Anonymization meets GDPR requirements for removal of personal data. Once anonymized, no data remains in the Discourse server to identify who you are or about you.
Are the IP address and email of a user retained after anonymization?
Is a site admin able to reverse the anonymization process?
PM in discourse are just private discussions, they are posts with really limited visibility. They are anonymized in the same way as the more public posts.
The “invites and emails” I mentioned are the email messages send out by discourse for various actions. For example email notifications about reactions to followed discussions.
I am not a lawyer. But it is not that simple. In spirit this mechanism does conform to the guidelines of the Right to erasure from the GDPR, but the local implementing law might not agree.
It also depend a lot on how you use Discourse.
Further more, the amount of data being erased might violate some other laws which require this data to be kept.
If this is really a big concern, like with everything legal, you should contact a lawyer.
Mostly. I have been able to partially recover an account by renaming username back to what it was prior to being anonymized and reattaching the user email and reactivate account. Seems to keep original password. But all other things are gone, profile pic, birthday if entered. I had to explore this when I had a Moderator go off the rails.
It is a pain and not simple.The only thing is in posts where the user may have posted may have details in a post. Now if that was in a Personal message maybe not a big deal.
I believe the team has said though this is within gpdr compliance.
If a member requests to be anonymized likely good to ask them to scan their posts and if necessary flag them for deletion. Ie posts with uploaded pictures of the poster for example.
Thankfully, we do not have many users requesting what they call “deletion” but since GDPR is or can be an issue I wanted to gather as much information as possible.