GDPR rules #3175
Comments
|
What happens if user has related data (forum post, news, comments) and you delete user info ? |
|
I recently went through GDPR and had to delete some users who had forum posts. The forum posts then show as being posted by 'Anonymous' user. |
|
@martyshep Thank you. So if user inserted some sensitive info to forum post, it should be in rules that "before you ask for Delete user, check all your forum posts and delete sensitive ones manually" And deleting user should be always logged somewhere because you need to prove that they was deleted. And user should get email notification about deleting their account. By the way - this GDPR rule (need) can be easily filled by special form - send the ask(need) for deletion. In your Privacy Policy you should have time period (14 - 30 days) and user should get confirmation about you receiving their asking. Then you delete them, write them confirmation email about deleting OR you write them, we are sorry we need your data because... |
|
@Jimmi08 Yes I agree, I had to manually review the posts from that user to be deleted. I was thinking of deleting all posts for the users, and in one case I did using: Of course if this could be automated into an Admin tool where you can specify the USER ID and the tool removes the posts automatically without the website owner needing to use SQL themselves, that would be useful. |
|
@martyshep Be aware statistical purpose. And delete posts from topic can cause that the topic losts its logic. I asked our lawyer about this because I have site where user profile has a lot of personal info (like 20 years ago - skype, ICQ, adress...) It's community site. Lawyer asked: what is purpose of this site? My answer: building community (Harry Potter fans). Lawyer asked: is registration voluntary? If yes, their consent with rules during registration is enough. No cookies for registered users. No special rights (send email is enough) Only good Privacy Policy to inform visitors about everything. And registration similar with COPPA (to confirm consent). And deleting posts? My legal interest is bulding community, so my legal interest is to save old posts too for community purposes (they can delete them themselves). At least I deleted all noactive users (not sure how e107 manage this), but I have in user table last log in time, last IP (confirmation that account was used) and points for each activity. So I deleted only users with last log in 5 years ago and zero activity. Collect IP is ok because my legal interest is safe site and its users. I am starting to use e107 forum so I will do more tests with it. |
|
I don't think that the GDPR forces us to delete everything a user has ever posted. In case of a forum: There are no requirements, that a user is forced to put personal information in a post (which is probably publicly available). So, if a user want to have this data away, he has to remove this on his own. This is how a "deleted" user would look like in my opinion:
What i'm not sure about is the userid, as this one will not change and is more or less impossible to change. If somebody knows his userid, he can still display his profile and with that reverse engineer all other information. Maybe, we simply have to prevent that a user profile of a "deleted" user can be displayed...? |
|
@SimSync PERFECT! It should works this way. Just ideas: With USERID - it should be blocked to display user.php?id.62 for: I would create special table for gdpr plugin with table of deleted users or some user special extended field - gdpr-deleted - if this field is set, then display user profile with message "we are sorry, acount was deleted) In some software they set negative value for userid and change it every related tables (then in program if user ID is negative, they know to not display anything) |
|
The basic setup for this can be seen in e107_plugins/_blank/e_user.php in the 'delete' method. I believe we can use the user_ban field to flag these records too. |
|
I think that the anonymous user shouldnt be used, i think more like not registered anymore, and leave its nick, without displaying nothing more.... |
|
@CaMer0n I would prefer a separate field like @rica-carv A nickname is kind of "personal". Usually a user uses it on several sites, which means it gives somebody a good impression who wrote something, when and so on. |
|
@SimSync The user_ban field is currently used for the following:
Adding another item for 'deleted user' would be the least intrusive change imho. |
|
@CaMer0n Yeah, ok. You are right, if it's this kind of multi purpose field, we can also use it for this too. |
|
@SimSync I believe we could use a similar process to what we do during signup. Place a hash into user_sess, send an email with a link.. after clicking the link the account is 'deleted', then user_sess could be updated with the datestamp of deletion.. or we simply use "user_lastvisit" for this purpose- which in this case will be their very last visit. ;-) |
|
@CaMer0n A confirmation mail is a good idea. I just imagined how i should confirm a user the removal of his account, if he doesn't know his userid.... 😄 So the email confirmation should be enough confirmation at all. |
Not really. Who prevents ME of using nicks of other users from other sites?? Anyway, i can't see the issue on still displaying the nickname, because for instance, in forums, when you do a comment, the nick is displayed. What happens if the user is completelly deleted? Anyway, imagine a plugin links directly to the user table refering the user id, if that id is deleted, what happens to the linked plugin dependent users? It will be a complete caos..... |
Issue #3175 Various changes to make it work
|
@fizi Would you like to test it and give feedback? |
|
I would like to test it, but I do not know what to look for. :) |
|
@fizi You just go to usersettings and click "Delete Account" |
Moc
added
the
status: testing required
What think the Dev Team about GDPR? e107 will work with this rules?
The text was updated successfully, but these errors were encountered: