Setting to disable logging username/IP for (self-)delete user log lines

Hooksmith · January 10, 2022, 3:40pm

Currently when a user self-deletes their Discourse account, the log line shows the IP and username of that user:

We’d rather not store if we can help it for GDPR purposes. If the user deletes their Discourse account, then later sends a GDPR request to our platform (the SSO provider for our Discourse instance), we want to avoid needing to search all log lines for relevant data on that user to wipe it.

We already have this setting off on our instance so that we don’t log as much data when we anonymize a user as part of GDPR request handling:

It would be convenient to have a similar setting so that (self-)delete log lines do not include user data.

Jagster · January 10, 2022, 6:13pm

GDPR allows saving those two. But if something is wanted to make things more wider then storing just IP is just enogh. It doesn’t identified anybody (and is quite useless anyway, but that is another story).

Hooksmith · January 24, 2022, 4:14pm

I think user expectation (from perspective of someone requesting a GDPR right-to-erasure from us) here would be that we do not store their username, as it might contain PII. Note that the scribbled out part on the right contains the username of the user prior to anonymization on a normal Discourse setup.

Topic		Replies	Views
How to disable logging IP address? Support	3	1417	February 12, 2023
GDPR - "right to be forgotten" after anonymizing Community gdpr	10	2447	June 1, 2020
Does "Delete User" remove IP addresses from everywhere? Support gdpr , privacy , anonymization	1	43	September 10, 2024
How To Resolve A User Request To Delete Their Account Community	5	1705	August 14, 2019
Possible to remove signup ip? Support privacy	5	1115	June 8, 2024

Setting to disable logging username/IP for (self-)delete user log lines

Related topics