Seeking moderator-specific GDPR guidance


#1

It would be helpful to ensure all Admins/forum owners tell their Moderators about the GDPR legislation, and link them to specific guidelines when someone requests post deletion or when a “close my account and take all my stuff off” PM occurs.

Many forums have volunteer mods who are not going to be aware of the changes described, and they will probably be the first point of contact in most cases.

I also have questions about this in other areas that are likely to affect moderators, in particular, and are less technical in nature than the other topics I found here on that subject:

This will also logically be available to people who have been permanently suspended, even for serious abuses, as forum rules do not trump EU law.

This presumably means that any suspended member invoking the GDPR “Right to be forgotten ” can request all information including Name, Username, email, and IP addresses, and also any posts or PMs made be permanently erased from all locations within the forum.

Aside from items included on the member’s profile page handled at developer level by Discourse, can anyone confirm whether this would include:

  • PMs sent to moderators by other members which mention the suspended member’s Name or Username and/or quote their posts/PMs
  • items in the Admin > Flags > Old Flagged Posts section that contain the above and contain an automatically generated quote of the suspended member’s posts – even if the system can remove this, the person flagging the post may separately quote something if they use a Custom flag
  • any conversation between moderators or notes made in Staff that contain any of the above
  • any similar notes logged in Staff based on and/or containing information about their IP (to pin down location) and ISP, which have been a valuable tool in catching out returning miscreants on many occasions, even in this era of VPNs and dynamic IPs, etc.

(Where a forum uses TL4 as moderator-lite, TL4 members’ PMs and any conferring to discuss actions that contain the above would also be included in the list above.)

Example 1 would be UserA gets into an argument where they become very abusive in the heat of the moment.

A moderator issues a warning to UserA and logs the incident in Staff as an aide-mémoire in case of future problems with that same person. Relying on memory means one person’s past misbehaviour may be recalled, another’s forgotten, resulting in uneven treatment; therefore, I log as much as possible, this has usually been regarded as best practice, and also promotes transparency and accountability.

2 weeks later UserA sends an “I am sick of this forum remove all my posts and erase my account, the EU says I can get this” PM to a mod/admin.

Example 2 would be a UserB, a troll highly motivated by fanatical ideology of some kind who, after their suspension, makes the same request that all their data be completely erased to the forum’s owners, because they maliciously intend to delete anything that may identify them next time round, and also, inconvenience admins and moderators.

Would these necessitate removing all the material in the bulleted list above from the forum?

If so, all moderators on Discourse forums (and even TL4 where applicable) need to know this, I think.

And with visible edit histories, and even deletion not meaning total erasure, I am not sure how this would be possible.

Or would this apply:

And also with reference to this: Art. 6 GDPR – Lawfulness of processing | General Data Protection Regulation (GDPR)

If so, what kind of burden of proof would we be looking at to demonstrate that these users’ data is retained in the locations listed above to make possible statistical processing in the public interest (i.e., pattern-recognision to evaluate future new accounts and protect forum members from their abusive behaviour)?

Can such a thing be proven where the rule-breaking was specific to that forum’s ruleset only, and not covered by actual legislation?

Is there any precedent from similar past legislation regarding data retention/privacy, that could be drawn upon here?

These are probably not simple questions, but I believe they’re worth asking so that mods, admins and forum owners who receive this request from a suspended member have some information readily available.

I also request guidance on whether moderators need to cease logging information in Staff, where it may fall under this legislation, bearing in mind that mods are often volunteers who simply have a passion for the subject of their forum, and little knowledge of the legal side of things.

Specifically, in my 2nd example above, UserB who is motivated to troll for their ideology and persists in returning to do this, is especially relevant to Article 9.

Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited.

If the forum is not set up with this type of notification, could it create a problem where a moderator mentioned they suspended this person due to their preaching a fanatical ideology?

And again, is any infraction by UserB short of something plainly illegal (and, speech laws vary by location, muddying the waters) likely to be accepted as being permissable for “processing” under Paragraph 2 of Article 9?


(Kane York) #2

I am not a lawyer, and I am not licensed to practice law in your jurisdiction. This post contains my personal layman’s interpretation of the laws based on my own experience and knowledge. I am not going to warrant that this information is correct enough to create a legal obligatoin; if you need that assurance level, pay someone to give you advice (aka the job description of a lawyer).

Correct - in my view, 90% of GDPR compliance is writing things down: such as your procedures of what to do when receiving such a request.

You can keep around minimal records to prevent them from ban-evading / creating new accounts, as that is an overriding legitimate interest [over their right to privacy].

Posts are not inherently personal data, and must be considered on a case-by-case basis. Tell the requester that either they must identify specific posts with personal information to be removed or pay you to do the search. (Or live with the idea that there might be trace identifiers on the forum, which were going to exist anyways.)

Once the posts have been identified, edit them to remove the personal information and purge the revisions.

Those are not public records and have an overriding legitimate interest of keeping a complete and accurate log of moderator activity & posts that other people, who have not requested anonymization, made. The user ID references on flags will be stripped of their name. Post excerpts are not necessarily subject to deletion (see above; posts are licensed CC-BY-SA with the amendment that the author has requested that attribution be removed).
IPs get deleted when you anonymize a user.

You can’t erase memories. The fact that the official warning is no longer tied in the database to the natural person’s chosen alias is enough.

You can keep minimal records about the person that requested deletion to ensure you don’t collect more records in the future about them.

In this case, I would recommend placing their IP address on a list of “If you ever see an account get created from this IP, delete their account immediately as requested.”

I see that you :heart:d the post I made about this:


#3

Thank you for your reply, that is extremely helpful in making sense of these things. :+1:

Do you think this would apply to a member who reveals their political/religious/philosophical beliefs solely in a PM sent to harass another member?

And if noting this element to someone’s actions when logging their suspension falls under Article 9(2) condition (e), would the draft you made perhaps best be adopted by all forums, not simply those with that kind of subject matter?

I ask because, while the forum itself may not be about subjects within those “special categories,” they may be so plainly evident in the troll’s actions that having some element of “processing” & retaining that data is unavoidable.

There is often an underlying philosophy or political/religious belief motivating incessant trolls, and even if it’s not sincerely held, I’m certain one would be claimed if they discovered it created special aggravation for mods & admins.