Legal Tools Plugin

GuidoD · January 14, 2021, 7:19am

it is not a problem of this great plugin but does someone know how can get this data. I do have the data explorer but I do not know the structure of all database tables and in which tables I would have to look for the data and which ones I would have to join in order to get this data.

Ed_S · January 17, 2021, 2:16pm

See the earlier post, I think:

GuidoD · January 17, 2021, 6:16pm

no these site settings were already enabled and that is the data I do already have.
But that does not include the administrative records , as Angus has written above:

And now I am looking how I could extract these administrative records.

Ed_S · January 17, 2021, 7:10pm

Hmm, I thought that was the meaning of extended - it’s everything practically exportable.

angus · January 18, 2021, 9:51am

Yes, that’s right. Unfortunately, there’s not a straightforward answer to this question. This is why those records are not included, as explained above. Note, in particular

That said, to gather additional records containing ther user’s user id, you can use this approach.

Install the data explorer plugin
Create a new query (perhaps call it “Additional User Records (GDPR)”)
Do a search for “user_id” in the schema explorer on the right to see which database tables include a user_id in them. You’ll see that a number of them are already included (see list in OP + “user activity” as mentioned in my second post).
Determine the user_id of the user in question (you can find it at /u/username.json)
For each additional table you want to include, construct a query that extracts the rows where the user_id matches the relevant id. e.g.
```
select * from [table_name] where user_id = [user_id]
```

I suggest you review each of these “additional” tables on their own merits, rather than just attempting to download every single record that contains the user’s id.

The records may contain other information, relevant to other users with counterveiling interests, or may be senstive in some other way. Unfortunately there’s no single answer to the question of “scope” here. You’ll need to make that call based on how you read your specific mixture of responsibiities. The GDPR is not the only relevant responsibility here. You shouldn’t just hand over every single record that contains a user’s id.

I’m actually a little unclear what’s driving the interest in these additional records? Is this something the user has asked for, i.e. beyond what’s already included? If they haven’t what’s motivating this? A different interpretation of your responsibilities under the GDPR than what I’ve laid out above? If so I’d be curious to learn more and the legal reasoning behind it (I may want to consider assimilating the reasoning into this plugin).

GuidoD · January 22, 2021, 2:09pm

yes but of course we are not williing to give him all these information. Especially if the records do have also data from other users. We just want to be prepared to have these additional information if really needed. We will most probably not provide these information to this user but we might have to give information to the authorities because we expect that the user will address it to the authorities.
Our new data protection officer also told us that we should at least not yet provide the administrative records.