Topic: Privacy Policy Updated (GDPR)

Hello!

Those of you in the EU will no doubt be getting countless emails regarding GDPR and updates to Privacy Policies. The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA. These laws come into effect on May 25th 2018.

We've always taken data protection seriously but have recently made some changes to our processes and documentation to further meet the requirements of GDPR. As part of this work, we’ve updated our privacy policy to give you more insights into how we process your personal data.

We've improved the wording of our Privacy Policy to make it easier for you to understand how we handle your personal data, and we’ve also made it more detailed and specific.

We've also removed some data fields from our system. We have removed gender, date of birth and gaming habits. We felt that this personal information was no longer required to operate the website and therefore decided to remove it. Please note that these questions may still appear in specific surveys but are no longer held against user accounts.

If you're visiting the website within the EU, you will also see a personalised adverts consent banner. If you are not in the EU you can also opt out of personalised ads by visiting the Privacy Policy page.

We hope you find the updated policy useful, we will continue to update it based on any frequently asked questions we receive from you.

Thanks!

How the hell am I going to know which gender I am now?

@kyleforrester87 sorry, that information has been deleted.

@antdickens nooooooooo...!!

We these changes to the law a reaction to the recent Facebook scandal or was this in the works for a long while.

Well, adverts for that computer mouse I bought a few weeks ago don't particularly interest me, so I selected no on that personalised ads banner.

@adf86 no, this is something that's been the works for years now but things like recent events with Facebook are a good example of why it's happening!

Gaming habits?

I know for a fact everyone here has that so I can understand its removal. It was probably after the questions can you read? Are you breathing? And Would you like Streets of Rage 4?

@themcnoisy or a bloody SSX3 remake. Seriously need to play this game again. Maybe just for 15 minutes to get it out my system. Maybe I should get a HDMI to SCART so I can hook up my PS2 at least.

@crimsontadpoles They've always been my favourite. "You purchased this Blu-Ray from Amazon last month. Based on that purchase, Amazon recommends... another copy of the same Blu-Ray."

@crimsontadpoles I think it's better than those adverts for those posh flats in London for sale I used to see before personalised ads came into play.

I wonder if we will have to go through this again when Brexit (I hate that phrase) happens?

I had to do an online course on GDPR in work and then a test. I passed with 88%. Woo hoo.

@kyleforrester87 I wouldnt mind a game on ssx again actually.

So forgive me for being ignorant but of course being from the States I don't follow European news and such but what does this law do exactly and why is everyone changing their policies?

@Tasuki If you've got a bit of spare time: REGULATION (EU) 2016/679

In short, it aims to give people more control over the personal data collected online and the distribution of it. If websites choose to collect and distribute data, they have to disclose it.

@Tasuki It's an effort to unify data protection regulations across all EU member states; up until now, everybody's kinda had their own take on the subject, and didn't follow EU guidance as closely. The pre-existing EU regulation on data protection was enacted in 1995, and technology (specifically with regards to the internet and behaviour tracking) has moved on so quickly since then, it's no longer fit-for-purpose.

It's not really a law; as a piece of regulation, all member states are bound to it, but don't have to pass any legislation to enable it. I'll leave the political debate about that to others.

The regulation itself specifically targets the collection, processing and storage of personally-identifiable information. The definitions have been widened, which is probably now why Push Square doesn't have the capacity to store information on people's gender, date of birth and gaming habits (that last one is a bit of a head-scratcher, but it's always better safe than sorry when dealing with such things). Anybody, any company or any website handling personal data must now use systems that have data protection "by design and by default", rather than anything opt-out or stored separately. All data must be subject to pseudonymisation, with no method of identifying the data's owner (a.k.a. the individual it pertains to) without additional secure, separate layers of checks and verifications, and no data may be shared publicly or internationally without express, explicit consent.

Any company suffering a data breach (like the infamous PSN hack a couple years ago) must disclose the breach within 72 hours. All EU citizens can request a portable copy of their data from any company at any time, and can request it permanently destroyed under certain circumstances, and all companies or public authorities with an emphasis on collecting and storing user data must now employ a Data Protection Officer to continually monitor and enforce all this.

For small websites and the general public, the only real day-to-day impact this has is on tracking cookies and targetted advertising, as companies figuring out that Mr. Smith at Number 47 likes Earl Grey tea were getting a bit fast and loose with how they arrived at that realisation AND what they subsequently did with it. Nevertheless, with such a strict regulation now in place, anybody handling any kind of personal data (including Push Square, an opt-in community of people discussing gaming) must comply.

For people who always clear their cookies upon exiting their browser, there's no change, and no, I've no idea what Brexit will do to the UK's part in this (don't worry; nobody does, not even the government).

@Octane Well, that just shows how long I spend typing a bunch of paragraphs.

It means that people in the I.T industry (like wot I is) are having a ballache of a time. On the plus side, I am hoping my spam reduces after this. That said, how will I know what new pills will make me bigger and satisfy my special friends?

@Rudy_Manchego Don't worry; they're the ones you can get from that most-friendable Nigerian prince, who needs much kindly from your co-operation.

@RogerRoger Yeah - I absolutely love to interact with those scam emails. I've had whole conversations going back and forth. My favourite was when I was asked to help get gold out of a war torn country by giving my bank details. Instead I offered to put together a palamilitary mercenary task force to helicopter into the country and seize the gold and get it out of the country. I basically just quoted the titles to the A Team. That conversation went on for two months.

@RogerRoger Nice write up!

Ultimately we at Push Square don't hold that much personal data, but decided to ditch some of it because frankly, we've never done anything with it, which is kind of the point with GDPR (eg, Do we really need this data vs the risk of holding it?).

I like to think we're pretty responsible with the data we do hold, it's stored securely and we don't share it with third parties, therefore GDPR hasn't been too much of a problem, more just formalising what we already do.

Personally, I welcome the changes, there are far too many organisations that harvest data and don't really have robust policies in place as to what they do with it.

Happy GDPR Day