Deleting accounts by the administrator - info to the user

Discussion of non-phpBB related topics with other phpBB.com users.
Forum rules
General Discussion is a bonus forum for discussion of non-phpBB related topics with other phpBB.com users. All site rules apply.
Post Reply
User avatar
tojag
Registered User
Posts: 422
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Deleting accounts by the administrator - info to the user

Post by tojag »

Hi everybody.
There are situations when the administrator has to delete the user's account, eg because he is inactive, because he is spamming, because he breaks the rules, etc. As a party to the contract specified in the Regulations, I have a record that I can delete an user account for various specific reasons by sending information about the termination of the contract to the email address assigned to the account.
If You delete accounts as administrators on yours own forums, do You first send an email or PW information to the user that the account will be deleted soon? What are the entries in your regulations on this subject? Do You write that the administrator can delete the account without warning or after a few warning, or something else?
What is Your practice in this field?
Personally, I do not use this formula, which is standard with phpBB as acceptable for registration. I have it modified much to my needs and legal requirements, with reference to the Regulations, eg who is the administrator, what data is collected and what for, etc. It has much to do with the currently implemented GDPR directive, but it has been functioning much earlier in many countries as information requirements for users of websites.
There, I also have described the conditions for terminating the contract and hence my questions about how You do it.
Regards
User avatar
Lumpy Burgertushie
Registered User
Posts: 69223
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Deleting accounts by the administrator - info to the user

Post by Lumpy Burgertushie »

I would be willing to bet that most board owners never change the standard TOS that comes with phpbb.
also, most probably just delete accounts when they become inactive for a certain length of time and/or when they consistently break the board rules and don't bother to even inform the user.

remember, it is just a bulletin board, most people do not take it near as serious as you seem to .

luck,
robert
User avatar
AmigoJack
Registered User
Posts: 6108
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: Deleting accounts by the administrator - info to the user

Post by AmigoJack »

I never delete accounts, but instead either ban or deactivate them. Reason is: multiple accounts belonging to one person are not allowed, and preserving their names and e-mail addresses is one of many steps to recognize re-registration(attempt)s. Also this has the advantage of being able to reactivate accounts for persons coming back after years (which really occurs from time to time) or to reset passwords manually once the owner has proved it's his account (i.e. when they can't access the e-mail account whose address is set up in their profile).
User avatar
warmweer
Jr. Extension Validator
Posts: 11234
Joined: Fri Jul 04, 2003 6:34 am
Location: Van Allen Bel ... gium
Contact:

Re: Deleting accounts by the administrator - info to the user

Post by warmweer »

AmigoJack wrote: Thu Mar 22, 2018 8:13 am I never delete accounts, but instead either ban or deactivate them. Reason is: multiple accounts belonging to one person are not allowed, and preserving their names and e-mail addresses is one of many steps to recognize re-registration(attempt)s. Also this has the advantage of being able to reactivate accounts for persons coming back after years (which really occurs from time to time) or to reset passwords manually once the owner has proved it's his account (i.e. when they can't access the e-mail account whose address is set up in their profile).
Nice, I'll just quote that since I do exactly the same.
User avatar
tojag
Registered User
Posts: 422
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: Deleting accounts by the administrator - info to the user

Post by tojag »

Lumpy Burgertushie wrote: Thu Mar 22, 2018 12:46 am I would be willing to bet that most board owners never change the standard TOS that comes with phpbb.
That's right, most do not change anything, and when reading this, sometimes you get the impression that the registration concerns a forum run by phpbb, not by the owner of that forum;)
But phpBB can also be used for serious things. I have seen many forums for large companies based on phpBB. So you can not be so carefree. Especially if it is a commercial activity. It is enough that on the forum are adverts or it is run by a company and it is already treated as a commercial forum.
Lumpy Burgertushie wrote: Thu Mar 22, 2018 12:46 am also, most probably just delete accounts when they become inactive for a certain length of time and/or when they consistently break the board rules and don't bother to even inform the user.
Probably yes, so, I ask here, I ask professionals not hobbyists how do you resolve this problem. This is especially important for the protection of personal data. Such regulations were earlier but different in different countries. At present, the same law will apply throughout the EU, so an appropriate approach can be developed for the whole of the EU. Just as COPPA has been built into core phpbb. Although everyone will do as he likes anyway :)
AmigoJack wrote: Thu Mar 22, 2018 8:13 am I never delete accounts, but instead either ban or deactivate them. [...] preserving their names and e-mail addresses [...]
Do you have a legal basis to store this personal data then? Unless there are other legal requirements in your country.

In other topics I deal with registration and consent issues, here i am writing about deletes the account by admins.
In any case, enabling the registration of a natural person on the forum, we become automatically the administrator of personal data, and from this arise legal consequences.

This can not be ignored even if we run a small website.

Maybe I will ask in this way ...
Do any of you notifying the user that he will delete his account for some reason? Does any of you have this procedure described in forum's regulation?

Regards
User avatar
KevC
Support Team Member
Support Team Member
Posts: 72343
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Deleting accounts by the administrator - info to the user

Post by KevC »

Same here.

Deleting accounts causes a massive mess where the topics lose a lot of continuity. Deactivating is far simpler. If they protest, tough, maybe they shouldn't have acted like a d**k in the first place. However, I've only ever deactivated a small handful of accounts where requested or in one case where a prominent member passed away (and then only to stop anyone trying to contact the account).

If you're deactivating or deleting as they've consistently broken board rules then that's enough reason isn't it?
-:|:- Support Request Template -:|:-
Image
"Step up to red alert. Sir, are you absolutely sure? It does mean changing the bulb"
User avatar
AmigoJack
Registered User
Posts: 6108
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: Deleting accounts by the administrator - info to the user

Post by AmigoJack »

tojag wrote: Thu Mar 22, 2018 8:45 amDo you have a legal basis to store this personal data then?
I neither have it starting with the registration process, nor during their active membership or afterwards. One could argue GDPR will also backfire so private persons also need to make sure to erase e-mail addresses (and more personal data) upon request which they addressed upon registration or elsewhere.
User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 6673
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James
Contact:

Re: Deleting accounts by the administrator - info to the user

Post by HiFiKabin »

tojag wrote: Thu Mar 22, 2018 8:45 am
AmigoJack wrote: Thu Mar 22, 2018 8:13 am I never delete accounts, but instead either ban or deactivate them. [...] preserving their names and e-mail addresses [...]
Do you have a legal basis to store this personal data then? Unless there are other legal requirements in your country.
The GDPR gives you the 'right to archive' without which you would be unable to keep a list of banned email addresses usernames and ip addresses
User avatar
P_I
Community Team Member
Community Team Member
Posts: 2353
Joined: Tue Mar 01, 2011 8:35 pm
Location: Western Canada 🇨🇦
Contact:

Re: Deleting accounts by the administrator - info to the user

Post by P_I »

AmigoJack wrote: Thu Mar 22, 2018 8:13 am I never delete accounts, but instead either ban or deactivate them. Reason is: multiple accounts belonging to one person are not allowed, and preserving their names and e-mail addresses is one of many steps to recognize re-registration(attempt)s. Also this has the advantage of being able to reactivate accounts for persons coming back after years (which really occurs from time to time) or to reset passwords manually once the owner has proved it's his account (i.e. when they can't access the e-mail account whose address is set up in their profile).
Count me in this camp as well. If a member is banned, then we generally provide the reason in the Reason shown to the banned: field.
tojag wrote: Wed Mar 21, 2018 10:30 pm do You first send an email or PW information to the user that the account will be deleted soon?
No. Because there is no means to know if the email address for the account is still valid and being used. Often throw-away email addresses are used to register for forums and they aren't always monitored.

Our process is generally to use phpBB's Warn user process should a member violate our forum rules. Multiple warnings becomes candidate for banning. Spammers just get banned outright. Serious violations of our forum rules might result in a direct ban without warning.
User avatar
tojag
Registered User
Posts: 422
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: Deleting accounts by the administrator - info to the user

Post by tojag »

Thank you for all the answers.
With regard to inactive users, I can accept their removal after some time even automatically, without informing about it. I can even write about it in the activation e-mail. It would be the best if I could set the expiration time of the activation link (is not it yet??? maybe it is a good idea?).
However, with active accounts, it is already harder. I guess I can not unilaterally terminate the contract without prior information about it. I checked that, for example, FB informs that he deleted the account.
User avatar
david63
Registered User
Posts: 20646
Joined: Thu Dec 19, 2002 8:08 am

Re: Deleting accounts by the administrator - info to the user

Post by david63 »

tojag wrote: Thu Mar 22, 2018 8:55 pm FB informs that he deleted the account
And we all know how good FB are at securing data
User avatar
tojag
Registered User
Posts: 422
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: Deleting accounts by the administrator - info to the user

Post by tojag »

Of course David, but this topic is about procedures not security.
In fact, most of the issues I have recently touched on relate to procedures and compliance with legal requirements.
Safety requirements are usually defined in other laws, e.g. in standards. In my country there is a regulation regarding the security of IT systems, a regulation on personal data processing documentation and technical and organizational conditions that should be met by devices and IT systems used to process personal data. This applies to databases, encryption of connections, password requirements, registration of data processing activities, etc. and often refers to ISO standards.
I am sure that in other countries there are also such regulations because in nowadays of the information society it is necessary.

And FB did wrong. I do not regret them. I wonder whether the security has failed or whether the data has simply been sold. This example shows how important data protection is now. You may be bankrupted due to a system or procedure error.
The case came before GDPR came into force, but I think that the EU and GB may want to punish FB even with penalties described in GDPR (4% of global turnover). I do not know if the US will do anything about it.
I follow the topic with curiosity.
Post Reply

Return to “General Discussion”