I think that either for recent Cambridge Analytica affair or new EU law about privacy (GDPR), it could be better to enable users to delete all the data relating their accounts by themselves.

Comments (15)
View More
Mark  
Should we add this option? Site owner need to backup data daily or weekend just incase.
Dusty Lor  
At the moment ketkew rightly introduced a new scenario. He said "What if I need to give to the authorities all the data regarding a certain period?". Currently I don't know how big have to be this period. I don't know what different countries laws says. But the main item was focused on the capability of the user to delete his own account. Maybe it could be useful to have a lawyer in this topic...
ketkew  
I think that backup data daily is a separate process which is already arranged by the backup plugin. If the account is postponed deletion for x time it has 2 advantages:

1. if the user has deleted their data but after 2 days he/she has regrets the choice, the user is able to activate their account again (especially if the user has x years of user data on your site)
2. as said earlier, in case of irregularities with a user (or more important: more users), you have the user data directly availabl...  more
Dusty Lor  
2 days could be a fair period of time, I think. I don't know if it could be enough for GDPR (that's my main concern at the moment)
ketkew  
I think the period should be variable set by the admin so that everybody could decide by themselves how long this period will be. GDPR is EU only, other continents/countries handles different privacy laws, therefore the time slot should be variable
Mark  
Here is my suggestion http://prntscr.com/j78vun the default period should be 2 days, it can be changed by admin in admin dashboard.
ketkew  
Ow and Dusty Lor, just for your information: I just read the GDPR rules and also the "right to be forgotton" rule is applicable for backups. So if a user ask to delete their account it also should be removed from the backups...
ketkew  
Mark this would be great!
Dusty Lor  
ketkew so which could be the best practice? Deleting all the backups after a user deleted his account in a couple of days or something like this... maybe?
ketkew  
The law says that the user data should be removed from backups as quick as possible but it doesn't indicate the period. Because it is not workable to delete user data per request from the backup you can apply the policy to store the backup for one week or month and after that remove it from your storage. If you notice this procedure in your terms-of-service or privacy policy then it would be transparent enough.
Dusty Lor  
Thank ketkew!
Mark  
Deleting all the backups after a user deleted his account in a couple of days or something like this... maybe? -> lol, if i want to hack your backup file, just sign up and then delete my account
No login
Login or register to post your comment
arrow_forward
Cookies on mooCommunity - Social Networking Script.
This site uses cookies to store your information on your computer.
Read more east Accept done