This isn't law, at least, yet, and there are usually several years between something becoming EU law and individual nations having to make it national law. IANAL, but I can see plenty of scope for PM to be harassed by the disgruntled or malicious, especially since at least one of the gods claims to live in the EU. I therefore offer a few ideas on how to minimise the risks. This should be read bearing in mind that no-one currently knows what the law will be in its final form and that I have no idea of the issues caused by the code that runs the site. Please read everything that follows as if I had started with "I suggest".
The "Monastery gates" page should contain a link to a privacy policy, including information on how to get yourself forgotten, the storage of passwords in plain text, the ease or difficulty with which an anonymonk posting can be tied to an individual and the fact that we do not like to change history.
Registered monks can be forgotten by request to the gods. The process will involve the locking of the account, the change of ownership of all nodes written by the monk to "Anonymous Monk", the deletion of any links to the monk's home page and the deletion of the monk's name from all posts by that monk.
Anonymous monks who have posted personally identifiable information will have to show that there is a reasonable degree of linkage between the post and the individual to get the post edited. John Davies has no chance (it's such a common name) unless he can quote the IP address and PM keeps a record (see above). PM gods will have to take into account any other personally identifiable information in such a post. This seems to me to involve a lot of work, but should be rare enough.
It's now the Information Commissioner's Office, but when it was the Data Protection Registrar, I found the staff there very helpful. I hereby volunteer, if so instructed by the gods, to contact them and report back on their advice.
Not all mentions of MonkNames are linkified in other monks' nodes. This means there is a hole for personal information to slip through. I don't know how difficult it would be to automate a process to check that MonkNames are linkified. If it must be done manually, I hereby volunteer to check all my own nodes, consider any other nodes I find and, should the gods see fit to grant me the power, do such janitorial work as is needed.
I think what I am proposing is overkill. I certainly hope it is. But we have had instances of monks leaving in hissy fits and it seems to me that the proposed new legislation could give such people the power to cause considerable problems. Were I a god, I would sleep better if the issues had been considered in good time and mechanisms put in place to minimise disruption.
Regards,
John Davies
Update 2012-06-08: This suggests that the current draft might not apply to PerlMonks, in that it refers to companies offering a service. TTBOMK PM is not a company and since it's not a business either, we might be exempt. Let's hope so. The article also mentions the likely cost to businesses of compliance (which might cause delay or cancellation) and the problems of "unprecedented co-operation", so there are grounds to hope that this will get nowhere near us.
Update 2014-05-14: The back door imposition of the "right to be forgotten" by the ECJ on Google has attracted some unfavourable reactions, such as http://blogs.telegraph.co.uk/news/brendanoneill2/100271366/theres-a-whiff-of-orwells-ministry-of-truth-to-the-eu-backed-right-to-be-forgotten/, http://www.cityam.com/article/1400029630/online-giants-be-hit-google-loses-eu-data-case and http://blogs.telegraph.co.uk/news/douglascarswellmp/100271108/europe-tells-google-to-delete-data-corrupt-politicians-will-be-thrilled-now-they-can-hide-their-secrets/.
|
|---|