New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Expose ability to delete own content to end users #6437
Comments
Does all the content of public posts constitute personal data that must be removed under the auspices of the GDPR? Which brings into question parts of said posts that have been quoted... |
@pauljherring As far as I understand it, yes. People need to have the option to fully delete their entire data on the site. I really would like if there would be an option to ask the people to reconsider before deletion is done, since in some cases it will destroy knowledge and disrupt the flow of discussion threads. And obviously provide the soft deletion (anonymising?) as an alternative. |
But (and I realise this is just another opinion) http://missinfogeek.net/gdpr-consent/
[...]
* Which public posts arguably aren't to begin with. If this (allowing batch deletion of posts) is going in, is it going to be an admin overridable option? |
So, first and foremost: IANAL (I am not a lawyer) and also not an expert on this. I'm only trying to inform myself about this stuff to hopefully do the right thing. Public posts are not "sensitive personal data". They are just "personal data". Sensitive personal data are stuff like health issues, ethnic, religion, sex, etc. So you don't need to delete this, if someone has published it via a post in your forum. That is correct. I probably would do it anyway if those people say in which post this data is. But the law won't force me. But there is the right to erasure (I think article 17 of GDPR). And there are some reasons why you don't necessarily need to conform to every request. But I can't see anything that would allow to deny it in a public forum. At least definitely not in the type of forum I have. If you know anything else in this regards please provide it. I'm still not quite satisfied with my current knowledge of the GDPR. But since the forum I own is a free time project of mine I also don't have that much time available to inform myself about the GDPR. |
Context. If you have a 100/1000 post thread in which a a vocal member has been posting then leaves, and decided to have all their posts deleted, you lose context. And (to reiterate a point I made earlier) what do you do about the bits of their posts that were quoted? |
And is there something in the law that says that context is more important than the right to their personal data? I'm aware that context get lost and that is why I'm hoping that people don't delete their content in public discussions. And your point about quotes is correct. But only because it currently might be technically difficult to fulfill in NodeBB, doesn't mean it is lawfully correct to not delete it. I would be really happy if you can link me some specific points in the law or even better an explanation of the law by an expert why this data must not be deleted by the owner of forums. Why the right to erasure isn't applicable in this case. |
Ok, lets start with posts being "personal data" Personal data This does not cover the content of the vast majority of posts on most message boards. It may apply to data within a particular post, but applying it to any and all posts ever made by a person is overkill and overreach. |
We are not discussing if the law is overkill or overreach, but only what the law actually says and regulates. Posts are information relating to an identifiable person. And thus are personal data. But I wonder if this actually also mean if the account is deleted then the post isn't relating to an identifiable person anymore? Since it would just be a "guest" and every posts from deleted accounts would fall under that "guest" account. Thus would that be enough to fulfill the law? But the part about the "indirectly identified" makes me wonder if that would hold up in a court room. |
I think in general, the incidence of a long-time user deleting their entire contribution history is a rare one, although it can definitely happen. You already do see it happen in public forums like Reddit, where the "standard" in deleting your account is to use a script to edit all of your posts with some set text, or just a https://gdpr-info.eu/art-17-gdpr/
We can likely consider it unreasonable to have to go through and delete all instances of quoted text by a specific person as well. Links to quoted users aren't stored in such a way and would constitute a considerable burden for the forum owner. |
i see, but if a good user decides to leave, they r leaving lot of good quality content with them :( |
Hi all, just an update to this issue. I recently spoke to a lawyer regarding this issue, and in summary, the following is what I have been led to believe:
With regard to "or copy or replication of", there is leeway in terms of how these must be disposed of as well. Let's say a long time user deletes their account, does that automatically invalidate all backups? Yes, although:
|
Given that, I'll be adding in additional text to explain the need to contact an admin for profile+content deletion. I am comfortable leaving content deletion in administrators' hands. |
Yes Julian. Even I am also comfortable with that decision. We should leave
the content deletion part in admins hands only..
After all users are using a free service atleast we should be able to keep
their contributed content for knwoeldge and help for new users.
…On 30 Apr 2018 8:34 p.m., "Julian Lam" ***@***.***> wrote:
Given that, I'll be adding in additional text to explain the need to
contact an admin for profile+content deletion. I am comfortable leaving
content deletion in administrators' hands.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#6437 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AIpxqggNhDxUGTedz0fvc2IIq4A1IXGJks5tt2c1gaJpZM4TKzgE>
.
|
Thanks for getting clarification about that! Those are great news. |
Currently a user when deleting their own account will end up with their content persisting as a guest user.
According to the GDPR a user must be presented with the opportunity to delete both their account and their content, which is something only an admin is able to do at the present time.
The text was updated successfully, but these errors were encountered: