Just wondering, where does Discourse stand on GDPR compliance right now? Do we have a convenient way to respond to either
A. Right to be Forgotten Requests, or
B. Request for a dump of all user data
I searched up a bit and found some people suggesting a button to delete all a user’s data (unfortunately, anonymizing an account does not respond fully to a Right to be Forgotten Request, imo) - but no resolution - and nothing about a user data dump.
A particularly clever troll on the Discourse site I moderate recently pointed out that he could request a dump of all of his “mod notes” as this is technically personal data. Wasn’t sure if we had a way to do this through the UI.
From a corporate side, anonymizing the account was accepted by both our Data Privacy Team, and the internal Worker’s union/council. Which aspects do you think it doesn’t adhere to?
Not really. Personal data is data about you specifically - name, email address etc. It’s mostly about identifiers – hence why anonymising is effective.
If those notes are confidential, for example he’s been writing secret recipies in his mod-notes then that’s a different topic. In such an example he would have no case because he’s knowingly misused the mod-notes, and the mod notes by definition belong to the forum.