This is a GDPR topic. Basically, we need to know whether and over what time frame personal data, such as IP address, name and email, are deleted permanently.
After a period of inactivity, is the IP deleted and if so after how much time?
After manual deletion of a user on the front end (the forum), are the username, name and email also deleted immediately on the back end (DIscourse’s servers)? If not, how long do they remain before deletion?
This won’t purge forum users who simply haven’t used the forum in a while, right? It will only purge unactivated users, such as when people don’t fully register or when they delete their accounts? We’re trying to make it possible for users to easily delete all their personal information from all servers if they want to. This is for GDPR compliance. We regularly get requests to be forgotten from people in Europe. Either I need to manually delete them and deactivate their accounts, or I need to allow them to do it themselves.
This is something only an admin can do, right? Or is there a way to enable users to anonymize their own accounts?
If it’s something only an admin can do, then when we receive a request to be forgotten, an admin will need to figure out what email/name/username the person used in the forum and anonymize their account for them. It might be difficult to figure out which forum account belongs to a person. For instance, let’s say Jane Doe registers for the forum with firstname.lastname@example.org, username jdo1, and name Jane D. Then Jane joins a different company. She emails us from J.email@example.com and requests that we delete her information from all servers. I look in the forum and see we have users like jd75, janed, and doej. We also have several @business.de email addresses, but I’m not sure if any of them are Jane Doe. So it’s hard to figure out who she is and anonymize her.
Edit: By the way, I also can’t just reach out to Jane in the example above and ask her which forum user account was hers. Requests to be forgotten are run through a different department, and I have no way to contact the person. I’m not even sure I’m legally allowed to contact them.
Anonymisation is an admin-only function, but we do have customers who frequently automate it into their existing compliance workflow since it can be called via the API.
IANAL, but this seems like an easy case: You can’t authenticate the request so you can’t process it.
This sounds like a process problem that needs to be fixed - people’s names are not unique so a request coming down the pipeline to you saying “Delete Jane Doe’s account” is invalid. What would your company do if Gavin Hudson wrote in asking to delete his account? There needs to be some unique identifier associated with the request trackable across your systems, be that email address or an internal account ID.
If the unique identifier is “J.firstname.lastname@example.org” then your response ought to be “no account exists with that email address”.