If you have not already, we suggest setting your Plex username to something else rather than email which is displayed on your posts in forum. You can change the username at https://app.plex.tv/desktop#!/account
Welcome to our forums! Please take a few moments to read through our Community Guidelines (also conveniently linked in the header at the top of each page). There, you'll find guidelines on conduct, tips on getting the help you may be searching for, and more!

Plex ignoring GDPR which comes into force on 25th May 2018

123468

Answers

  • NewPlazaNewPlaza Posts: 1,754Members, Plex Pass Plex Pass

    @Elijah_Baley said:

    @NewPlaza said:

    @Elijah_Baley said:
    That TOS section says that all those kid pictures and videos are free to be used by Plex in any way Plex wants to.

    It does not matter that Plex will never actually use that media in any way the fact is that TOS section says they can and they can even share the media with anyone they choose.

    It is just dead wrong to have that in their TOS.

    Sounds like any other TOS, doesn't it?

    Not really. No TOS or use contract I have read explicitly says that the company claims the right to personal data stored in the users home. It is somewhat like a local gym having the right to come into your home and taking whatever they want to use for a while just because you signed up to use the gym twice a week.

    That's the issue here. PLEX makes no claim or distinction that the data you have on your computer is personal.

  • ricardo.castroricardo.castro Product Manager Posts: 8Members, Plex Employee, Plex Pass, Plex Ninja Plex Employee
  • marcelhehlemarcelhehle Posts: 447Members, Plex Pass Plex Pass

    The funny thing is ... Plex always claimed that they don't know what's in our libraries. But in their TOS they want full access and all rights on the content.

    Plex IS a bunch of crooks.

  • Elijah_BaleyElijah_Baley Posts: 4,977Members, Plex Pass Plex Pass

    The first problem with that comment is that it is in a Plex Pass only forum which means that no one that does not have a Plex Pass can read it.

    The second is that the TOS itself is VERY unclear about what use might be made of media by Plex and it explicitly states that Plex can make any use it wants of any data that gets exposed to the Plex service.

    I can read legalese pretty well and by that part of the TOS there are no limitations at all on what use Plex will make of any media that the user gives it access to.

    Retaining ownership of media does not matter if others are free to make and distribute as many copies as they want and also use the copies in any way the see fit.

    While Plex probably would not do it if someone shared a video of a couple of four year old kids playing in the tub at bath time with a relative across the country the country Plex, by the terms of the TOS, share that video on You Tube for all to see.

    I just read Emby's TOS and it is better but still far form perfect: https://emby.media/terms.html
    The part that applies here is:

    (a) We may now or in the future permit you to post, upload, transmit through or otherwise provide through the Website, questions, answers, reviews, messages, comments, information (e.g., your name, e-mail address, etc.) and other content (collectively "User Content"). You retain all of your ownership rights in User Content that you submit. However, by uploading, posting, and/or submitting User Content, you hereby grant Us a worldwide, non-exclusive, royalty-free, sublicenseable and transferable license to use, reproduce, distribute, prepare derivative works of, display, and perform the User Content in connection with EMBY’s (and its successors' and affiliates') businesses, including, without limitation, for promoting and redistributing part or all of EMBY’s service (and derivative works thereof) in any media formats and through any media channels. You also hereby grant each other user of the Website a non-exclusive license to access your User Content through the Website, and to use, reproduce, distribute, display and perform such User Content as permitted through the functionality of the Website and under these Terms.

    In that Emby specifically states that it only pertains to data that you explicitly share on the website.
    As I said, better but still not perfect.

    “The basic tool for the manipulation of reality is the manipulation of words. If you can control the meaning of words, you can control the people who must use them.” Philip K. Dic*k (This STUPID forum software does not allow a perfectly valid last name, hence the unusual looking formating)

    From a High School paper on Greek Philosophers:
    "Socrates was a famous Greek teacher who went around giving people advice. They killed him. Socrates died from an overdose of wedlock."

  • NewPlazaNewPlaza Posts: 1,754Members, Plex Pass Plex Pass

    @Elijah_Baley said:

    The first problem with that comment is that it is in a Plex Pass only forum which means that no one that does not have a Plex Pass can read it.

    I know.. Ain't that just a kick in the mouth. I've been saying...

  • Turfking8Turfking8 Posts: 81Members, Plex Pass Plex Pass
    edited April 24

    @nralbers@gmail.com said:
    Just received a mail from Plex informing me of an updated privacy policy due to GDPR, and informing me that continued use of plex implies acceptance of said policy.
    I hate to break it to you Plex, but this is NOT compliant with GDPR. Privacy policy changes and settings MUST be OPT-IN. You must present the end-user with a dialog where they get an explicit choice, not slip a change past the user in email!

    I agree. I would like an Opt in/out button and I am confused here. How can they sell you one thing years ago and then change the policy on it at a later date? Does this mean they are giving away all our info willy nilly? Are they activiley Trying to weed out Pirates? Like I said, I am confused so can someone, in plain English, explain to us how this affect us? Are they collecting and selling our information like Facebook? Are they going through everything we own to see if we have any Pirate Copies and BTW, as far as Pirate Copies go, if I own the DVD, am I permitted to download a copy of that movie because trying to turn my DVDs into avi files and the like never worked out for me so I generally went an anything I own on DVD, I downloaded eventually so do I own the content if I own a DVD of it or am I never allowed to download anything and they are going to come after me for Piracy even though I have purchased copies in my home? Any clarification is greatly appreciated.

  • Trotter999Trotter999 Posts: 101Members, Plex Pass Plex Pass
    edited April 24

    @BigWheel said:

    @Trotter999 said:

    @BigWheel said:

    @Trotter999 said:
    I am also concerned that Plex Employee's do not appear to be taking GDPR seriously, no response at all from any Plex Employee's about when they will be in compliance with GDPR, but time is running out, and I am not sure they are fully compliant with GDPR at the moment.

    We be in compliance when it is required of us to be as I stated.

    What date will that be, that Plex is in compliance?

    may 25. maybe before.

    Still looking for an update on when Plex will be GDPR compliant, are you still planning on issuing another Privacy Policy, that is compliant on the 25th to replace the May 23rd non-compliant policy?

  • ricardo.castroricardo.castro Product Manager Posts: 8Members, Plex Employee, Plex Pass, Plex Ninja Plex Employee

    My apologies, I posted late last night and didn’t realize I was linking to a non-public forum. Here’s the post I was referring to:

    That section is intended to cover basic operation of the service. The first line declares that you retain ownership of your content. In order to use Plex features like uploading photos from your home computer and seeing them on your mobile device, Plex needs the right to access and copy that content in order to make everything work.

    For example, when you playback a video on your iPhone there's a few things that need to happen. We need the right to create a copy of the video that exists on your Plex Media Server, the right to create a derivative work if it's transcoded, and the right to transmit it to your iPhone.

    This paragraph is largely a carryover from our previous terms of service which were in place for nearly three years. We did notice that the “limited purpose” qualifier was removed and we’ll work with our lawyers ASAP to make make this even clearer.

    Based on some of the feedback here we’ve gone back to our lawyers and worked with them on an updated version of paragraph 6 of the new Terms of Service that should describe our original intentions better. The new version explicitly states that we can only use this data to enable you to use the Plex service. We have similar language in our current Terms of Service and this was unintentionally removed in the version that was published yesterday.

    This page has been updated with the new version: https://www.plex.tv/about/privacy-legal/terms-of-service-may-2018/

    With regards to GDPR as a whole, Plex has been working for the last few months to meet our obligations under the GDPR. The Terms of Service and Privacy Policy we published yesterday were prepared and reviewed with a legal team that specializes in privacy law and understands the impact of the GDPR. Based on their advice, we are confident that we will be in compliance with the regulation.

  • Trotter999Trotter999 Posts: 101Members, Plex Pass Plex Pass
    edited April 24

    @ricardocastro said:
    With regards to GDPR as a whole, Plex has been working for the last few months to meet our obligations under the GDPR. The Terms of Service and Privacy Policy we published yesterday were prepared and reviewed with a legal team that specializes in privacy law and understands the impact of the GDPR. Based on their advice, we are confident that we will be in compliance with the regulation.

    Can you give a date when you think that Plex will meet the GDPR obligations, as you are not compliant at the moment, or on the 23rd May 2018 with the revised Privacy Policy?

  • flowflow Posts: 653Members, Plex Pass Plex Pass

    @Trotter999
    Which part of the 23rd May 2018 version of the Privacy Policy do you think is not compliant with the GDPR?

    Please note the Legal notice for the usage of Google Analytics in my Channels.
  • Trotter999Trotter999 Posts: 101Members, Plex Pass Plex Pass

    @flow said:
    @Trotter999
    Which part of the 23rd May 2018 version of the Privacy Policy do you think is not compliant with the GDPR?

    These points, if you scroll up you would see them.

    @nralbers@gmail.com said:
    Just received a mail from Plex informing me of an updated privacy policy due to GDPR, and informing me that continued use of plex implies acceptance of said policy.
    I hate to break it to you Plex, but this is NOT compliant with GDPR. Privacy policy changes and settings MUST be OPT-IN. You must present the end-user with a dialog where they get an explicit choice, not slip a change past the user in email!

    @weatherwelly said:
    I agree with nralbers

    The update to privacy policy does not meet GDPR requirement.
    The GDPR consent requires a clear affirmative action with an active Opt in/Opt Out option.
    Clearly the statement "continued use of Plex after that date constitutes acceptance of our new Terms of Service." do not address these requirements

    @Turfking8 said:

    @nralbers@gmail.com said:
    Just received a mail from Plex informing me of an updated privacy policy due to GDPR, and informing me that continued use of plex implies acceptance of said policy.
    I hate to break it to you Plex, but this is NOT compliant with GDPR. Privacy policy changes and settings MUST be OPT-IN. You must present the end-user with a dialog where they get an explicit choice, not slip a change past the user in email!

    I agree. I would like an Opt in/out button and I am confused here. How can they sell you one thing years ago and then change the policy on it at a later date? Does this mean they are giving away all our info willy nilly? Are they activiley Trying to weed out Pirates? Like I said, I am confused so can someone, in plain English, explain to us how this affect us? Are they collecting and selling our information like Facebook? Are they going through everything we own to see if we have any Pirate Copies and BTW, as far as Pirate Copies go, if I own the DVD, am I permitted to download a copy of that movie because trying to turn my DVDs into avi files and the like never worked out for me so I generally went an anything I own on DVD, I downloaded eventually so do I own the content if I own a DVD of it or am I never allowed to download anything and they are going to come after me for Piracy even though I have purchased copies in my home? Any clarification is greatly appreciated.

  • flowflow Posts: 653Members, Plex Pass Plex Pass

    I'm no lawyer but I see no problem with that. The new TOS is set to get active before the GDPR applies, so technically there is no explicit Opt-In needed as it's not required right now.

    Please note the Legal notice for the usage of Google Analytics in my Channels.
  • marcelhehlemarcelhehle Posts: 447Members, Plex Pass Plex Pass

    @flow said:
    I'm no lawyer but I see no problem with that. The new TOS is set to get active before the GDPR applies, so technically there is no explicit Opt-In needed as it's not required right now.

    Once GDPR get's active the TOS won't hold. GDPR specifically demands Opt-In (not -out) and also grants the user the right to change his Opt-in/out at any given time. Also, GDPR regulations cannot be overruled by any TOS.

    So:

    • Plex needs to provide an Opt-In. That means that the default setting for all tracking of personal data needs to be set to "OFF".
    • Plex needs to provide a means of users to change that setting any time and also they need to grant their users to change the setting. Example: Once I agree to user-tracking, they may use the data ... until the moment I disagree. From that moment on they are not allowed any more to use my data.
    • And finally: "continued use of Plex after that date constitutes acceptance of our new Terms of Service." ... NO, it does not! GDPR gives me as the user of a software rights. No TOS in the world can revoke this. That would be like writing "You are allowed to go over any given speed limit by 50 mph" into the manual of a car.
  • marcelhehlemarcelhehle Posts: 447Members, Plex Pass Plex Pass

    @ricardocastro said:
    ...
    Based on some of the feedback here we’ve gone back to our lawyers and worked with them on an updated version of paragraph 6 of the new Terms of Service that should describe our original intentions better.
    ...
    ...
    The Terms of Service and Privacy Policy we published yesterday were prepared and reviewed with a legal team that specializes in privacy law and understands the impact of the GDPR.

    My advice: get a better legal team!

    It is somehow funny to see that non-legal users here in the forum seem to understand GDPR better than your "legal team". Also, if this is the same legal team that did the privacy policy change last September ... well, it didn't end well then, why would I think that it will end well now?

  • Elijah_BaleyElijah_Baley Posts: 4,977Members, Plex Pass Plex Pass
    edited April 24

    Well it is better. The changed section now reads:

    1. PERMISSION TO USE USER CONTENT. You continue to retain any ownership rights you have in the User Content you make available to Plex and/or the Plex Solution. However, by submitting or making available any type of User Content, you automatically and hereby grant to Plex a royalty-free, transferable, sub-licensable and non-exclusive right and license to use or act on any such User Content in furtherance of and in connection with the operation of the Plex Solution. The rights you grant are limited to the purpose of providing and operating the Plex Solution. You specifically acknowledge that the Plex Solution facilitates distribution of the User Content, and as a part of the foregoing grant, you permit any user with whom you share content a non-exclusive license to access and use the User Content through the Plex Solution as permitted through the functionality of the Plex Solution. You represent that you have all necessary rights to make the foregoing grants and to otherwise make User Content(s) available to Plex and for (and through) the Plex Solution.

    The most onerous section now reads:

    The rights you grant are limited to the purpose of providing and operating the Plex Solution.

    That pretty much puts Plex in line with other companies providing similar services.

    As others have pointed out the changes are not enough to be in compliance with the GDPR but it is better from the US law point of view.

    It is still just words on paper (or in the ether) and there is no guarantee that what is said is what really will happen but such a guarantee is nearly impossible in today's world because once something hits the internet it mostly goes from being "somewhere" to being "everywhere" and there is no real protection for such "shared" content.

    Since GDPR compliance is not my direct concern this change is about as good as I need but I do dislike the common phrasing that allow changes in the TOS and privacy policy with "continued use" being the opt in.

    Also the words are too all inclusive for my liking and they can be read to have many varied meanings. Of course that is the purpose of legalese. The legal profession owes its existence to the ability to read multiple meanings from a given set of words.

    “The basic tool for the manipulation of reality is the manipulation of words. If you can control the meaning of words, you can control the people who must use them.” Philip K. Dic*k (This STUPID forum software does not allow a perfectly valid last name, hence the unusual looking formating)

    From a High School paper on Greek Philosophers:
    "Socrates was a famous Greek teacher who went around giving people advice. They killed him. Socrates died from an overdose of wedlock."

  • coder-alphacoder-alpha Posts: 815Members ✭✭✭

    @JamminR said:
    Q: Your Collected Information. In order to view, amend, erase, or correct your Collected Information, contact Plex Support. All requests will be answered within one month of receipt

    A company providing automated solution should not require me to email them about access to my own data. I think that existed pre GDPR as well so I was hoping to have a better way in the future. Like I've said before, transparency is key and if a User could see what Plex has on a them, the User will be very happy or very unhappy but no middle ground as to the suspense of what do they collect ?

    @marcelhehle said:
    Once GDPR get's active the TOS won't hold. GDPR specifically demands Opt-In (not -out) and also grants the user the right to change his Opt-in/out at any given time. Also, GDPR regulations cannot be overruled by any TOS.

    So:

    • Plex needs to provide an Opt-In. That means that the default setting for all tracking of personal data needs to be set to "OFF".
    • Plex needs to provide a means of users to change that setting any time and also they need to grant their users to change the setting. Example: Once I agree to user-tracking, they may use the data ... until the moment I disagree. From that moment on they are not allowed any more to use my data.
    • And finally: "continued use of Plex after that date constitutes acceptance of our new Terms of Service." ... NO, it does not! GDPR gives me as the user of a software rights. No TOS in the world can revoke this. That would be like writing "You are allowed to go over any given speed limit by 50 mph" into the manual of a car.

    Some very good points indeed.

    OS: Win7, Win10, Ubuntu 16.04, MacOS Sierra, FreeBSD 11.0

    Storage: 4x6TB WD PR4100 NAS

    Clients: PlexWeb, Samsung Plex App, Sony Opera App, Firestick Android, PS4, Samsung Galaxy S7, iPhone 7.0

    Channels: FMoviesPlus, cCloudTv, Einthusan, DesiTelly

    If you like my channels you can support my beer fund here ;)

    My published channels and other work in progress on github


  • abssorbabssorb Posts: 20Members ✭✭

    As has been pointed out, GDPR prevents companies from enforcing terms. So in the email I found in my inbox today, the clause:

    "continued use of Plex after that date constitutes acceptance of our new Terms of Service."

    Will not be compliant. GDPR requires that companies which operate in Europe must give users genuine choice. It's very popular with USA T&C to state "my way or the highway" but this gives undue bias to companies.

    What Europe could do about this is if a service seeks to only allow users to make use of the service through biased terms, they can remove the service for everyone. I.e. ban plex in Europe.

  • marcelhehlemarcelhehle Posts: 447Members, Plex Pass Plex Pass

    It's not that easy ... Plex is a Swiss company: https://www.plex.tv/about/privacy-legal/

    GDPR will affect Swiss companies from the 1st day on and on top of that Switzerland will introduce their own data protection law next year ... that is expected to be very closely aligned with GDPR.

    https://blog.kpmg.ch/eu-data-protection-regulation-also-concerns-switzerland/

    So either Plex pulls out of Switzerland and of the European market (still 450mio people), or they comply.

Sign In or Register to comment.