A bit of a heads up about the big day tomorrow and expectations.
You are going to get popups asking yo to consent to this and that. It's not going to happen at 12:01am. It's going to happen through the day. We've spent the day so far tidying up the various dialogue boxes and making sure everything is clear.
So, you are going to get an advertising consent option. BUT THIS WON'T MEAN YOU CAN OPT OUT OF ADS.
It will give you the option to opt out of certain aspects of advertising targeting. Whatever you consent to you will still gets ads. I don't want anyone to be disappointed.
During the day our new terms and conditions, privacy policy and data policy will go live and you will have to consent to those too. With these, your non consent means you simply don;t get to use the website, principally because consenting will be the only way to get rid of the bloody great box with the consent button.
Your account settings will (in your profile) be the place where you will have access to some new data tools. You'll be able to see what we have on you and you will also get the option to download and delete your data and your account.
We emailed everyone who was on our mailing list yesterday to inform them that we'd kicked them all off. We took the nuclear option and just wiped it clean. If you want in on our variable and occasional email newsletter then you need to go in to your profile once again <Profile> - <Edit> - <Newsletter> and turn it on. When you do that our records will show the date and time that you opted in. If you want out, just click 'No'.
Deletion of your data. There's a lot of discussion all over the internet about what this means and what companies can and can't do. here's the policy we are starting with.
Your deletion request to begin with will be just that.. a request. we are going to do this manually at first before we automate things later. You will push a button in your account that tells us you want to be deleted. What happens next is we check if you have posted on the site or not. If you have never posted then everything including your username will be deleted from our servers. It will be as if you never existed.
But if you have posted on our site at all then all your data apart from your username and IP addresses at the time of posting will be deleted. Why? Because we believe we have a legitimate interest in protecting the integrity of the forum archive. If users can remove their usernames from their posts, effectively anonymising anything they have said, we believe that will be detrimental to not just us but also you as forum users. We have always believed that everyone posting on our site should be accountable for what they post and we believe that has been part of what has made our forum as popular as it is. But there's more to it. By retaining usernames we can prevent them from being used again by future users and causing identity issues and confusion. In some extreme cases someone could be held responsible for something said by a previous owner of that username if usernames were deleted entirely from our servers. So we are going to retain them to prevent them ever being registered again in the future. We think this is best for us and best for you.
So, you can be sure that your username will never be recycled by anyone else in the future if you decide to delete your account and data.
Why IP addresses too? We use these for moderation and to protect the site from abuse. To delete these would open a loophole that our moderators and tech staff would have to deal with and so we will be acting in our legitimate interests as well as yours by retaining these.
Apart from username and IP address everything else will be deleted. Part from your posts of course. In the interests of managing expectations you won't be able to delete your posts. Those are part of the forum and website archive. deleting them would cause archive havoc, destroy the integrity and usability/readability of the forum.
I know that for some of you this will not be surprising but I also know that for others it will be and there's a lot of confusion over what will and won't happen. Our GDPR work is ongoing and we, along with thousands of other companies, will be developing things further over the coming weeks and months to make sure that everything we do with your data is as transparent and above board. We have to do this while making sure we can still function as a small company that publishes stuff about bikes and it's not easy. We won't always get it right but we will keep doing the very best we can and we hope you will be supportive and understanding along the way.
Standby..
Sounds about right.
Good luck with it.
Should i wear my Artisan trousers?
It will be as if you never existed.
I feel like Jason Bourne
Good post better the 99% of the crap out there
Will the traditional way of getting deleted, ie being an argumentative so and so, still work? 😉
a) Whatever you consent to you will still gets ads
Good luck with that in court.
b) we are going to do this manually at first before we automate things later
I can sell you a bit of world class software for the latter. And I'll still pay my Premier Subs
c). You’ll be able to see what we have on you and you will also get the option to download and delete your data and your account.
Cool, personality reset incoming
d) We won’t always get it right
Probably best to keep that quiet
Expect the advertising option is to opt you out of profiling so you won't be served ads that are as targeted as they could be. There's nothing in gdpr that allows you to opt out of receiving ads, and expect the 3rd parties who see your data to serve the ads are identified in the privacy policy so by accepting that (which is needed to use the site) the folks at stw towers are covered and nothing would even get to court.
Ads are not against GDPR sharing info to Ad companies without consent is, good luck with getting that to court.
So in theory I can ask to see all the internal STW corresponence concerning me including all of the inter-moderator correspondence that gets referred to on some threads and the notes that are kept on me. And anything that has my e-mail address on it. I don't want anything deleted but it would be interesting to see it. But perhaps not interesting enough to distract me from a "making progress" thread. And I'd rather you all spent the time fixing the things that still need fixing.
If we browse on multiple devices will we expect pop-ups on each and every device or does doing it once record it all. (Just curious like as I might make a choice to look first on desktop as easier to deal with pop-ups etc)
I would expect (hope) it's account-bound? Unless you log into them all at the same time.
Ads are not against GDPR sharing info to Ad companies without consent is, good luck with getting that to court.
What I'm referring to is use of my IP - which is my property - address to serve up information. Thats not target marketing, thats delivering content without my permission its a very grey area at the moment.
Anyway, hopefully it'll never come to that because lots and lots of companies would have issues. Vis a Vis, a poster tin the high st would potential come under the same clause, but I believe there's a "hiding in plan sight" issue being explored e.g. if I choose to visit STW where I know full well that STW will throw non targetted adds at me I have actual provided consent by choice by merely choosing to access the sight.
Horrible times.
Ah right might have been worth saying IP instead of Ads to avoid confusion. I’ve no real idea on the IP part if I’m honest.
If you post on the site you leave your IP address behind. The way you opt out of that is to not post on the website, which is entirely your choice. Again, it will all be in the privacy policy, data policy and TOS that you will be asked to agree/consent to. If you don't agree then you can't post - problem solved.
Is there a grey area when STW pass my IP address on to a 3rd party (e.g. an advertiser)? Just curious.
What I’m referring to is use of my IP – which is my property – address to serve up information.
AIUI, your IP address is only classed as personal data under GDPR if it can be used to personally identify you by the organisation who holds it. Ie, it's certainly personal data for your ISP, though they aren't bound by the right to erasure as the Snooper's Charter trumps this as a legal requirement to hold this information. A lowly forum doesn't have that access - we can't trace an IP to an actual individual - so it's irrelevant here.
99.9% of users are just allocated an IP by their ISP on the fly. Very few will have actually bought one. On it's own it doesn't uniquely identify anyone / any machine, your ISP can trace it back to a router running NAPT, but they can't* tell you anything about the PCs or users masked by the router.
*With DPI you might be able to identify people, but ISPs have better things to spend their money on.
So I'm not trying to argue, just understand the position you feel you've understood (as I work in software and data and have come across many interpretations recently) but, as long as STW's own software uses the IP we are all good.
But say that software is hosted, and the 3rd party data processor does not provide or record consent directly but continues by function to target ads - even non specific adds - they are using my IP to do so. Now, I may want to post on STW, but not receive anything from a certain bike vendor or be certain that the hosting software provider isn't sharing my data in the background. What your saying Mark is that in the post GDPR deadline for STW is that one does not come without the other . It's a pain yet neither right or wrong unless there's someone that understands this better .
In the future though, technology should allow me to differentiate between STW and a third party data processor you are using - is my understanding . Therefore I should be able to post on StW, receive adds from say Trek, but not receive adds from Exotic Asian (or maybe the other way lol). Where I am in my technology understanding is thats a bastard thing for a company to manage, especially (I say with respect) a low tech company with a minor IT budget . Even if the ads are pushed by STW to help revenue, there is some reverse data sharing which has to be psuedo anonymised because the advertising company will want to know number of hits, demographic, spatial location and so on to know if it's worth continue to pay back to STW.
It's a bloody mine field, especially for low tech organisations trying to stay alive by revenue as a mentioned .
We deal with co location of retail outlets at work, I wonder how that will work if people refuse to share thier demographic and location with phone handsets and telecoms providers . Back to old school.
Yes it's a bloody pain in the arse that has diverted us from doing stuff we want to do, like fix and develop things here on the site.
Therefore I should be able to post on StW, receive adds from say Trek, but not receive adds from Exotic Asian
It doesn't work like that. You have a right to not have your data shared to third parties. That doesn't mean you won't see ads from Exotic Asian. They may choose to target our website and not individuals and so would not need to see any of your personal data to do that. In short, you don't get to pick and choose ads.. you get to pick and choose who gets your data. Having an ad appear in your browser does not mean the advertiser or agency that provided it sees your personal data.
We are planning to move to a new ad server provider that uses a service called ZeroID
They provide ads from the programmatic networks but they create a kind of website 'persona' from the content and non-personal demographic data and then the ads target that 'persona' rather than individual users. Essentially it's the same as a bike company buying a full page ad in a bike mag because the subject matter of the magazine (not the reader) matches their product. Our hope is that there may be a move back to this more traditional form of advertising based on a website's overall demographic rather than individual targeting of users and that this may actually help get the rates paid for online display advertising out of the gutter, which is where they currently are.
A ha - I've heard the word Persona being banded about at work, starts to make sense...
I'd like to bet 99.9% of my posting has the same IP, Footflaps. It protects me from some of the stuff people moan about as it's French. Other foreign users have also noted imunity to some of the most intrusive ads.
Good luck, expect lots of complaints 🦆
In the interests of managing expectations you won’t be able to delete your posts. Those are part of the forum and website archive. deleting them would cause archive havoc, destroy the integrity and usability/readability of the forum.
On the one hand that seems fair enough. But I wonder what the black letter law interpretation would be. Even on Facebook when you delete your account you delete everything you’ve posted, public or not, and I can’t imagine them letting go of your stuff unless they absolutely had to.
I wish you luck, this sounds like an absolute horror for a small business to deal with.
What will I expect? STW forum webpage hijacking by phishing scams that tell me my PC has multiple viruses, using the Microsft Essentials logo, as has been reported several times over at least the last few weeks etc.
But if you have posted on our site at all then all your data apart from your username and IP addresses at the time of posting will be deleted. Why? Because we believe we have a legitimate interest in protecting the integrity of the forum archive.
Sounds reasonable, but <span style="font-size: 0.8rem;">you can't do that. You're just setting yourself up for unnecessary pain.</span>
I suspect the next person you ban will prove that to you.
I suspect the next person you ban will prove that to you.
I'm stunned that Edukator has not got on that particular bandwagon and cracked the whip already, tbh. That 'Troll'' handle resulted from a previous discussion in this very area.
It's consent time!
Nothing yet?
You'll get a message to accept/reject when you log in again - I tried it in another window.
Mark, before I log out and in again, whats going to happen if I reject all/some of the options? I'd rather not go through the effort of being locked out of STW and then having to email process my way back in with god knows how many others in the queue...? It'd be nice to know I can continue in some way... especially as I have a commercial arrangement with you.
I'm seeing loads of adverts now, can't find the settings to turn them off..my P seems to have gone too.
I think it is a shame that companies have seen this legislation, and not understood end users and legislators concerns about data, instead forcing an "opt in or **** off" approach (not stw specific, everybody is doing the same).
What I would like to know is, as a premium user I have opted out of adverts, is my data still monetized/shared to partners and the advertising companies?
If so I wouldn't mind paying an increased premium to have that not happen.
and not understood end users and legislators concerns about data
MSP, its a huge global* text with many variations and interpretations depending on use, source, technology, time, format.... I could go on.
It will take years for this to settle down into a defined, clear standard, likely its never will TBH.
*yes it is - its for data transacted in Europe/UK even if you are say a US company.
I've had mine, didn't understand a bloody word of it so clicked the absolute basics to get through to here in case I needed to ask questions.
The pop up box has the weather on It?
I just used the "back" button on my phone and it seems to have ignored it.
MSP.. No. We share nothing of your data with other companies unless we have your explicit consent to do so.
The only third party companies that see your personal data - which is essentially just your IP address - are advertising networks who are using personal level retargeting in their ads. That is by no means all ads and the popup box you will have seen gives you the option to not allow these companies to do that. If you opt out of trageted adverting you will then see non tergeted adverting instead. This may result in some very random ads but it may also result in some seemingly targeted ads that actually are not targeted at you but at our website. ie they don't use any of your data based on your IP address history but just target the website because of it's subject matter or general demographic profile.
Kryton,
The consent system is device specific. It stores a cookie on your device that contains your consent preferences. When you then browse our site this consent cookie is read by the advertising system (Called AOL ONE) and if you have not given consent for your personal data to be used to personalise ads the system will deliver to your browser a non personal ad, that may be very random or an ad based on the fact it's being delivered to the browser of someone visiting a bike related website. ie. the ads will target the site and NOT you.
When you come to our site on different devices you will see the same consent options as it's device specific. This means you can consent to personal ads on one device but not another. It can't work any other way as it has to be offered to all site visitors and not just registered users.
This is just the consent system we need to offer you for advertising. The new consent to our Privacy Policy, Data policy and new TOS will be literally popping up later today.
I’ve had mine, didn’t understand a bloody word of it so clicked the absolute basics to get through to here in case I needed to ask questions.
You are not alone. It's very complicated, but I'll try and answer any questions here.
I've just done my UKC one and that was much simpler / clearer. 4 tick boxes, 1 you HAVE to accept, the rest are your choice.
STW wanted about 6 and then one of them led to about 300. I cannot seem to find where I change my options if I've changed my mind or see what I agreed to.
Podge, it's all cookie based so you can just delete the EuConsent cookie that is registered to our domain.
Or you can just log out and then click the 'trouble logging in' link on the login page. That will remove the cookie and withdraw your consent. Then you will get the box again and you can consent again.
The tool to clear your consent cookie will be added into your new GDPR tools in your user profile shortly.
Our consent tool here (CMP) is the one developed by the IAB (Interactive Advertising Bureau) and is probably trying to be the gold standard for advertising.
OK, cheers for that. I presume its bad business practice but a nice big, "I want as little as possible" button would be good.
Mark - I got logged out and managed to log back in without the consent pop-up.
Me too on my iPad tried clearing cookies too.
Unless it’s some sort of roll out?
I would like to have my account and all personal details permanently removed and deleted including all posts I have made where someone could identify me through the details contained within those posts.
I would also like to be erased permantly from the memory of anyone who has ever seen any of the above or who may have seen any of the above but can't remember just now but who may possibly recall such a memory at anytime in the future.
OK?
You’d be better off deleting yourself 🤡
It has nothing to do with being logged in or not. You consent once and it remembers your consent options every time you visit until you decide to change your consent by removing the cookie.
It would be a total shit shower if you had to consent every time you login.
opted out.
but still get the popup.
You’d be better off deleting yourself
😀 Unintended consequences...
I opted out of targeted ads and then clicked through to a second screen listing partners, i [i]had[/i] to select one from that list, it wouldn't seem to let me reject all of those without bumping me back. Seemed odd.
There's issues AOL's consent manager so we are turning it off for now until they can fix it.
I wouldn't want to be you today!
Could someone please get back to me about the trousers?
Good initial post Mark… and nicely handled with the problems so far. A tough day. Hugs.
I’d like to bet 99.9% of my posting has the same IP, Footflaps. It protects me from some of the stuff people moan about as it’s French. Other foreign users have also noted imunity to some of the most intrusive ads.
Possibly they do, but unless you've specifically bought a subnet, you don't actually control your IP and it's registered to your ISP not you, so it's not a unique identifier. Anyone, on your LAN will exit your DSL router with the same IP address and be indistinguishable once the traffic has left your DSL router and entered the internet proper. ISPs tend to keep IPs the same per DSL user but they do move around. This is why websites use things like Cookies and go to great lengths to try and identify unique browsers etc (eg by reading settings) as the IP address is pretty useless for identifying people.
I’d like to bet 99.9% of my posting has the same IP, Footflaps.
It’s 20%.
Seriously, Drac? Thanks for checking if so. Whenever I've checked it's been the same IP. The last time it changed was when I went from copper to fibre. I don't use mobile because it's unusable without a P and often even with a P it seems.
ive not seen a pop-up all day. i read it may only happen when logging out and in, so did that on my phone (so i could still be logged in on laptop if i needed to ask any questions) but still didnt get any prompts. i dont mind if it stays that way 🙂
Yeah your more recent is, the highest is about 40% for a previous one you’ve posted here for years remember. I guess your isp changes it or like some others a hub reset does.
/posted on my mobile.
Here's the state of play at the end of day one of GDPR.
Our Consent Management System provided by our AOL provider failed. So we are junking it.
In fact we are moving from AOL entirely and switching to a new provider from a company called Freestar
As part of that we will be delivering ads via a company called ZeroID
ZeroID don't target ads to individuals. Instead they target websites. This means no personal data will be passed through the ads and so we won't need a CMP to comply with GDPR. I have no idea how this will affect our revenue until we try it. I'm hoping it will be better. It will certainly be better from a personal data POV.
We have the option to include a CMP that will let you decide to allow targeted ads. But the default condition will be targeting set to off. You will be given the option to be targeted by ads if you want. We may earn more from those ads, we may not. We will see.
Our new Privacy Policy is now up. Next Friday our site consent system will ask you to agree to it. There will also be a data policy published and new terms and conditions policy. I think then we will have covered everything until some company gets tested and we find out exactly what it all means. For now though the site will stay as it is until next Friday. Mainly because it's Fort Bill next week and the office is on a skeleton crew.
I’d like to bet 99.9% of my posting has the same IP, Footflaps. It protects me from some of the stuff people moan about as it’s French.
I don’t always bother with a VPN and never when visiting STW, but I’ve been known to reside in the Vatican and a large secure facility in Quantico...
IP isn’t a very reliable way of finding people who would prefer they weren’t unless you have extremely low level access and you’re generally in a lot of trouble already before that becomes relevant.
Honest question.
It has nothing to do with being logged in or not. You consent once and it remembers your consent options every time you visit until you decide to change your consent by removing the cookie.
It would be a total shit shower if you had to consent every time you login
What if you habitually login from different devices as you move around and/or have your ‘home’ devices set to burn your history and delete cookies on exit - which is a reasonable first step towards personal security and a general recommendation in many places? (The delete on exit not the nomadic behaviour)
I like Marks position on the interpretation of the new rules and his approach to the current conflict on how to apply these new rules.
Seems both logical and a sensible approach from both STW and us the user.
Good effort, no doubt it’s been an interesting few weeks behind the scenes.
Cheers
Woke up to a 30% drop in ad rates, so...
Our subscriptions are really good value. Just sayin'
😉