A bit of a heads up about the big day tomorrow and expectations.

You are going to get popups asking yo to consent to this and that. It’s not going to happen at 12:01am. It’s going to happen through the day. We’ve spent the day so far tidying up the various dialogue boxes and making sure everything is clear.

So, you are going to get an advertising consent option. BUT THIS WON’T MEAN YOU CAN OPT OUT OF ADS.

It will give you the option to opt out of certain aspects of advertising targeting. Whatever you consent to you will still gets ads. I don’t want anyone to be disappointed.

During the day our new terms and conditions, privacy policy and data policy will go live and you will have to consent to those too. With these, your non consent means you simply don;t get to use the website, principally because consenting will be the only way to get rid of the bloody great box with the consent button.

Your account settings will (in your profile) be the place where you will have access to some new data tools. You’ll be able to see what we have on you and you will also get the option to download and delete your data and your account.

We emailed everyone who was on our mailing list yesterday to inform them that we’d kicked them all off. We took the nuclear option and just wiped it clean. If you want in on our variable and occasional email newsletter then you need to go in to your profile once again <Profile> – <Edit> – <Newsletter> and turn it on. When you do that our records will show the date and time that you opted in. If you want out, just click ‘No’.

Deletion of your data. There’s a lot of discussion all over the internet about what this means and what companies can and can’t do. here’s the policy we are starting with.

Your deletion request to begin with will be just that.. a request. we are going to do this manually at first before we automate things later. You will push a button in your account that tells us you want to be deleted. What happens next is we check if you have posted on the site or not. If you have never posted then everything including your username will be deleted from our servers. It will be as if you never existed.

But if you have posted on our site at all then all your data apart from your username and IP addresses at the time of posting will be deleted. Why? Because we believe we have a legitimate interest in protecting the integrity of the forum archive. If users can remove their usernames from their posts, effectively anonymising anything they have said, we believe that will be detrimental to not just us but also you as forum users. We have always believed that everyone posting on our site should be accountable for what they post and we believe that has been part of what has made our forum as popular as it is. But there’s more to it. By retaining usernames we can prevent them from being used again by future users and causing identity issues and confusion. In some extreme cases someone could be held responsible for something said by a previous owner of that username if usernames were deleted entirely from our servers. So we are going to retain them to prevent them ever being registered again in the future. We think this is best for us and best for you.

So, you can be sure that your username will never be recycled by anyone else in the future if you decide to delete your account and data.

Why IP addresses too? We use these for moderation and to protect the site from abuse. To delete these would open a loophole that our moderators and tech staff would have to deal with and so we will be acting in our legitimate interests as well as yours by retaining these.

Apart from username and IP address everything else will be deleted. Part from your posts of course. In the interests of managing expectations you won’t be able to delete your posts. Those are part of the forum and website archive. deleting them would cause archive havoc, destroy the integrity and usability/readability of the forum.

I know that for some of you this will not be surprising but I also know that for others it will be and there’s a lot of confusion over what will and won’t happen. Our GDPR work is ongoing and we, along with thousands of other companies, will be developing things further over the coming weeks and months to make sure that everything we do with your data is as transparent and above board. We have to do this while making sure we can still function as a small company that publishes stuff about bikes and it’s not easy. We won’t always get it right but we will keep doing the very best we can and we hope you will be supportive and understanding along the way.

Standby..

Sounds about right.

Good luck with it.

Should i wear my Artisan trousers?

 It will be as if you never existed.

I feel like Jason Bourne

Good post better the  99% of the crap out there

Will the traditional way of getting deleted, ie being an argumentative so and so, still work? 😉

a) Whatever you consent to you will still gets ads

Good luck with that in court.

b) we are going to do this manually at first before we automate things later

I can sell you a bit of world class software for the latter.  And I’ll still pay my Premier Subs

c). You’ll be able to see what we have on you and you will also get the option to download and delete your data and your account.

Cool, personality reset incoming

d) We won’t always get it right

Probably best to keep that quiet

Expect the advertising option is to opt you out of profiling so you won’t be served ads that are as targeted as they could be. There’s nothing in gdpr that allows you to opt out of receiving ads, and expect the 3rd parties who see your data to serve the ads are identified in the privacy policy so by accepting that (which is needed to use the site) the folks at stw towers are covered and nothing would even get to court.

Ads are not against GDPR sharing info to Ad companies without consent is, good luck with getting that to court.

So in theory I can ask to see all the internal STW corresponence concerning me including all of the inter-moderator correspondence that gets referred to on some threads and the notes that are kept on me. And anything that has my e-mail address on it. I don’t want anything deleted but it would be interesting to see it. But perhaps not interesting enough to distract me from a “making progress” thread. And I’d rather you all spent the time fixing the things that still need fixing.

If we browse on multiple devices will we expect pop-ups on each and every device or does doing it once record it all. (Just curious like as I might make a choice to look first on desktop as easier to deal with pop-ups etc)

I would expect (hope) it’s account-bound?  Unless you log into them all at the same time.

Ads are not against GDPR sharing info to Ad companies without consent is, good luck with getting that to court.

What I’m referring to is use of my IP – which is my property – address to serve up information.  Thats not target marketing, thats delivering content without my permission its a very grey area at the moment.

Anyway, hopefully it’ll never come to that because lots and lots of companies would have issues.  Vis a Vis, a poster tin the high st would potential come under the same clause, but I believe there’s a “hiding in plan sight” issue being explored e.g. if I choose to visit STW where I know full well that STW will throw non targetted adds at me I have actual provided consent by choice by merely choosing to access the sight.

Horrible times.

Ah right might have been worth saying IP instead of Ads to avoid confusion. I’ve no real idea on the IP part if I’m honest.

If you post on the site you leave your IP address behind. The way you opt out of that is to not post on the website, which is entirely your choice. Again, it will all be in the privacy policy, data policy and TOS that you will be asked to agree/consent to. If you don’t agree then you can’t post – problem solved.

Is there a grey area when STW pass my IP address on to a 3rd party (e.g. an advertiser)? Just curious.

What I’m referring to is use of my IP – which is my property – address to serve up information.

AIUI, your IP address is only classed as personal data under GDPR if it can be used to personally identify you by the organisation who holds it.  Ie, it’s certainly personal data for your ISP, though they aren’t bound by the right to erasure as the Snooper’s Charter trumps this as a legal requirement to hold this information.  A lowly forum doesn’t have that access – we can’t trace an IP to an actual individual – so it’s irrelevant here.

99.9% of users are just allocated an IP by their ISP on the fly. Very few will have actually bought one. On it’s own it doesn’t uniquely identify anyone / any machine, your ISP can trace it back to a  router running NAPT, but they can’t* tell you anything about the PCs or users masked by the router.

*With DPI you might be able to identify people, but ISPs have better things to spend their money on.

So I’m not trying to argue, just understand the position you feel you’ve understood (as I work in software and data and have come across many interpretations recently) but, as long as STW’s own software uses the IP we are all good.

But say that software is hosted, and the 3rd party data processor does not provide or record consent directly but continues by function to target ads – even non specific adds – they are using my IP to do so.  Now, I may want to post on STW, but not receive anything from a certain bike vendor or be certain that the hosting software provider isn’t sharing my data in the background.   What your saying Mark is that in the post GDPR deadline for STW is that one does not come without the other .   It’s a pain yet neither right or wrong unless there’s someone that understands this better .

In the future though, technology should allow me to differentiate between STW and a third party data processor you are using – is my understanding .  Therefore I should be able to post on StW, receive adds from say Trek, but not receive adds from Exotic Asian (or maybe the other way lol).  Where I am in my technology understanding is thats a bastard thing for a company to manage, especially (I say with respect) a low tech company with a minor IT budget .    Even if the ads are pushed by STW to help revenue, there is some reverse data sharing which has to be psuedo anonymised because the advertising company will want to know number of hits, demographic, spatial location and so on to know if it’s worth continue to pay back to STW.

It’s a bloody mine field, especially for low tech organisations trying to stay alive by revenue as a mentioned .

We deal with co location of retail outlets at work, I wonder how that will work if people refuse to share thier demographic and location with phone handsets and telecoms providers .   Back to old school.

Yes it’s a bloody pain in the arse that has diverted us from doing stuff we want to do, like fix and develop things here on the site.

Therefore I should be able to post on StW, receive adds from say Trek, but not receive adds from Exotic Asian

It doesn’t work like that. You have a right to not have your data shared to third parties. That doesn’t mean you won’t see ads from Exotic Asian. They may choose to target our website and not individuals and so would not need to see any of your personal data to do that. In short, you don’t get to pick and choose ads.. you get to pick and choose who gets your data. Having an ad appear in your browser does not mean the advertiser or agency that provided it sees your personal data.

We are planning to move to a new ad server provider that uses a service called ZeroID

They provide ads from the programmatic networks but they create a kind of website ‘persona’ from the content and non-personal demographic data and then the ads target that ‘persona’ rather than individual users. Essentially it’s the same as a bike company buying a full page ad in a bike mag because the subject matter of the magazine (not the reader) matches their product. Our hope is that there may be a move back to this more traditional form of advertising based on a website’s overall demographic rather than individual targeting of users and that this may actually help get the rates paid for online display advertising out of the gutter, which is where they currently are.

A ha – I’ve heard the word Persona being banded about at work, starts to make sense…

I’d like to bet 99.9% of my posting has the same IP, Footflaps. It protects me from some of the stuff people moan about as it’s French. Other foreign users have also noted imunity to some of the most intrusive ads.

Good luck, expect lots of complaints 🦆

In the interests of managing expectations you won’t be able to delete your posts. Those are part of the forum and website archive. deleting them would cause archive havoc, destroy the integrity and usability/readability of the forum.

On the one hand that seems fair enough. But I wonder what the black letter law interpretation would be. Even on Facebook when you delete your account you delete everything you’ve posted, public or not, and I can’t imagine them letting go of your stuff unless they absolutely had to.

I wish you luck, this sounds like an absolute horror for a small business to deal with.

What will I expect? STW forum webpage hijacking by phishing scams that tell me my PC has multiple viruses, using the Microsft Essentials logo, as has been reported several times over at least the last few weeks etc.

  But if you have posted on our site at all then all your data apart from your username and IP addresses at the time of posting will be deleted. Why? Because we believe we have a legitimate interest in protecting the integrity of the forum archive.

Sounds reasonable, but <span style=”font-size: 0.8rem;”>you can’t do that. You’re just setting yourself up for unnecessary pain.</span>

I suspect the next person you ban will prove that to you.

I suspect the next person you ban will prove that to you.

I’m stunned that Edukator has not got on that particular bandwagon and cracked the whip already, tbh. That ‘Troll” handle resulted from a previous discussion in this very area.

It’s consent time!

Nothing yet?

You’ll get a message to accept/reject when you log in again – I tried it in another window.

Mark, before I log out and in again, whats going to happen if I reject all/some of the options?   I’d rather not go through the effort of being locked out of STW and then having to email process my way back in with god knows how many others in the queue…?  It’d be nice to know I can continue in some way… especially as I have a commercial arrangement with you.

I’m seeing loads of adverts now, can’t find the settings to turn them off..my P seems to have gone too.

I think it is a shame that companies have seen this legislation, and not understood end users and legislators concerns about data, instead forcing an “opt in or **** off” approach (not stw specific, everybody is doing the same).

What I would like to know is, as a premium user I have opted out of adverts, is my data still monetized/shared to partners and the advertising companies?

If so I wouldn’t mind paying an increased premium to have that not happen.

and not understood end users and legislators concerns about data

MSP, its a huge global* text with many variations and interpretations depending on use, source, technology, time, format….   I could go on.

It will take years for this to settle down into a defined, clear standard, likely its never will TBH.

*yes it is – its for data transacted in Europe/UK even if you are say a US company.

I’ve had mine, didn’t understand a bloody word of it so clicked the absolute basics to get through to here in case I needed to ask questions.

The pop up box has the weather on It?

I just used the “back” button on my phone and it seems to have ignored it.

MSP.. No. We share nothing of your data with other companies unless we have your explicit consent to do so.

The only third party companies that see your personal data – which is essentially just your IP address – are advertising networks who are using personal level retargeting in their ads. That is by no means all ads and the popup box you will have seen gives you the option to not allow these companies to do that. If you opt out of trageted adverting you will then see non tergeted adverting instead. This may result in some very random ads but it may also result in some seemingly targeted ads that actually are not targeted at you but at our website. ie they don’t use any of your data based on your IP address history but just target the website because of it’s subject matter or general demographic profile.

Kryton,

The consent system is device specific. It stores a cookie on your device that contains your consent preferences. When you then browse our site this consent cookie is read by the advertising system (Called AOL ONE) and if you have not given consent for your personal data to be used to personalise ads the system will deliver to your browser a non personal ad, that may be very random or an ad based on the fact it’s being delivered to the browser of someone visiting a bike related website. ie. the ads will target the site and NOT you.

When you come to our site on different devices you will see the same consent options as it’s device specific. This means you can consent to personal ads on one device but not another. It can’t work any other way as it has to be offered to all site visitors and not just registered users.

This is just the consent system we need to offer you for advertising. The new consent to our Privacy Policy, Data policy and new TOS will be literally popping up later today.

I’ve had mine, didn’t understand a bloody word of it so clicked the absolute basics to get through to here in case I needed to ask questions.

You are not alone. It’s very complicated, but I’ll try and answer any questions here.

I’ve just done my UKC one and that was much simpler / clearer. 4 tick boxes, 1 you HAVE to accept, the rest are your choice.

STW wanted about 6 and then one of them led to about 300. I cannot seem to find where I change my options if I’ve changed my mind or see what I agreed to.

Podge, it’s all cookie based so you can just delete the EuConsent cookie that is registered to our domain.

Or you can just log out and then click the ‘trouble logging in’ link on the login page. That will remove the cookie and withdraw your consent. Then you will get the box again and you can consent again.

The tool to clear your consent cookie will be added into your new GDPR tools in your user profile shortly.

Our consent tool here (CMP) is the one developed by the IAB (Interactive Advertising Bureau) and is probably trying to be the gold standard for advertising.

OK, cheers for that. I presume its bad business practice but a nice big, “I want as little as possible” button would be good.