Does this also delete the user's posts or something like the GDPR helper mod "On member deletion clears IP address and email from posts and assigns a new username to all old posts."?
That's at least a future goal. I'm not sure if it's in 2.0.16, though, it's only starting towards GDPR compliance, it's by no means complete. (We could have communicated that better.)
Well, if full text content of posts is deleted this is perhaps against the rights of the other people involved in conversations, since their replies may be made irrelevant and the content of the topic nonsensical. So I am not sure that this should be used in a forum, at least there should be an option not to have such an effect.
Lainaus käyttäjältä: spiros - joulukuu 30, 2019, 05:33:42 AP
Well, if full text content of posts is deleted this is perhaps against the rights of the other people involved in conversations, since their replies may be made irrelevant and the content of the topic nonsensical. So I am not sure that this should be used in a forum, at least there should be an option not to have such an effect.
I didn't specify what exactly will be done, because I don't know either (and I assume the developers haven't decided on the details, either). I might agree regarding text content, but I don't think the right of others overrules the individual's right to deletion.
Lainaus käyttäjältä: spiros - joulukuu 30, 2019, 05:33:42 AP
Well, if full text content of posts is deleted this is perhaps against the rights of the other people involved in conversations, since their replies may be made irrelevant and the content of the topic nonsensical. So I am not sure that this should be used in a forum, at least there should be an option not to have such an effect.
Yes that's under consideration. :)
On a personal note and interpretation, not (necessarily) reflecting the (legal) position of the team/SM/SMF:
A forum is a historical, and/or educational and/or scientific archive - not to mention a means for free expression, artistic and/or literary expressions plus useful for journalistic purposes. Which means it's exempt for posts. (But NOT for profile information and metadata!) As such, posts published and PM's sent are not covered by the right to be forgotten, right to erasure nor the right to alter its contents other than anonymising the username
on the profile (not within posts necessarily) and remove stuff such as IP addresses (if it's beyond a (mandatory) period you want or need that (meta)data to be kept, which may in turn depend on your privacy policy and local laws.).
So pretty much: once you hit the send button and make your post public, it's public and the forum operator under normal circumstances doesn't have to change and/or delete the posts when you want to remove them. (Of course the admin may still honour such a request, but it's not mandatory.) This *might* (not entirely sure) be different if you had a hidden board, eg: only accessible to users in group Y, and suddenly make this board completely public. Of course it may also not apply if
someone else posted personal information about you without your consent, in that case the right for erasure may still be applicable (though the forum owner may ask for proof before processing the request.).
This was a concern already when the GDPR was devised and exemptions have been introduced that forums can claim applicable to them to prevent exactly the kind of issues you're mentioning now.
I assume a huge part of the confusion stems from the fact that people aren't clear what they consider to be a "post", some mean only the message text, some (including developers and DBAs) include the metadata... As long as the "info related to PII" is gone from a post (IOW it's anonymized), that'd be fine with me (and I mean only within posts of the actual user, quoting is a whole different issue, and not feasible to do).
well, also, if a user posts personal data IN a post, there is nothing really that can be done about that
Lainaus käyttäjältä: Kindred - joulukuu 30, 2019, 11:14:43 AP
well, also, if a user posts personal data IN a post, there is nothing really that can be done about that
Heh, there it is again, my bad... I was actually talking about the metadata, not the post content. ::) The latter is as infeasible as quotes, given changing display names and all that.
What about having the deleted member's user name changed to "Deleted_user#" where # is their user id number. eg "Deleted_user99"
There email address in the user's table could be changed to "deleted_user#@<site_url>" where again # is their user id number and <site_url> using this site as an example would be:
[email protected]".
The avatar and profile stuff would need to be cleared.
Mentions should be able to have the user name changed.
Apart from that, what else could be done without making a mess of things
Lainaus käyttäjältä: SpacePhoenix - joulukuu 30, 2019, 01:17:55 IP
Mentions should be able to have the user name changed.
That's not so easy. The display name might have changed over time (so SMF would have to record all of them), and mentions (and quotes) work by inserting just the current name string. (I'm not even sure if display names must be unique; but since they can be changed, a name used in the past by Alice could now also be used by Bob, so you
don't want to replace past names.). The name might be misquoted or mentioned with parts missing or immediately followed by characters. But that then could also be another user, like Alice1, XAlice1, and Alice17, so you don't want to replace these. And the username might be a common word in any language, so you can't even replace the username if standing alone. You just don't want to touch this whole mess.
Lainaus käyttäjältä: m4z - joulukuu 30, 2019, 01:26:41 IP
Lainaus käyttäjältä: SpacePhoenix - joulukuu 30, 2019, 01:17:55 IP
Mentions should be able to have the user name changed.
That's not so easy. The display name might have changed over time (so SMF would have to record all of them), and mentions (and quotes) work by inserting just the current name string. (I'm not even sure if display names must be unique; but since they can be changed, a name used in the past by Alice could now also be used by Bob, so you don't want to replace past names.). The name might be misquoted or mentioned with parts missing or immediately followed by characters. But that then could also be another user, like Alice1, XAlice1, and Alice17, so you don't want to replace these. And the username might be a common word in any language, so you can't even replace the username if standing alone. You just don't want to touch this whole mess.
Some forum software it might be doable, depending on what is used to link to their profile