Go Back   Family Tree DNA Forums > Group Administrators Forums > Group Administrators - Advanced Chat

Group Administrators - Advanced Chat Discussion forum for Project Group Administrators. Exchange experiences, ideas and interpretation of results.

Reply
 
Thread Tools Display Modes
  #1  
Old 20th April 2018, 06:15 AM
oma04 oma04 is offline
mtdna X2d, ydna I-M253
 
Join Date: Oct 2014
Location: Connecticutt
Posts: 38
GDPR regulations effective 25 May 2018

from ISOGG "The General Data Protection Regulation 2017 is a regulation of the European Union (EU) which will apply from 25 May 2018. Its primary objective is to protect EU residents against the misuse of their personal data. The regulation applies to companies and organisations who have customers or members resident in the European Union."

As Group Administrators, I would guess we all have at least one member who is a resident of the EU. I began to try and see who and how many EU residents were in my Stevenson group membership and quickly discovered that short of opening each account from Member Information, it was impossible. So I asked FTDNA CS if they would not consider adding a column to our Member Reports in the Member Information option to display Country of Residency and got no specific answer. The Member Distribution Map display option only gives Most Distant Ancestor location.

Would anyone else see the value of this information to the GAP administrator?
Reply With Quote
  #2  
Old 20th April 2018, 10:31 AM
dna dna is offline
FTDNA Customer
 
Join Date: Aug 2014
Posts: 2,982
FTDNA appears to be making sure that all their operations conform to the EU requirements and planned (potential) British ones.

There is a precedence, since before GDPR came into existence, FTDNA operations were already aligned to EU and Swiss privacy laws. FTDNA has policies others only noticed in GDPR, for example a right to remove one's data (which is not the same as the common "removal from our mailing list") or removal of medically relevant SNPs.


Using different privacy and security mechanisms would require tracking of citizenships and residency (EU based person can live in the US and test from the US!) and might generate unnecessary complexity. And you had just realized that... It is easier to have one good security and privacy policy.


I think another F....... company has to scramble.


Mr. W.


P.S.
European trivia: Switzerland is not a part of European Union. Britain still is, but regardless of Brexit happening or not(!) Britain wants to have even more stringent requirements.

Last edited by dna; 20th April 2018 at 12:14 PM. Reason: adding "based in EU" (clarification) + medical SNPs
Reply With Quote
  #3  
Old 20th April 2018, 10:50 AM
KATM KATM is offline
mtDNA: K1a3 | Y-DNA: R-L1308*
 
Join Date: Nov 2012
Location: Mid-Atlantic coast, U.S.A.
Posts: 1,137
Roberta Estes has posted today on her blog about "Common Sense and GDPR." It is definitely worth reading. Under the heading "Location," she has two comments (my bolding):
Quote:
Location
  • While GDPR applies to European residents, you may not be aware that someone is a European resident. I’m going to assume that everyone is a European resident and that way there is no possible mistake.
  • GDPR does not appear to apply to European citizens living outside of the EU/UK.
She also has posted caveats that what she says in this blog post is her own interpretation of the GDPR, and that she is not a lawyer.
Reply With Quote
  #4  
Old 20th April 2018, 12:27 PM
dna dna is offline
FTDNA Customer
 
Join Date: Aug 2014
Posts: 2,982
OK, I am not a lawyer either...

Quote:
Originally Posted by KATM View Post
Roberta Estes has posted today on her blog about "Common Sense and GDPR." It is definitely worth reading. Under the heading "Location," she has two comments (my bolding):

Quote:
Location
  • While GDPR applies to European residents, you may not be aware that someone is a European resident. I’m going to assume that everyone is a European resident and that way there is no possible mistake.
  • GDPR does not appear to apply to European citizens living outside of the EU/UK.
She also has posted caveats that what she says in this blog post is her own interpretation of the GDPR, and that she is not a lawyer.
First another quote from Roberta Estes:
I don’t believe GDPR is targeting people like project administrators, unless they are incredibly negligent or intentionally violate the privacy of others. I suspect that, for the most part, being careful with other people’s information, respectful and perhaps more aware than in the past will keep us all safe.
In general, I agree with the above interpretation.

On the other hand, I think she misinterpreted the location issue. And I subsequently clarified my earlier post.

Whether one is covered by GDPR or not depends on whether one is based in the EU. A concept known to many who pay taxes. One can live at some place, but for the purpose of taxation they are resident of another location.


I do not think that she had read my last month post, but clearly she came to the same realization that professional researchers in the fields of genealogy and genetic genealogy are going to be heavily impacted.


I cannot see into the future, but I would not be surprised if on the 25th of May 2018 FTDNA resets everybody (who did not modify their settings since the 10th of April!) to not show their results to public in the projects.


Mr. W.
Reply With Quote
  #5  
Old 23rd April 2018, 07:44 PM
oma04 oma04 is offline
mtdna X2d, ydna I-M253
 
Join Date: Oct 2014
Location: Connecticutt
Posts: 38
email addresses

" Controllers and processors must store contact information separately from “results."

As administrator, I already see at least one issue that FTDNA will have to address. In ydna matches reporting, after opening the match list, the tester has the option to download the matches to csv. In that download, the email addresses of all matches appears in the spreadsheet.

Logically, this is how matches communicate with each other, but I wonder if FTDNA will have to resort to an internal mail system such as in 23andme and Ancestry.
Reply With Quote
  #6  
Old 23rd April 2018, 09:40 PM
dna dna is offline
FTDNA Customer
 
Join Date: Aug 2014
Posts: 2,982
Quote:
Originally Posted by oma04 View Post
" Controllers and processors must store contact information separately from “results."

As administrator, I already see at least one issue that FTDNA will have to address. In ydna matches reporting, after opening the match list, the tester has the option to download the matches to csv. In that download, the email addresses of all matches appears in the spreadsheet.

Logically, this is how matches communicate with each other, but I wonder if FTDNA will have to resort to an internal mail system such as in 23andme and Ancestry.
Yes, but I had always thought that this was the purpose of the green release form: to specifically allow for associations between results and contact information.

The quote given means to me that GDPR is enforcing separation of any contact database from any other information; as in keeping (storing) them separate. However, GDPR does not preclude combining of contact information with anything else (results) for presentation purposes.

Historically, large enterprises knew for a very long time about security advantages of such a solution/separation, but some had legacy systems and were very slow in separating the two. (The customer credit card information should be in yet another database.) Small and medium size (we are talking European sizes here!) companies have often had just one database..., and GDPR would probably mean that everybody in Europe would from now on default to having separate databases - even if today they are on single PC.


Mr. W.

P.S.
The quoted requirement is not a frivolous one. In many circumstances, quite a lot of people have access to, for example, inventory or sales databases. Contact information, be it of vendors or customers, is not required for data mining or some other data analysis, although often some regional tagging is very useful if present.
Reply With Quote
  #7  
Old 25th April 2018, 09:00 PM
oma04 oma04 is offline
mtdna X2d, ydna I-M253
 
Join Date: Oct 2014
Location: Connecticutt
Posts: 38
access to member accounts by group administrators

another startling new message today when I signed into a member account selected Personal Information and then Manage Projects tab. Here is the statement above the list of projects:

"Important: Please review the settings below, any changes made will take effect on the 25th of May 2018.

Due to The General Data Protection Regulation (GDPR):

Any Group Project you have previously granted Limited Access or Full Access to will continue to have the granted access until the 24th of May 2018.
When joining a new Group Project, all Group Administrators within that project will be given No Access."

This issue becomes more complicated by the day. I sure hope we get some guidelines soon from FTDNA
Reply With Quote
  #8  
Old 27th April 2018, 03:37 PM
sailingdeac sailingdeac is offline
FTDNA Customer
 
Join Date: Feb 2006
Posts: 23
I must admit all this is getting to the point of forcing project admins to end their efforts.... especially if they have public sites. I called ftdna several times, but i now see the various permissions are so interwoven as to be unpredictable.
Reply With Quote
  #9  
Old 27th April 2018, 03:40 PM
sailingdeac sailingdeac is offline
FTDNA Customer
 
Join Date: Feb 2006
Posts: 23
I asked specifically about Any Group Project you have previously granted Limited Access or Full Access to will continue to have the granted access until the 24th of May 2018.... was told nothing changes. That is not what the sentence says. Also i asked if more info to admins is coming. Yes, but no idea of when. Or do we just see what hits the fan May 24?
Reply With Quote
  #10  
Old 30th April 2018, 10:27 AM
oma04 oma04 is offline
mtdna X2d, ydna I-M253
 
Join Date: Oct 2014
Location: Connecticutt
Posts: 38
Stevenson Surname project

I think we have to use our own good judgement until FTDNA gives us specifics. ie I removed the members contact name and email from our Pedigree page which is public. Contact will have to be made through me or my co admin.
Reply With Quote
Reply

Bookmarks


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
DNA Explained , GDPR Tenn4ever Recreation Room 8 15th May 2018 11:18 PM
Most effective test for testing for a 4th cousin we6jbo DNA and Genealogy for Beginners 1 10th June 2013 07:09 AM
How effective is the RAO function? Zaru Paternal Lineage (Y-DNA STR) Advanced 0 2nd November 2009 10:44 AM


All times are GMT -5. The time now is 01:16 AM.


Family Tree DNA - World Headquarters

1445 North Loop West, Suite 820
Houston, Texas 77008, USA

Phone: (713) 868-1438 | Fax: (832) 201-7147
Copyright 2001-2010 Genealogy by Genetics, Ltd.
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.