Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Not GDPR compliant: users can't delete themselves #747

Open
gturri opened this issue Apr 23, 2019 · 7 comments

Comments

Projects
None yet
5 participants
@gturri
Copy link
Contributor

commented Apr 23, 2019

Hi,

According to my attempts and to the lack of reply on https://www.question2answer.org/qa/66428/there-any-add-that-allows-the-user-from-profile-delete-account it looks like a user can't delete himself (an admin can delete a user, but a user can't do it himself).

It's a bit annoying because it means it's not really compatible with the European privacy rules GDPR (which require that a user can easily delete his private data. (Having to ping an admin is not really an easy way to delete his private data))

It would hence be awesome to add this feature so that European webmasters can keep using this tool!

@gturri

This comment has been minimized.

Copy link
Contributor Author

commented Apr 24, 2019

BTW, I might add that I'd be willing to propose a pull request, but I'd appreciate some pointers to implement this feature properly (in particular I guess that to implement it without introducing a security flaw it should probably involve checking a session token at some point, and I would appreciate pointers to understand how it could be done)

@ProThoughts

This comment has been minimized.

Copy link
Contributor

commented Apr 25, 2019

@gturri , agree with you. nice feature suggestion. Once user is deleted then all his posts should be by user "anonymous".

@arjunsuresh

This comment has been minimized.

Copy link

commented Apr 29, 2019

I was also trying same. The problem of making it anonymous is later on we may not be able to identify who posted those at least by a fake identity. What about giving the posts a pseudo name say anonymous1, anonymous2 etc. ?

@gturri

This comment has been minimized.

Copy link
Contributor Author

commented Apr 29, 2019

Good question...
I think that the most important is to remove the private data, so in particular the ips and email. I'm not a GDPR expert but I think that as long as this is respected then any implementation would likely work.

That being said, if it could generate answer from anonymous1 and so on, then it might be a little bit complicated to deal with Disallowed usernames (because it currently forbids by default "anonymous" which makes sense).

@svivian

This comment has been minimized.

Copy link
Collaborator

commented May 3, 2019

The stuff I've seen on GDPR is incredibly vague and up for interpretation. I'd say emailing/PMing an admin to delete your account is pretty easy from the user perspective. That's not to say I'm against this request.

Deleting a user is quite a destructive action, so this needs to be done carefully. Typically how other sites do it is by "closing" an account for a set period (e.g. a month) to give the user time to undo it if they wanted. Then if the user doesn't come back it gets deleted.

As for usernames, we could take the original user ID and use that for the name, e.g. user2845 or anonymous2845. But whatever name you choose there is always a possibility of conflict with a real username - anyone could come along and register the name you assigned to a deleted user.

@jairlopez

This comment has been minimized.

Copy link
Contributor

commented May 10, 2019

Should administrators be able to hide all the posts in an account that has been closed like this?

@jairlopez

This comment has been minimized.

Copy link
Contributor

commented May 30, 2019

It’s possible. I was recently able to implement this feature as described above as a plug-in but it overrides a lot the core functionality:

  • 12 standard pages
  • 30 standard functions, 10 of them by overrides
  • 2 new database tables

I’m not sure whether this feature should be included in Q2A but I’m afraid it’ll mess up other plug-ins if it’s implemented as another plug-in itself.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.