GDPR tooling on Discourse?

Hi Folks,

Just wondering, where does Discourse stand on GDPR compliance right now? Do we have a convenient way to respond to either

A. Right to be Forgotten Requests, or
B. Request for a dump of all user data

I searched up a bit and found some people suggesting a button to delete all a user’s data (unfortunately, anonymizing an account does not respond fully to a Right to be Forgotten Request, imo) - but no resolution - and nothing about a user data dump.

A particularly clever troll on the Discourse site I moderate recently pointed out that he could request a dump of all of his “mod notes” as this is technically personal data. Wasn’t sure if we had a way to do this through the UI.

Thanks in advance!
-The Admin Dan

1 Like

Oops - after a bit more Googling, found a nice answer here:

However, from a quick test of “Download All” on the Activity page, it doesn’t seem to include the information I am looking for.

2 Likes

You can use Data Explorer if you want to query all content.

4 Likes

From a corporate side, anonymizing the account was accepted by both our Data Privacy Team, and the internal Worker’s union/council. Which aspects do you think it doesn’t adhere to?

Not really. Personal data is data about you specifically - name, email address etc. It’s mostly about identifiers – hence why anonymising is effective.

If those notes are confidential, for example he’s been writing secret recipies in his mod-notes then that’s a different topic. In such an example he would have no case because he’s knowingly misused the mod-notes, and the mod notes by definition belong to the forum.

2 Likes

That problem is addressed by the Legal Tools plugin.

Also, see Your Discourse forum and the GDPR - Communiteq

2 Likes