Questions about user anonymization and GDPR

There is an exception to the “right to be forgotten”, which is stated in GDPR article 17.3

Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:

  • for exercising the right of freedom of expression and information;

Recital 65 #5

However, the further retention of the personal data should be lawful where it is necessary, for exercising the right of freedom of expression and information

(which implies that the retention of personal data is lawful, even when the data subject has withdrawn his or her consent)

and this can be used for forum owners to retain the actual forum posts.

(source: Dutch internet laywer Arnoud Engelfriet, see article in Dutch)

Obviously, it would be good if the forum owner would be helpful and redacted any kind of obvious personal information that a user does not want to share anymore. But that’s common sense.

4 Likes

That is helpful, thanks for posting that.

Seems the “right to be forgotten” would be lost anytime someone is banned from a site, if their I.P./e-mail are permanently banned then those must be kept in the database to maintain that.

Some other platforms put a hold on account deletion for a couple weeks or so before it is made final, suppose that could be done with discourse manually if someone requests anonymization don’t know if that must be completed within a certain number of days or something?

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.