Member Data Requests

angeljs · Post by **angeljs** » Wed Jun 29, 2022 8:47 pm

If anyone asks a website for all of the data it holds on them, we in the UK are obliged to comply. It would be great if there was a way to do this automatically. For example, a member submits their email address, which they have to verify. Once verified, they can download all data, profile info, posts, replies etc. that have been added to the website under that email address.

Post by **Brf** » Wed Jun 29, 2022 8:54 pm

I am not sure why you would be keying off of Email address. All of your data is stored under your user-id.
You can pull up your profile page and see that, then search for all your posts and see them. Email address is not needed for that.

AmigoJack · Post by **AmigoJack** » Fri Jul 08, 2022 4:27 pm

angeljs wrote: ↑Wed Jun 29, 2022 8:47 pmFor example, a member submits their email address, which they have to verify.

Why re-inventing the wheel?

Let a user log in, which verifies he's the account owner. In there it could simply be a button to query all data, along with possible format options. A description should inform the user that once a download is ready to be requested the link becomes available at just the very place he is reading that description. With optionally an email notification.
Let a guest be informed that he needs to log in. Since guest data (f.e. posts) is stored anonymously by design there's no way to verify it really belongs to him, no matter which username/email address combination he provides. It's not about data which may have belonged to him in the past, but about its current state.
Banned and deactivated members would need special handling: they can never log in successfully, but the log in itself verifies their ownership - so the error message ("you are banned"/"your account is deactivated") should come with a similar button for a download request - this time the link can only be served in a notification email.

Brf wrote: ↑Wed Jun 29, 2022 8:54 pmYou can pull up your profile page and see that, then search for all your posts and see them.

Nope: posts, topics and forums can be inaccessible to that user, yet still hold data of him. Posts can be invisible but still exist thru being soft deleted. Posts can be unavailable because they still wait for being approved. Not to speak about log events, login attempts, IP addresses and uncensored post content. That's the very sense of i.e. GDPR: that you get what is actually stored, not what you can gain yourself with further limits (think of search flooding limits when going thru every page of the results, and think of that your data can be deleted or manipulated at any time, while having a snapshot of it is more reliable). Do that here manually with your ~52816 posts, being stored in a format that can be read afterwards, and I'll pull my hat, because then you're really able to do yourself what you suggest others.

HaioPaio · Post by **HaioPaio** » Fri Jul 08, 2022 5:04 pm

It would be helpful if the term "Member Data" would be defined.
If personal data in a sense of GPDR is meant, the posts and attachments are not part of it.
However, it might be a nice feature to allow download of those with a mechanism like AmigoJack suggested.

For the "personal data" as per GPDR, its not a convenience item.
Any board owner (under GPDR jusdiction) has the obligation to provide a full set of personal data to any member on request.
In order to avoid a time consuming manual collection and preparation of the data by the board owner, it would be wise to have a mechanism for assembling that dataset automatically. Just for making the board owners live easier.

However, if such mechanism would be available, it would be a logical step to allow members to download the data without board owners intervention.

Posts and attachements are not personal data.
It would be a nice add on to allow inclusion of members posts as a convienience function. However inclusion of all attachements seems to be more difficult.
What about the members Privat Messages?

For that reason, I suggest a clear definition of the "Member Data".

Post by **Brf** » Fri Jul 08, 2022 5:40 pm

AmigoJack wrote: ↑Fri Jul 08, 2022 4:27 pm Nope:

You are correct. There is other data besides visible posts. None of that is keyed off of email address though. All of it would be keyed on user-id. I can see where it might be useful for a regular user to know the list of ips, for instance, that they have posted from. I do not know what would be stored concerning login attempts though, other than the number of unsuccessful attempts, which is zeroed once you log in successfully.

HaioPaio wrote: ↑Fri Jul 08, 2022 5:04 pm Posts and attachements are not personal data.

Maybe not, but the IPs those post and attachments came from are perhaps.

AmigoJack · Post by **AmigoJack** » Fri Jul 08, 2022 9:05 pm

HaioPaio wrote: ↑Fri Jul 08, 2022 5:04 pmGPDR
GPDR
GPDR

It's GDPR = Data Protection, not "protection data".

HaioPaio wrote: ↑Fri Jul 08, 2022 5:04 pmPosts and attachements are not personal data

I disagree. And it's even worse because post authors can be re-assigned - if that happened (have fun browsing the log data for each post, even programmatically) then the IP address must be seen for the post and not its author anymore. Which means: just looking up user IDs is not enough when handing out IP addresses per post.

Also all quotations must be removed from posts, private messages and signatures that don't have content of the user himself.

Don't forget that reports, avatars, drafts, bookmarks, subscriptions, friends/foes lists and managed usergroups are also user content. For moderators also log entries made by them (f.e. warnings) must be considered.

warmweer · Post by **warmweer** » Fri Jul 08, 2022 9:25 pm

What about posts being reassigned to other users (the IP isn't the IP the intended user had), images uploaded, logged actions by a user, or logged moderator or administrator actions on data provided by the user?

A couple of years ago I had quite a few discussions with lawmakers and lawyers about what an administrator is allowed to delete, edit or add/remove and strictly speaking it boils down to (and this is where the fun part starts): anything which in one way or another can be connected to a user (loose interpretation).

edit: I see that Amigojack also sees some extra pitfalls.

HaioPaio · Post by **HaioPaio** » Sat Jul 09, 2022 7:00 am

AmigoJack wrote: ↑Fri Jul 08, 2022 9:05 pm It's GDPR = Data Protection, not "protection data".

Thanks. You found the typo, feel free to keep it.

kizuzi · Post by **kizuzi** » Fri Aug 05, 2022 7:48 am

Hy,

Here is a modification that allow to download the data via the user control panel:
https://tas2580.net/downloads/phpbb-privacyprotection/

This extension make the user possible to delete himself but the extension is not maintained anymore:
https://brokencrust.com/#delete-my-account

In my opinion both possibilities should be in the phpBB Core Code.

Best Regards, Daniel

Votes

Status