Hallo,
Ik wil graag vragen of het volgende waar is:
Anonimisering voldoet aan de GDPR-vereisten voor het verwijderen van persoonsgegevens. Eenmaal geanonimiseerd, blijven er geen gegevens achter op de Discourse-server die kunnen identificeren wie u bent of over u gaan.
Wordt het IP-adres en e-mailadres van een gebruiker bewaard na anonimisering?
Kan een sitebeheerder het anonimiseringsproces ongedaan maken?
Alvast bedankt,
Rubi
The code which does the anonymization:
It will:
anon#<random number><username>@anonymized.invalidAs the username is changed, Discourse will try to replace the username is all posts.
Reversal is basically impossible, but user information can remain in individual posts.
In dit geval ga ik ervan uit dat e-mails ook PM’s omvatten/betekenen?
Vanuit juridisch oogpunt, kan een gebruiker worden verteld dat het proces van anonimiseren GDPR-conform is of zijn de wateren nog steeds troebel op dit punt?
PM in discourse are just private discussions, they are posts with really limited visibility. They are anonymized in the same way as the more public posts.
The “invites and emails” I mentioned are the email messages send out by discourse for various actions. For example email notifications about reactions to followed discussions.
I am not a lawyer. But it is not that simple. In spirit this mechanism does conform to the guidelines of the Right to erasure from the GDPR, but the local implementing law might not agree.
It also depend a lot on how you use Discourse.
Further more, the amount of data being erased might violate some other laws which require this data to be kept.
If this is really a big concern, like with everything legal, you should contact a lawyer.
Mostly. I have been able to partially recover an account by renaming username back to what it was prior to being anonymized and reattaching the user email and reactivate account. Seems to keep original password. But all other things are gone, profile pic, birthday if entered. I had to explore this when I had a Moderator go off the rails.
It is a pain and not simple.The only thing is in posts where the user may have posted may have details in a post. Now if that was in a Personal message maybe not a big deal.
I believe the team has said though this is within gpdr compliance.
If a member requests to be anonymized likely good to ask them to scan their posts and if necessary flag them for deletion. Ie posts with uploaded pictures of the poster for example.
Dit is erg nuttig om te weten!
Gelukkig hebben we niet veel gebruikers die vragen om wat zij “verwijdering” noemen, maar aangezien de AVG (GDPR) een probleem is of kan zijn, wilde ik zoveel mogelijk informatie verzamelen.
Depending on how strict your data retention policies are, you may also want to disable Log anonymizer details as well:
Unchecking that makes sure not to keep a record of the original user details in the staff logs. 
Oh, that is very nice!
Will definitely pass this information up the chain of command 
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
