Greetings.

I first signed up to SETI back in 2007. I just re-installed the BOINC software and wanted to run it a bit in the background. I discovered I can't seem to connect to my old account.

Can anyone help me with that?

Greetings.

I first signed up to SETI back in 2007. I just re-installed the BOINC software and wanted to run it a bit in the background. I discovered I can't seem to connect to my old account.

Can anyone help me with that?

SETI is dead. There are many other worthwhile projects you can sign up to though. Also due to GDPR regulations some projects have deleted accounts that have been inactive for longer than a certain period of time. With CPDN it was possible to get things going again by contacting a project admin through the moderators but not sure if that is still going.

I belonged to other projects too, the "combined statistics" page still lists for SETI, the rosetta and proteins projects.

A quick check on the SETI website shows that there are three users registered with your current user name, plus one variation on it. None date from 2007. Three of these accounts have no credit, thus will not be accessible, the forth has a credit, but does not match your joining date.
One thing to remember is that the unique identifier of an account is not your username, but the unique id number (which we all forget), next best is the email address and password last used on the account. Don't worry about that email address being expired, as if you log in with the "old" address and change to a more current one.

Thanks rob.

Sent you PM with more details.

Also due to GDPR regulations some projects have deleted accounts that have been inactive for longer than a certain period of time.

???? Where in the GDPR does it say that this is a requirement?

I know that due to the GDPR you have the right to be forgotten, i.e. you can delete your account if that option is available on the project. But I know of no projects that remove inactive accounts just because they are inactive. I've not touched most BOINC projects for a long time, yet as far as I know I still have all my accounts everywhere.

???? Where in the GDPR does it say that this is a requirement?

Don't know but that is how CPDN interpreted it.
Edit: Found the announcement from Andy.

To comply with the Data Protection Act 1998, we are required to only keep personal data for as long as it is absolutely necessary. We will therefore only keep records of inactive volunteers for three years from now on. Initially any records inactive since 2014 or before that date will be removed. We will continue to remove records that have been inactive for three years or more on an ongoing basis.
Therefore anyone who signed up prior to this and has been inactive for over three years but wishes to renew their engagement will need to set up a new account. If you have been inactive for the last couple of years and wish us to retain your email and username, please reactivate your account as soon as possible.

Project credits from these accounts will be retained but will no longer be linked to an email address or username.

Current, active, volunteers, or those who have been active in the last three years, will not be affected by this policy.

Many projects have adopted an "opt-in" approach to allowing access to historic user data.
GDPR actually has two strands:-
The first is the right to be forgotten.
The second is the right for data to be retained but not visible.
The former is quite obvious, but the latter less so - you have the right for specific data holders to retain your data but not reveal it to others without your permission. A number of projects have their default user data access set to "keep this data but don't show it to anyone else", with options to delete the data (although a pseudo user "deleted user nnnn" required for the project to function) and reveal data to other parties.



(*) The deleted user id has no link back to the removed record for user "Joe Soap" who no longer exists. Typically this is used to allow the wing-man function to work - all users will see when looking at a task where the wingman user has been deleted is something like "computer x, no data, deleted user" with no links to other work or computers belonging to the deleted user.

Hi Dave

I remember that post, a long time ago now.

I know that due to the GDPR you have the right to be forgotten, i.e. you can delete your account if that option is available on the project. But I know of no projects that remove inactive accounts just because they are inactive. I've not touched most BOINC projects for a long time, yet as far as I know I still have all my accounts everywhere.

WCG will delete accounts that have not interacted with World Community Grid for 36 months.
https://www.worldcommunitygrid.org/about_us/article.s?articleId=561

Well, if they feel they need to, they can go ahead and delete my accounts. And my credit. I'm not interested in those points anyway, never was.

But I must say WCG's reason is a weird one: We collect data to help us serve and communicate with volunteers, and keeping this information safe has always been very important to us. Because data are collected primarily to help us communicate and engage with volunteers, we will remove data once it no longer serves this purpose. Therefore, we will delete any accounts that have not interacted with World Community Grid for 36 months.

Uhm, so you collect data (from and about me) to communicate to me and when you deem it no longer necessary to do so (because I fell silent), you remove the data about me? Why? 😲 Can't I ever re-engage in contact with you? I doubt it's because of the size of the database as that's quite small.

As for CPDN and its compliancy to the now defunct Data Protection Act 1998 (as it's superseded by the DPA 2018, which is also no longer in force as the UK left the European Union and so it doesn't need to follow their laws anymore, it only follows the GDPR). And nowhere in the GDPR does it say that personal details must be removed within a certain time limit, only that the users have a right to erasure of their data under certain circumstances: they should ask for it.

From the wiki page you link to:

The Data Protection Act 2018 (c. 12) is a United Kingdom Act of Parliament which updates data protection laws in the UK. It is a national law which complements the European Union's General Data Protection Regulation (GDPR) and replaces the Data Protection Act 1998.

While it is a "new law" it is in the core exactly the same as the old one, and since CPDN and others based n the UK had followed the old law they continue to follow the new one, and may, under wider UK law continue to refer to their compliance with the new one.
{edit to add}
But of course we are talking abut a project that was run by IBM, not hosted in the UK, and now run by Kemble again not based in the UK, so they can choose whichever law (or in the case of a superseded law "guidance" they choose. But it would be nice if they referred to the correct EU legislation wouldn't it.

To comply with the Data Protection Act 1998, we are required to only keep personal data for as long as it is absolutely necessary.

That phrase also appears I believe in the newer legislation in the UK. I would imagine that even given identical set ups, "as long as it is absolutely necessary" will get interpreted differently by different organisations.

And different courts. Sigh.

You guys don't get it. And I wrote this for CPDN only: the DPA 1998 and 2018 are no longer regulations for the UK, as they are EU Laws, and you left the EU. Brexit remember? You get to make your own laws.

For the EU, the DPA 1998 and 2018 were superseded by the GDPR.

The UK adopted to follow the GDPR without any changes by choice. The GDPR states that the project can remove personal data but only if the user asks for it.

Not true.
GDPR, or more correctly "REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016" states in article 28, clause 3(g):

at the choice of the controller, deletes or returns all the personal data to the controller after the end of the provision of services relating to processing, and deletes existing copies unless Union or Member State law requires storage of the personal data;

Which places a role on the data controller to delete personal data at the end of a person activity. There is no definition contained in the regulation, but there is a need for the data controller to define the end of activity. Now obviously if a person says "remove me, I don't want to be a member any longer that is one case, but the data controller may define a period of inactivity as being an end of activity.

Data protection law in UK after Brexit 2020
Here are the overall changes to UK data privacy law after Brexit –

• The EU’s GDPR has been lifted into a new UK-GDPR (United Kingdom General Data Protection Regulation) that took effect on January 31, 2020.
  
• The Data Protection Act 2018 has been amended to be read in conjunction with the new UK-GDPR instead of the EU GDPR.
  
• An adequacy decision for the UK was adopted on June 28, 2021 by the EU, securing unrestricted flow of personal data between the two blocs until June 2025.
  
• It is likely that the UK government will move to consolidate the two amended laws (UK-GDPR and Data Protection Act 2018) into one, comprehensive piece of data protection law at a later point.
  
• It is likely that the EU will grant an adequacy decision before June 2021, removing the UK from the list of “third countries” and ensuring unrestricted data flow between the two blocs.
  

from https://www.cookiebot.com/en/data-protection-act-2018/

or see https://uk-gdpr.org/chapter-4-article-28/ paragraph 3(g)

You guys don't get it. And I wrote this for CPDN only: the DPA 1998 and 2018 are no longer regulations for the UK, as they are EU Laws, and you left the EU. Brexit remember? You get to make your own laws.

For the EU, the DPA 1998 and 2018 were superseded by the GDPR.

The UK adopted to follow the GDPR without any changes by choice. The GDPR states that the project can remove personal data but only if the user asks for it.

Sorry to disagree but you are wrong.

The DPA is UK legislation and is not affected by Brexit - it would have to be revoked by an act of parliament which has not happened.

It does state that data should be kept only for as long as necessary and that applies to any data collected in the UK regardless of the jurisdiction of the organisation collecting the data.