Being able to like/unlike posts at will (GDPR complience)


This topic being closed, I couldn’t post a reply in time.

In the link (above), Jeff Atwood said that people could…

grief people by liking and un-liking forever. You could also get mad at someone and rage-unlike all their posts. In general unlimited user actions are dangerous as a rule.

If I agree that this kind of behaviour could happen, I doubt that the majority of members will abuse it.
To prevent this behaviour, maybe there could be a limit of number of authorized likes/unlikes during a given time lapse (1 like/unlike allowed every 30 seconds?).

And if someone rage-unlikes posts that he/she previously liked, would that really matter? There is no real harm in seeing posts un-liked. Comments, on the other hand, can be mean and disrespectful, but “un-likes” ?

By the way, it could be useful to be able to un-like posts hours or days later because if the author of a post edits his/her message, the meaning of the text can change a lot (if not meaning something completely different) and in this case, users might want to un-like posts later because of these changes. IMO, this is a real issue.

But by opening this topic, I also wanted to discuss about the GDPR and its implications for these “likes”.

AFAIK, “likes” are user data, and the GDPR allows European users to modify their online data.

I am afraid that forbidding forum users to un-like messages whenever they want is not compliant with the GDPR.

It would be much more convenient for users to be able to un-like messages whenever they want, rather than asking moderators for data deletion/modification (here: hearts) all the time.



Lol, good luck with all that.

Remember that users cannot edit their posts indefinitely, either.

1 Like

@xan2622, I saw you first raise this in another Discourse forum:

Mentioning this would have helped give your topic more focus and weight (at least one other user supported you there).

One of the reasons I wouldn’t want likes removable indefinitely is that this could be used to subvert the trust level philosophy and awarding of badges, e.g. users could use the likes to get promoted and then remove them.

1 Like

Two things here.

  • GDPR does not allow users to modify their data at all costs. There is a legitimate interest for the forum owner as well.
  • GDPR doesn’t require that users can do this in an automated way. So if you really have a problem with a like that you have given, you could also email or PM the admin / moderator and ask them to remove it.

GDPR is not a generic get-out-of-jail-for-free card.

For forums one could argue that article 17.3 of the GDPR applies:

Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
(a) for exercising the right of freedom of expression and information;

Source: Dutch lawyer Arnoud Engelfriet