So, to clarify the current status for compliance regarding the issues I raised in the first post:
Consent to Updated Privacy Policy / Terms of Service
We can use @angus ’s amazing custom wizard to construct a consent to new privacy policy and ToS (which can state that emails are used to “notify you about posts and other activity on the forum”):
https://meta.discourse.org/t/custom-wizard-plugin/73345/111
IP Addresses
Sounds like a ton of work was done with regards to IP addresses and will be part of an upcoming 2.0 or 2.1 build so we’re almost there:
Continuing the discussion from Providing data for GDPR :
I did a first pass over Discourse’s tables, and I found several places where IP addresses are being accidentally correlated with user IDs. This is toxic data generating liability for Discourse forums.
List of problematic IP address fields:
incoming_links: stores timestamped IP address correlated with user ID and an exact post ID, topic ID, and Referer: header
Fixed Storage: PR#5826
…
Data Portability
We can use @angus ’s Legal Tools Plugin to allow users to download all collected data about themselves.
Repository: https://github.com/paviliondev/discourse-legal-tools
Live on try.thepavilion.io .
This plugin provides tools to assist with legal compliance when running a Discourse forum. Tools will be added on an ongoing basis.
Please note the disclaimer below. This plugin provides no guarantee of legal compliance.
Extended User Download
The extended user download is a single CSV with the following entries, each separated by two blank lines:
A header (can be edited: Customize > Text Content…
And perhaps some of this work can go into the normal Download button handler after the IP addresses issue is fully resolved.
Great job everyone!
7 Likes