New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Question: should we semi-automate "Remove requests"? #1249

Open
pbanaszkiewicz opened this Issue May 19, 2018 · 5 comments

Comments

Projects
None yet
2 participants
@pbanaszkiewicz
Member

pbanaszkiewicz commented May 19, 2018

To comply with GDPR we must respect users' right to request removal of their data from the AMY database. No-automated way would be an email endpoint for them to contact, and a person would then verify the request and proceed with manual removal of the data.

Semi-automated way would work just like event requests: an admins with privileges would go through requests, verify them and finally push "Confirm removal of users data" button that does all the magic.

Pinging @jduckles for comments.

@pbanaszkiewicz pbanaszkiewicz added this to the Privacy Policy Update milestone May 19, 2018

@jduckles

This comment has been minimized.

Contributor

jduckles commented May 20, 2018

Yes, we cover this in the updated privacy policy language. Lets start with the non-automated way and then consider scoping out the automated way later.

@pbanaszkiewicz

This comment has been minimized.

Member

pbanaszkiewicz commented May 21, 2018

Soooo... defer for now and implement in maybe v1.12 or so?

@pbanaszkiewicz pbanaszkiewicz modified the milestones: Privacy Policy Update, v1.12 May 21, 2018

@pbanaszkiewicz pbanaszkiewicz self-assigned this May 21, 2018

@jduckles

This comment has been minimized.

Contributor

jduckles commented May 22, 2018

Yep, our policy language covers this, we can at least sketch out the drop queries necessary to remove someone's identity. An interesting question is if it will be ok to just randomize/anonymize their personal information and leave the rest of their record intact. It gets really interesting when you've aggregated an individual's information into an annual report say, and they say they want their data removed and you've already counted them. How do you, can you even, un-count them when they exercise their right to be forgotten.

@pbanaszkiewicz

This comment has been minimized.

Member

pbanaszkiewicz commented May 22, 2018

@jduckles to my understanding, as long as reports don't use personally identifiable information, we shouldn't need to remove person's data from them.

I am, however, interested to see if we need to remove IP address from server logs when someone invokes their right to be forgotten.

@jduckles

This comment has been minimized.

Contributor

jduckles commented May 22, 2018

We're teetering on the edge of existential philosophy here 😆

@pbanaszkiewicz pbanaszkiewicz modified the milestones: v1.12, v2.0 Jul 1, 2018

@pbanaszkiewicz pbanaszkiewicz removed this from the v2.0 milestone Jul 30, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment