LaxSlash1993 wrote: ↑Sun May 27, 2018 1:37 pm
Had two GDPR requests, one for access and one for erasure. Denied them both with a link to the US Declaration of Independence.
I would love to hear the reaction (if any). That wouldn't work so well for me though, as although my site is hosted in the USA, and only about US subject matter, I happen to live in the UK.
So far, for any access requests I plan to point people to their UCP links, which shows them all of their own posts (which they can edit if they wish), plus all of their PMs and profile info (again, which they can freely adjust). So nothing is hidden or concealed there.
For account deletion, I've already provided an option for users to do it themselves via a UCP extension (however any existing posts are retained under a "Deleted User" name). My only concern there is that other users may already have quoted one of their posts, which would have embedded their old username in text form into the reply, and I can't see any way to automate fixing that. However people (including the Eurocrats) really do need to understand that once something is posted on the public internet, that content could have been copied
anywhere without the original poster's consent. There are two separate references to this in my Privacy Policy:
- Your invented username, along with any public forum messages and Profile information that you personally and freely choose to share, will immediately be made visible to all users and guests as that is the whole point of a public forum. Remember that any such publicly published content could be copied or quoted anywhere, by anyone, with or without your further consent.
- If you subsequently decide you want to permanently remove your entire user account, and all your personal details, please use the [Delete My Account] facility. Any public content which you might have already posted in the forums will remain visible to other users for archival and continuity of thread purposes, however the posts will become anonymised and attributed to “Deleted User NNNN”. Note: After your account has been deleted you will no longer have any way to modify these now-anonymised posts, so please review and/or edit your existing posts via your [User Contro Panel] before deleting your account.
I have included part of that second point in the "Delete My Account" warning prompt too, so there's no way someone can whinge about it afterwards:
You can use this form to delete your user account, which will permanently remove your username, email address, password, profile information and private messages from our system.
Any public posts which you may have made in these forums will remain visible to other users for archival and continuity of thread purposes, but they will be anonymised and attributed to “Deleted User NNNN”. Please perform any desired edits or changes BEFORE continuing as it will not be possible for you to modify your old posts once they have been anonymised. (You can review all of your public posts using the Overview tab)
Andre