whole sites makes me nervous.)

I'm writing a GDPR DPA (Data Processing Agreement) document that we can agree about if you want.

shut the blog down in lieu of descending down a never ending legal rabbit holes

I suspect that all that's needed by you, is a make sense privacy policy, and review our DPA, and ... maybe mentioning how your blog commenters can delete their Talkyard accounts — maybe you could link to: How to delete your own personal data (GDPR), from your privacy policy? (But I'm not a lawyer, this is not intended as legal advice.)

compliant with CCPA laws

Having had a look at CCPA here: https://en.wikipedia.org/wiki/California_Consumer_Privacy_Act it seems to me that CCPA is less strict than GDPR:

CCPA differs in definition of personal information from GDPR as in some cases the CCPA only considers data that was provided by a consumer. The GDPR does not make that distinction and covers all personal data

I might be mistaken, having had just a quick look at CCPA, but it seems to me that all companies living up to GDPR, also are CCPA compliant.