שאלה בנוגע לאנונימיזציה של משתמשים ו-GDPR

שלום,

ברצוני לשאול אם הדבר הבא נכון:

אנונימיזציה עומדת בדרישות ה-GDPR להסרת נתונים אישיים. לאחר שעברו אנונימיזציה, לא נותרו נתונים בשרת ה-Discourse כדי לזהות מי אתה או מידע עליך.

האם כתובת ה-IP והדוא"ל של משתמש נשמרים לאחר האנונימיזציה?

האם מנהל אתר יכול לבטל את תהליך האנונימיזציה?

תודה מראש,
ראובן

The code which does the anonymization:

• discourse/app/services/user_anonymizer.rb at main · discourse/discourse · GitHub
• discourse/app/jobs/regular/anonymize_user.rb at main · discourse/discourse · GitHub

It will:

• Username is changed to: anon#<random number>
• password made random (and invalid)
• name removed or changed to username
• date of birth is removed
• title is removed
• avatar is removed
• optionally IP is anonymized
• emails is changed to <username>@anonymized.invalid
• location in profile is removed
• website in profile is removed
• bio is removed
• profile background is removed
• card background is removed
• custom user fields are removed
• SSO is cleared
• API keys are removed
• invites and emails are removed

As the username is changed, Discourse will try to replace the username is all posts.

Reversal is basically impossible, but user information can remain in individual posts.

במקרה זה, האם מיילים כוללים גם הודעות פרטיות?

מבחינה משפטית, האם ניתן לומר למשתמש שתהליך האנונימיזציה תואם את ה-GDPR, או שהדברים עדיין מעורפלים בנושא?

PM in discourse are just private discussions, they are posts with really limited visibility. They are anonymized in the same way as the more public posts.

The “invites and emails” I mentioned are the email messages send out by discourse for various actions. For example email notifications about reactions to followed discussions.

I am not a lawyer. But it is not that simple. In spirit this mechanism does conform to the guidelines of the Right to erasure from the GDPR, but the local implementing law might not agree.

It also depend a lot on how you use Discourse.

Further more, the amount of data being erased might violate some other laws which require this data to be kept.

If this is really a big concern, like with everything legal, you should contact a lawyer.

Mostly. I have been able to partially recover an account by renaming username back to what it was prior to being anonymized and reattaching the user email and reactivate account. Seems to keep original password. But all other things are gone, profile pic, birthday if entered. I had to explore this when I had a Moderator go off the rails.

It is a pain and not simple.The only thing is in posts where the user may have posted may have details in a post. Now if that was in a Personal message maybe not a big deal.

I believe the team has said though this is within gpdr compliance.

If a member requests to be anonymized likely good to ask them to scan their posts and if necessary flag them for deletion. Ie posts with uploaded pictures of the poster for example.

זה מאוד שימושי לדעת!

לשמחתנו, אין לנו הרבה משתמשים המבקשים את מה שהם מכנים “מחיקה”, אך מכיוון ש-GDPR מהווה או עלול להוות בעיה, רציתי לאסוף כמה שיותר מידע.

Depending on how strict your data retention policies are, you may also want to disable Log anonymizer details as well:

This screenshot displays the 'All site settings' page within a Discourse administration panel, allowing configuration of the site's appearance, functionality and user experience, with a particular focus on log anonymisation details. (Captioned by AI)1179×1353 132 KB

Unchecking that makes sure not to keep a record of the original user details in the staff logs.

Oh, that is very nice!

Will definitely pass this information up the chain of command

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.