Urgent: Take Action to Continue Participating in SAP Community
UPDATE: Previous announcements (including this blog post) had initially indicated that profiles would switch to private by default on May 25. However, the actual change is occurring May 23. The reason is to ensure a smoother transition for everyone. May 25 is a Friday — and the start of a holiday weekend in some countries. After careful consideration, we thought it more prudent to make the change when we would have more of our team members readily available to answer questions and assist members.
Please keep in mind that moving the switch up a few days won’t permanently affect anyone who still wishes to remain an active member. If you discover that your profile has been set to private by default, you still have the option of changing the setting after May 23, as outlined below.
To learn more, please consult our FAQ about SAP Community privacy.
Also, for step-by-step instructions on how to update your profile privacy, please watch this Tip in a Minute video.
We want to make sure that you’re aware of upcoming changes on SAP Community that will enhance our data privacy and security systems. In addition, you’ll need to know about what actions to take to ensure you will not miss out on continued engagement and participation in the community.
As data protection and privacy is a top priority for us at SAP, it’s important for you to understand what’s coming.
If you’re registered on SAP.com, you currently have a publicly displayed profile. As of May 23, your profile will be hidden from public view by default unless you choose to opt in to continuing to display your profile publicly. If you do nothing or choose not to display your profile publicly, you will still be able to read SAP Community content, but you will no longer be able to ask questions, write blogs, or engage in any other way in the SAP Community.
In addition, your name and profile image will no longer appear publicly on any of the content you’ve created previously in the SAP Community, including blog posts, questions, answers, and comments. You can always change this setting from the Account Settings link in your profile dropdown menu.
To change your privacy settings and allow your profile to be publicly displayed, please click your profile picture in the header and go to the Account Settings. Then scroll down to a new category called Privacy Settings. Enable your public profile display by clicking the Edit Privacy Settings link, then selecting the green “Allow” button.
Once you have completed the steps above, the setting will read “I allow my profile to be displayed publicly.” This setting allows us to continue to display the same profile information that is already publicly available today.
If you have any linked accounts, those accounts will use the same privacy setting (all linked accounts will either be public or private, depending on your selection).
Please note that you can change your Privacy Setting as many times as and whenever you like — even after May 23. Should you choose to change your Privacy Setting to allow public profile display, you will be able to participate in the SAP Community again and your content will be re-attributed to you, showing your avatar and your name as the author. Until you do this, however, your profile will remain hidden by default and your participation within the community will be limited.
So apparently I do have to allow to publicly displaying my profile information in order to continue to participate in the Community.
As that "Allow" button seems to be an "All or nothing" operation – I'm missing information exactly what information of my profile will be displayed publically and what not. How can I influence that?
Or to put it differently: When I do allow the public display, will the same profile information be shown after May 24th 2018 as is done currently?
This was a tie on the comment posting (exact time *g*). Seems you where some seconds earlier still as you comment is above mine, but we have the same questions...
Yes, this is to continue to allow display of your public profile information.
Shouldn't there be some kind of explanation about what exactly of the profile is displayed publicly (only the name, or the Reputation, or everything)? And it there is a difference between if someone is viewing it that is a registered member and someone that is an anonymous guest?
Or this already listed somewhere and I just cannot find it?
What will be publicly displayed is what's showing now. The only difference is that on May 25 we'll need your permission to display to share this same content publicly.
Does that help?
Hm, that's kind of a "Find out yourself" answer, even if it is technically correct... Could you tell us how we can influence what parts of our profile are public vs. private (say, company name, location, ...)?
(As this seems to be independent of the GDPR change, I guess there could/should already be a blog on that topic somewhere.)
In your user profile on the left after you click edit you can decide what information your want share and show
Ah, thanks Jürgen, so that affects those information only (company name, city, location).
That being said, I still think an official statement would be worthwhile...
Hi, I don't see the checkboxes you mention above unless I follow these steps:
By "public" do you mean inside or outside SAP?
Languages doesn't allow you to share publicly (or not). Only company and location. I don't see a way to hide your full name or email address.
Thanks for the information!
Your email address is not visible to anyone
Hiding the name does not make much sense if you want to contribute, but with the above mentioned changes you have to opt in if you want continue otherwise your are out and your profile and name cannot be seen by anyone.
your 6 steps are the these I referred to. Don't enter a language if you do not like to show it. There is an icon to remove an already entered language right next to the language.
I can't tell you what is seen inside SAP as I am not a SAP employee but I assume it would not really make any difference in regard to privacy settings. The only thing you can't influence is the SAP icon next to your name which is based on your email address as far as I know.
Hello Catherine LaCroix,
Is the GDPR explicitly stating that this applies also to historic data, or is this SAP’s interpretation of it?
here is the whole text: https://gdpr-info.eu/
see the Article 17 and its Recitals 66
Being no lawyer, doesn't that basically focus on the question whether personal attributes are relevant/necessary for postings in the community? If they are not, then I guess SAP is obliged to erase them (or to remove them from the "mere" contents by "guestification") unless a personal permission is granted by opting-in.
However, as Eng Swee has pointed out, often the personal attribution is seen here as very relevant to find (and probably to evaluate) contents, and therefore I could also imagine that it would be fitting to leave that contents with personal attribution until someone explicitly requests to remove that connection.
If I understand it right this article 17 implies an active part of the "data subject". So it would be the user telling "please delete that". SAP currenty does the other thing ("please leave my account active").
Nevertheless I expect SAP representatives (like Catherine LaCroix ) to give us more details on that. Isn't it weird that on the one hand it is stated that the community should be more user friendly/user oriented and on the other side there is not a single explanation provided so far on "why have we constructed this like an opt-in"?
In my opinion is the BDSG Bundesdatenschutzgesetz already regulating this a long time. For many years already we must not publish birthday lists even within the company as this is only allowed with consent of the person. It further regulates the unauthorized disclosure of personal data to third parties.
Here we have personal data in our user profile and third parties can look into it without that I gave my consent to that.
The GDPR is even extending the definition of personal data, which now includes all kind of data that can be used to link to a certain person.
Where ever the law is not precise it will be clarified at the court. But would you really risk that as a major software development company with headquarter in the EU.
To be on the save site you ask first for permission before you show the personal data instead of getting accused for showing personal data without consent after the May 25.
I certainly agree on the birthday list issue, and I consider privacy a very important value.
However, in this community, if I do post anything, I should be aware that this by definition is a public website, and that my user name and profile are published with my postings. IIRC the account creation process tells me that. And I guess that has been the case for the last years, too.
That is why I still question whether the guestification is really necessary, simply as it reduces the value of the contents.
(Of course it is understandable that a company is cautious in ths respect.)
What bothers me the most is that we still do not get an answer/explanation from SAP side. All we are doing here is making assumptions of why SAP is solving the GDPR issue in this way.
To me it seems that there is still the mindset of an one directional communication: this is what you will have to accept: do it or you cannot use community. I doubt that this is the correct way speaking to voluntary users of this community.
Well, no, I just wanted to point out that it would be nice to get some more Information than "it is because of GDPR, take the action or leave".
Some people might also call it transparency, and it should be done proactively from SAP side.
What I'm saying is that I am not qualified to do more than tell you that SAP is committed to compliance with all the relevant laws and the Community team is working to giving our users the best possible experience in the context of that compliance effort. We are making changes to give users better control of what of their data is exposed publicly -- in this case, the data will be no different than what is publicly available today. Because the Community is fundamentally built on individuals interacting with each other, we do not allow anonymous users to participate (you can still consume content in the Community, but you cannot take action with a hidden profile). I don't think you would want anonymous users up/down voting your questions or leaving anonymous comments on your content. This is not a change from our usual operation (we don't allow users to take action on the Community without registering). I'm honestly not sure what additional information you are looking for but I'm always happy to help where I can.
thank you for nice article but apparently there is still some stuff missing to assume SCN is GDRP compliant in the best possible exntent.
We ask here - at least I am but I believe all the colleagues as well with this intention - just to help. I tell everybody around that all SAP products are GDPR ready but it seems that SAP social networks are still under construction in this matter...
I guess SNP is only a processor (and we are a kind of controllers) so the obligations are limited but still exist like named in article 28 and distributed in all the body of GDPR. It would be for example nice to have GDPR tab with explanation, positioning and advice to us. Or maybe it is but I was not lucky in my search?
With best regards,
I believe you're asking for SAP's broader approach to GDPR? If so, is this the type of information you're seeking? https://discover.sap.com/gdpr/en_us/index.html
thank you but I know what GDPR and general policy of SAP about it - it is a kind of my specialization.M My question was about SCN compliance in particular.
I can see some colleagues asking for quite obvious things required by GDPR that seems to be still missing here - we are friends of SCN and willing to help with these questions. For example according to GDPR consent must be informed.
By the way let me share a kind of reflection as for example LinkedIn names is "contract" as the membership in such the social media is on our request...
So all in all our questions were focused on SCN compliance with GDPR and not general SAP policy in this area.
Wish all the best for all SCN members!
can you please explain how exactly you "collect, use, and store personal data."?
Also, how can I get an complete overview on what data you collect, use, and store about me?!
Instead of me trying to explain in detail here (since I'm not a lawyer), the best thing I can suggest that you or any other members with similar questions can do to understand what personal data SAP collects, uses, and stores, is to take a look through our privacy statement. The statement exhaustively explains how SAP collects and processes your personal data, and how you can obtain an overview.
this privacy statement is something but having everything mixed up (all the systems, purposes) may create more questions than clarity. Definitely a kind of service map would help. The systems are (may) be connected but while we are talking here in a kind of circle of friends imagine how can somebody who read it considering SNP:
"Kindly note that if you do not provide any such information about disabilities or special dietary requirements, SAP will not be able to take any respective precautions."
What is right for training hub and I am sure not public.
I know that is created by lawyers who always want to create a kind of shield by using a lot of complicated words in a huge block of text but with GDPR this strategy is weak. Here is a commons sense and understanding much better and would be great if SAP would be a leader in GDPR matters here!
Hope this helps!
Somehow I missed this entry, but maybe it's just that easy. Everything is collected and somehow is used for whatever you have in your mind:-)
Regarding content that will be "Guestified", will the content be delinked from the author's profile? My concern is that there are many contributors who are no longer active, or do not have access to their older profiles to make that change. However, there are a lot of valuable content linked to these contributors. If the content are delinked, it will become very difficult to find such content in the future. It is already difficult to search for information in this platform, and if such linkage is removed, we may lose even more valuable content.
I for one might never remember the exact details or title of a blog, but I can kinda recall it was written by author XYZ, so I search through the author's content. One example is Former Member. As you can see, the author is no longer active, but his past contributions are still very popular and are referred to constantly.
Hi Eng Swee,
Yes, the content will be delinked from the creator's profile if the creator does not agree to allow us to continue to display their public profile. This is why it's so important that we all work together to get the word out and encourage our friends to change their settings too.
Thanks for the response. Unfortunately, not everyone will be able to do so even if they might want to. The example I provided above, the author probably might have left SAP and no longer have access to the account.
This is a big concern as this will cause all such contents to be "lost" in the platform. Searching for such content would be like finding a needle in the haystack. With so many issues plaguing the community, that is still waiting to be resolved, we really don't need another one like this.
I have no disagreement that the experience will be affected. Unfortunately, the best we can do is try to get as many people as possible to attend to the issue.
So I assume the goal of shutting down the community via a website redesign wasn't working and you went the indirect route of using GDPR. It's totally frickin amazing so I guess you have job one done.
It’s even more "totally frickin amazing" than unless you do opt-in to publish your profile, we will no longer be able to find out who has drawn such sharp conclusions...:)
I agree with Eng Swee that the "guestification" of inactive members or lost former accounts will be a big concern to find valuable contents.
(Being no laywer, I would still question whether the GDPR really forces SAP to "anonymize" previous content – in my understanding, every person who has published contents here has been aware (and has accepted the terms) that contents is linked to the publishing person...
Some more questions to the effects:
On the other hand, it might have its advantages, say, I can leave my above comment with misplaced format and forget about the annyoing message that I repeatedly get when trying to fix the numbered list:
I did some asking around, and in response to your questions, here’s my understanding…
1. Former members will not appear in other people’s follower/following lists. They will be (reversibly) removed in the case that their profile is hidden.
2. Yes, all of that author’s content will say Former Member, and he or she won’t be able to create new content, so there should be no new content (until the author changes their Privacy Settings).
And to add on, your old content will be ‘un-guestified’ once you update your Privacy Settings to allow for public profile display, as well.
Jamie, will the "guestified" contents (blogs, answers, comments, etc) be searchable and viewable?
Yes, it will be searchable and viewable - it will just not show the author's info.
Except it's written at the end of the blog...
~Florian ..ermm, I meant ~ACommunityMember 😉
...or in any reply's text...
Thanks for the hint,
Thanks, Jamie and Jerry, for the clarification, particularly about the "un-guestification":)
And a further question:
Does that have any impact on a S-User account that is only used to access the Support Portal to get access to downloads, incidents and the like but is not used within the SAP Community?
It shouldn't have an impact on an S-user account, but please let me confirm.
I'll get back to you.
To confirm, it won't have an impact on an S-user account, assuming that user NEVER used it in SAP Community to do anything. But if they, for example, liked a piece of content while logged in with that S-user, or followed a tag or a person, then it will affect that one too.
Catherine, thanks for the clarification!
That leads me to the question how I can find out about that… – i.e. might logging in with such an S-User account already leave traces?
And as you mention "likes" - is there something particular about likes of "Former members”? Will they be removed, as well? (In my understanding, likes are shown "anonymous" by default, therefore I would not have expected any effect on them.)
They will not be removed. If you have 10 likes and 3 of those users become anonymized, you will still show 10 likes.
Does this also apply to linked accounts which are not active anymore? (former employers for example)....
The Privacy Setting applies to all linked accounts. If you’d like to handle an account separately, you’ll need to unlink it.
This is a good choice.
Beside all comments about the "why is it designed to be opt-in", doesn't this cry for a new mission, Caroleigh Deneen?
I am sure this will get more people to at least check the Information about it.
Fun idea, Martin! Unfortunately the timing to get such a mission configured and available by the 25th will not be possible.
I do not understand why I have to allow my profile to be displayed publicly to participate in the SAP Community. This means SAP is forcing employees to make our profile public in order for us to do our job. Instead, it would be better for those employees who do not want to share their profile publicly, they can instead make the employees title public and allow them to engage with the community. I think for customers, it is important that who (title/responsibility) from SAP (Product Manager, Development Manager etc) are more important than the name of the person.
The SAP Community has always been built around interactions between individuals. Our Rules of Engagement have always stated that users are expected to use their real names and their own photos. This is not a new expectation of Community members, employees or otherwise. In addition, turning on this privacy setting simply allows you to continue showing the profile information you already share today.
How can I delete my profile?
BTW this private (not visible) by default action is NOT enough for GDPR.
A consent needed to STORE any information about a person. GDPRI is not only about visibility, but also storage and access.
“You can always correct or update Your Personal Data. Furthermore, You may request information about Your Personal Data stored with SAP, or the correction (in case the relevant Website is not allowing You to correct or update your information), or deletion of Your Personal Data by contacting firstname.lastname@example.org. Please note that if You request the deletion of your account or Personal Data, You might not be able to further access and use the SAP Websites and your User Content.”
I suggest to have group/ team accounts which we can use SAP internally to blog and comment posts.
So far, I write blogs to inform the outside world about new releases. I appreciate to have this channel but don't want to share my details - not even my name.
Being able to blog from a team account, one could stay anonymous.
Also, in case someone has changed roles and is no longer responsible for a certain topic, it is better to have a team instead of a single person as a reference in case of questions.
Hope this can be considered.
Thanks & Regards,
No, anonymous participation in the Community violates our Rules of Engagement. You can publish such content on SAP.com product pages or even in the Wiki, but it is not appropriate as a Community blog.
SAP's way of approaching GDPR is the most heavy handed and offensive of all that I have seen or had to respond to.
Whereas most organisations are providing users/participants with granular options to permit/deny various actions or exposures, SAP (as seems to have been said many times in this thread) has taken the view that we must expose everything or else be excluded from the debates.
Absolutely heinous !
Some from Germany have explained above how their national privacy laws already protect personal data that is not protected in other states until GDPR takes effect.
In my opinion, the best view of GDPR seems to attribute to it a desire to provide people/users with a good level of protection against the worst (and mildest) forms of data misuse. Within its scope is the concept that option boxes (and several of them) should be presented EMPTY for the user to fill in as desired. SAP is trampling roughshod over this concept with its "take it or leave it" attitude and in so doing is obviously upsetting a great many people - me included.
I think SAP just don't "get it" over what GDPR is aiming to achieve.
I'd be interested to see what others think
As much as I love to criticize SAP, I'm rather confused by the outrage here... "Option boxes should be presented empty" - well, that's what is happening here, essentially, isn't it? SAP is giving us an empty box and we have to check it to continue participating on SCN.
I'm also not sure what other options could SAP offer in the SCN profile... Could you provide some examples of what you've envisioned?
We already have the opt-in options for specific items in the profile, e.g. company name and location:
There is a checkbox for every item, as you see. I chose to check them because this information is already in my LinkedIn profile and anyone can find it. However, if someone doesn't want to share it, they can do so and just be a John Doe from an undisclosed location.
Having a public profile will allow the SCN member to post questions/answers and blogs. And those items would be attributed to them (with their chosen name and avatar). This seems to make sense to me. If you don't want others to know who you are then you can't just go around and post anonymously.
I'm not sure though why I didn't receive a similar request from LinkedIn, for example. However, they are a US-based company and they always had an explicit option for public profile, so I guess that might be the reason. On SCN, we've always had profiles and the field-specific options (like in the screenshot above) but no explicit "opt-in", technically.
It may seem kind of dumb: why would you create a profile if you didn't want to contribute in the first place? But I guess we're just caught by the need to apply the law to the existing profiles that had no explicit opt in/out box.
One thing I would wish for though is to have two visibility options: public and for registered members only. Many other websites have such option. I think this would be helpful on SCN and might encourage more information in the profiles. E.g. I wouldn't mind the registered members to see who I am but not necessarily every Joe and Jane who came here from Google.
European law does not allow severely disabled persons or children to be kept as public profile. A perosn who is registered as legally blind (as defined by EU law) clearly cannot read or make such judgements or by the Courts has no capacity to concent to such terms. It seems that this legislation is narrowly cast with many exceptions and gives little choice by the operator to include or not include people if they are blind. We will see further regulation been introduced in the next few years which will clarify the end game as privately held data must be controlled by the private owner within a defined period. Probably every two years.
Do you believe there are children on SCN?
if I draw conclusions on some questions then the answer is yes
Hm, don't mingle "kindlich" and "kindisch"🙂
Touche. 🙂 Well, I guess good thing they won't be able to contribute anymore after May.
Accessing https://people.sap.com/manage is currently returning a 500 error
I'm seeing a report here that the issue has been resolved. https://answers.sap.com/questions/481792/httpspeoplesapcommanage.html
Could you please let me know if you're still experiencing the error?
Accessing https://people.sap.com/manage is still returning a 500 error
Sorry, just copying my response from above...
I'm seeing a report here that the issue has been resolved. https://answers.sap.com/questions/481792/httpspeoplesapcommanage.html
Could you please let me know if you're still experiencing the error?
I’m asking as in my understanding, they expect me not to provide personal/confidential data, which is OK for me…
Sorry if this has been asked before but I didn't find this information. If, say, someone doesn't check the checkbox (especially for the old profiles, some folks have 5 here 🙂 ) and all their content goes to "the artist formerly known..." - will those items (blogs/questions) still be present in the user's profile for them to view? And if the checkbox is checked later will the relationship be restored? Or is it like "speak now of forever lose your stuff"?
Hi Jelena Perfiljeva ,
Linked accounts will automatically receive the same account privacy settings, but if they are not linked, we don’t have a way to make sure they are turned on. So, if you don’t have them linked they will be anonymized unless you log into each account individually and turn on the public profile view. You can always change the setting while logged in. Your account name, avatar, link to the associated profile, etc. would be restored on your content any time you set it back to public view. You should still be able to view all your content in the private view of your profile, regardless of your privacy setting.
Sorry, I'm still not 100% clear on this.
Let’s say Jane Doe wrote some blogs. She did not check the checkbox, so her blogs would be displayed as authored by “Former member” or whatever. But when Jane herself opens her profile, will she still see her blogs in the “My Blogs” section? And if she checks the checkbox sometime later will the blogs appear again (to her and public) as authored by her?
From your comment it seems that the answer is "yes" to both but just to clarify.
Yes and yes. 🙂
And if Jel...er...Jane...ever wants to link to an old account... https://blogs.sap.com/2017/12/14/hey-look-its-both-of-the-tammys-together/
I have another proposal instead of strange guestification!
First: User name is not an issue for GDPR! Only additional information in the profile can be an issue!
Proposal - for the profiles with no user acceptance - just hide all extra profile info!
Everybody will be happy!
Old users activity will be still linked to the correct name, but no other info will be published!
Actually showing names is an issue for some people. I was already contacted a few months ago because I had posted a screenshot of a discussion part which showed only a users first name in the salutation even it was not possible for anyone else to draw any conclusions to a user except for this user himself.
I don't think that just a name can be an issue with GDRP. The name itself do not identify a person... I am talking from the legal point of view!
P.S. Even in Russia the name without any extra info (date of birth, address, phone number, etc) is not treated as a personal information!
Jürgen, I think it is a completely different situation whether
Apparently, in the second case, I have revealed information about myself, and therefore I’m responsible for that. – In the first case, the person in question does have the right to prohibit the usage of his information in my posting. (Of course it may be difficult to tell whether it's information about him or not when it's a common first name...)