Sad (but now HAPPY) story. Lost 8 projects over GDPR issues - new feature added

Sorry

There is a third – B2B2C. Also GDPR considerations do come into play for B2B if the template/prototype/etc. is hosted in an Org within your top-level Glide account. If as makers we can provably distance from all data processing, ownership and storage responsibility for an app once built, then there’s no liability.

1 Like

LMAO…learning curve to develop in GLIDE? Are you kidding? This is the easiest way to develop an app.

1 Like

Who told about a learning curve for Glide? Did I ?

It’s one of the easiest way to build an app.

This looks like a Reddit-type sarcastic comment.

I was the one mentioning “the learning curve”.

What type are you developing? Making a mediocre app takes 30 minutes. Making a great Glide App takes a bit longer. Perhaps not as if you were developing code from scratch, but still there is a bit to learn - otherwise there won’t be any documentation.

Regardless, Glide doesn’t aim to seasoned app developers, but to digital experts who have little-zero coding knowledge.

3 Likes

Absolutely spot on Rasha.

B2B2C is my main focus, and this is where I encountered the issue.

Like you said, a way out from GDPR is to make the customer owner of their sheet, linked to an org, and remove yourself from it. Problem is that offering support becomes a hassle, since you will have to request sheet access every time something breaks. And when you access, you might be held liable.

However, this is not the issue - all developers can be held liable.

What we need from Glide is:

  1. T&C link with an acceptance box when a user Signs-in
  2. Cookie Consent banner, so we can use Google Analytics

Once we have that, and we have published the T&C in a dedicated component, we are good to go and I think we can finally focus on building apps rather than navigating compliance.

3 Likes

@maschera @Rasha The case for b2b2c makes sense, thanks for sharing those ideas.

1 Like

@nathanaelb I believe that you could also run into issues with GDPR for internal business users - say that you record the location of the employee. The employee might want this information deleted.
Remember also that a company should delete personal data that they don’t have any reason to keep. One reason could be that the user has given consent and want the data to be kept.

3 Likes

absolutely! the landscape is increasingly complex. appreciated your views.

Hmm. Actually yes, if you’re stretching the platform to its limits. There’s good evidence on this forum of what that looks like and there are seasoned devs on here as well. I consider myself savvy but without occasional guidance from some regular contributors, it wouldn’t be smooth sailing.

1 Like

@Drearystate: everything new has a learning curve; there are just different gradients for different people.

Your comment contributes NOTHING to this discussion on what is a serious issue.

2 Likes

@Krivo My initial belief was that GDPR doesn’t really apply to B2B internal apps. Could if one starts splitting hairs, but not really. But I’ve been thinking about your example of the employees location during working hours.

Does this mean that as an employee, one can ask one’s employer (or possibly a former employer) to delete one’s personal identifiable information in all of the company’s systems (email, office suite, Jira, tools used daily, a Glide app, etc.)?

Regardless of the actual answer, to be on the safe side of things – the GDPR fine is 4% of revenue or 20 million, whichever is greatest – it really seems like all apps built on Glide need to be GDPR compliant to protect … whoever needs to be protected (the user, the app owner, the app builder).

1 Like

The employer must comply with the GDPR, yes (e.g. ensure the protection of HR data and collect only the necessary data from employees and candidates).

For applications used in-house in a company, they must also comply with the privacy by design requirement, among others (see here).

Because of COVID-19, the audits have not yet started and will certainly not start until the end of the year, but this will eventually happen. After that, it might all depend on the size of the companies.

3 Likes

A nice site for pointing out the implication of gdpr for apps

6 Likes

Wow, thanks @Krivo , this site is more than very useful !

@Krivo: Great find, this is a really handy starting point, thank you!

I feel confident in the level of detail and transparency of our privacy policy, which was generated using Iubenda.com - all services we use are mentioned with corresponding links to 3rd parties’ own privacy policies.

Where our Glide apps are falling is at the very first hurdle: Acquire Informed Consent and Provide Opt Out, as referenced in Recital 42 of the GDPR… https://gdpr-info.eu/recitals/no-42/

In fact, it looks like Glide itself is may not be complying with this aspect of GDPR because if you look at their Sign Up screen you will see the following:

By signing in, you agree to our Terms & Privacy Policy.

To quote from the article that @Krivo posted above…

One of the most important requirements of the GDPR is to acquire active, informed consent from your app users before collecting or processing their personal information.

Up to now, many apps would assume that a user’s decision to proceed with app registration and use was equivalent to having the user’s consent to collect data. This is no longer the case.

The GDPR requires apps to acquire the user’s active and informed consent before any personal data is collected.

I realise we’re talking about apps here but am I right in assuming this will apply to any platform that is seeking to collect personal data from users?

1 Like

From @Krivo’s link above:

The GDPR applies to mobile apps that collect and process personal data of EU citizens. It doesn’t matter if your app is operated from outside of the EU. The GDPR will still apply .

@nathanaelb: Yes, I know that, but the question I was attempting to ask was: does this apply to other platforms such as websites, not just mobile apps?

Logic tells me it does.

@garrison
I believe GDPR applies to any type of personal data, regardless of the platform. :slightly_smiling_face: Including both digital and non-digital.

1 Like

@nathanaelb: Thanks, I thought so.

In that case Glide itself is in danger of contravening article 42 of the GDPR in their onboarding process when you first sign-up.

And of course this carries through to the Glide apps we make because, in order to make use of the favourite feature alone, we are asking people to provide personal data in the form of an email without explicitly acquiring their active and informed consent (basically a checkbox to say they’ve read our T&C and privacy policy).