Yes, that’s right. Unfortunately, there’s not a straightforward answer to this question. This is why those records are not included, as explained above. Note, in particular
That said, to gather additional records containing ther user’s user id, you can use this approach.
-
Install the data explorer plugin
-
Create a new query (perhaps call it “Additional User Records (GDPR)”)
-
Do a search for “user_id” in the schema explorer on the right to see which database tables include a user_id in them. You’ll see that a number of them are already included (see list in OP + “user activity” as mentioned in my second post).
-
Determine the
user_idof the user in question (you can find it at/u/username.json) -
For each additional table you want to include, construct a query that extracts the rows where the
user_idmatches the relevant id. e.g.select * from [table_name] where user_id = [user_id]
I suggest you review each of these “additional” tables on their own merits, rather than just attempting to download every single record that contains the user’s id.
The records may contain other information, relevant to other users with counterveiling interests, or may be senstive in some other way. Unfortunately there’s no single answer to the question of “scope” here. You’ll need to make that call based on how you read your specific mixture of responsibiities. The GDPR is not the only relevant responsibility here. You shouldn’t just hand over every single record that contains a user’s id.
I’m actually a little unclear what’s driving the interest in these additional records? Is this something the user has asked for, i.e. beyond what’s already included? If they haven’t what’s motivating this? A different interpretation of your responsibilities under the GDPR than what I’ve laid out above? If so I’d be curious to learn more and the legal reasoning behind it (I may want to consider assimilating the reasoning into this plugin).