No internet connection
  1. Home
  2. Support

Talkyard hosted comments and GDPR, CCPA

By Aris J Green @greenaj2021-04-03 04:24:02.887Z

I singed up for the Almost Free plan for hosting comments a new programming blog. I am not using Google Analytics and wondered if the Talkyard hosting in is GDPR compliant and hopefull if also compliant with CCPA laws in the state of California.

Any help appreciated. I may just shut the blog down in lieu of descending down a never ending legal rabbit holes of more never ending questions and answers.

  • 1 replies
  1. KajMagnus @KajMagnus2021-04-04 06:35:44.240Z2021-04-04 09:19:22.350Z

    Hi Aris, good question. I'm just re-reviewing 3rd party data processors used by our Software as a Service (incl Amazon Simple Email Service, Google Cloud Project, Automattic Akismet).

    There's one that doesn't have its own Data Processing Agreement: Stopforumspam .com. I suspect Talkyard will need to stop using Stopforumspam or make it opt-in.

    Stopforumspam has a GDPR policy but no DPA — then what? I'm not sure. Here's their GDPR policy: https://www.stopforumspam.com/gdpr

    I also need to enable some code that purges already soft deleted Talkyard sites. (Have been "dry running" that code for a while, to catch any bugs — purging / hard deleting whole sites makes me nervous.)

    I'm writing a GDPR DPA (Data Processing Agreement) document that we can agree about if you want.

    shut the blog down in lieu of descending down a never ending legal rabbit holes

    I suspect that all that's needed by you, is a make sense privacy policy, and review our DPA, and ... maybe mentioning how your blog commenters can delete their Talkyard accounts — maybe you could link to: How to delete your own personal data (GDPR), from your privacy policy? (But I'm not a lawyer, this is not intended as legal advice.)

    compliant with CCPA laws

    Having had a look at CCPA here: https://en.wikipedia.org/wiki/California_Consumer_Privacy_Act it seems to me that CCPA is less strict than GDPR:

    CCPA differs in definition of personal information from GDPR as in some cases the CCPA only considers data that was provided by a consumer. The GDPR does not make that distinction and covers all personal data

    I might be mistaken, having had just a quick look at CCPA, but it seems to me that all companies living up to GDPR, also are CCPA compliant.