I found it odd, that after I anonymize a user I am still able to see an old user name and email linked to new “anonymized”, random username under admin/logs/staff_action_logs. It does not seem to me like it
is real anonymization and probably keeping this data in logs forever is an offense against EU GDPR laws.
I also see a little benefit from keeping logs of such actions. Could you please tell me how to remove this logs permanently and maybe it is also possibly to clean Discourse logs periodically and limit logging policy somehow?
For getting rid of old rows after enabling the aforementioned setting, first inspect relevant user history rows via rails console: UserHistory.where(action: 24)
Once you’re sure that the above covers all the rows you want to ensure no longer have any user data attached in the logs, run this in the rails console: UserHistory.where(action: 24).update_all(details: nil, email: nil)
(The “details” and “email” is what contains the personal data and will be wiped by above. Deleting the rows is not necessary for GDPR compliance, but if you want that, use delete_all.)
Run at your own risk and make backups before running database commands at scale.
You might also want to trigger a vacuum on postgresql so that any dead tuples that still have the values are actually deleted, after running the commands above.
That night be the better way as sometimes I have had to undo an anonymous action due to poor judgement of a staff member. It is not perfect but as an admin did figure a way to restore and anonymized user.
This table provides the data that is used to populate your site’s staff action logs. It’s useful to keep the history of your site’s staff members intact. At the very least, it’s helpful for debugging issues on the site that are related to settings being changed by staff members.