GDPR and anonymizing personal data

(Richard - #41

That is something between the user and the wayback machine, not between the user and the forum owner.

Sent emails are usually not stored on the servers managed by the forum provider and are thus outside of the scope of GDPR.

1 Like
(Andy Logan) #42

Sure, here is what we have. I’ll update if we have to make any additional changes: Terms of Service - Zenith

(Clay Heaton) #43

I think it depends on what they request, Right to Erasure or Right to Restriction of Processing. Either way you are obliged to communicate to the data subject what you did.

Right to erasure

1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies…

It’s not clear to me exactly what would be a way to argue that the data is required for a Discourse forum to continue to operate normally. I guess it may depend on the subject matter?

(Clay Heaton) #44

Instead of storing and exposing IP, would it be worth salting and hashing the IP and storing that instead? If it cannot be reverse decoded to point to a location, it could perform the same function for spam prevention, etc.

(Kane York) #45

Discourse automatically creates CIDR notation when 6+ spammers come from the same /24, and I’m not sure there’s a way to do that if we’re hashing the IPs.

(Bart) #46

I noticed that the posts download does not include uploaded attachments. I’m assuming they should be part of my data export?

split this topic #47

13 posts were split to a new topic: Providing data for GDPR

Providing data for GDPR
Providing data for GDPR
(Richard - #48

One of the leading Dutch ICT/Law blogs just published a post titled “does the right to be forgotten in the GDPR apply to forum discussions as well?”

TL;DR: no.

Translation: Google Translate
(AVG is the Dutch term for GDPR)

(Christoph) #49

Thanks for sharing. But just to make sure I understand: this is irrelevant for anyone using the default ToS that come with discourse and which stipulate that all posts are published under a Creative Commons license, right?

Providing data for GDPR
Providing data for GDPR
(Richard - #50

I don’t think it is completely irrelevant, and the default ToS that comes with Discourse will not hold up in court in many European countries.

Providing data for GDPR
(Allen) #51

Reading through this topic (and being new to Discourse), I am under the impression that the only way to handle the “right to erasure” is that an admin deletes the user including all posts? If so, and as others have stated, this is quite disruptive for a discussion community. A better approach would be to anonymize all user data (removing Email, any stored IP addresses, and changing user name, also in all posts). Would this approach suffice for the “right to forget” requirement? If so, is my understanding correct, that Discourse doesn’t provide any functionality to support this?

The other question is, does the right to erasure even apply to a public discussion forum? ICO states:

When does the right to erasure not apply?

  • to exercise the right of freedom of expression and information;
  • for archiving purposes in the public interest, scientific research historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing;

Wouldn’t both apply in the case of a discussion forum?

Seeking moderator-specific GDPR guidance
Providing data for GDPR
(Kane York) #52

The “anonymize user” functionality does what you said - change name, email, remove IP addresses. The post content is licensed under Creative Commons and should be reviewed for personal info on a case-by-case basis if the user requests such a review.

Providing data for GDPR
(Jeff Atwood) #53

As you correctly pointed out in an earlier post, we need to make sure it is removing the IP from everywhere it can at the time of anonymization, though – feel free to send through PRs on that if you can assist.

Providing data for GDPR
(Sam Saffron) #54

Also I definitely agree with removing IP logging where it is pointless, @riking isolated a few spots, PR also super welcome on that.

Providing data for GDPR
(Richard - #55


Anonymizing the user (which includes removing all identifying structured data like IP addresses and such) should be sufficient. If the user has posted information that could lead to their identity in a forum discussion, it is up to the moderator or admin to decide if they are willing to remove those.

Not necessarily, it depends on what license the forum owner has decided to choose.
If the default Discourse ToS have not been changed, then it is CC.

Providing data for GDPR
(Sorin) #56

Hello there, is Discourse going to include GDPR specific tools with the upcoming updates ? ETA of 25th of May is closing in fast and it’s pretty serious stuff.

If you ask me, it should contain the basis, like the first registration process, maybe anonymization and NOT the entire GDPR fixtures.

Thank you.

Providing data for GDPR
Providing data for GDPR
(Richard - #57

I was just writing up some stuff and making screenshots of the anonymization process and then I saw something I had never noticed before: anonymization apparently keeps the signup and last login IP addresses. Those should really be included in the anonymization process.

(Christoph) #58

I fully agree with this, but perhaps the procedure should be made transparent (not sure if this is legally necessary, but it surely would help if both users and admins understand the distribution of responsibilities). What I mean is: I would like to assume that it is the user who has to point out each individual post that needs to be sanitized. In other words: it’s not enough to request “deletion” (aka anonymization) and assume that this will include any personal information in any post.

Perhaps the default ToS could be clarified in relation to deletion request. Currently, the elaboration of the CC user content license seems preoccupied about the site owner being allowed to remove content. How about also mentioning that the site owner can refuse the removal of content? Not sure whether it should say “within the limitations of applicable law” or something like that, but with or without that clause it would help make people aware of what they’re agreeing to.

1 Like
(Jay Pfaffman) #59

I had breakfast this morning for someone who works with a major ad company and predicts that they’ll basically shut down a bunch of their services when 25 May hits because they don’t quite know what to do.

1 Like
(Richard - #60

Yes, I know a few companies as well that will shut down some of their applications on May 24, just because it’s too big a problem to fix and the liabilities will be too high.