ennui

How to delete account?

Recommended Posts

Depending on where scienceforums.net legally exist, they may soon be required to remove personal data if requested.

 

Quote

Right to be Forgotten
Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. The conditions for erasure, as outlined in article 17, include the data no longer being relevant to original purposes for processing, or a data subjects withdrawing consent. It should also be noted that this right requires controllers to compare the subjects' rights to "the public interest in the availability of the data" when considering such requests.

What constitutes personal data?
Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

https://www.eugdpr.org

Share this post


Link to post
Share on other sites
18 minutes ago, zapatos said:

Why?

Two reasons: 1) It applies to businesses. This isn’t a business. 2) Applies to PII. There is no PII collected here.

More orecisely...The only data here that could allow one to trace the user is the email*. The user has the power to change or refrain from sharing that email so maintains the power, not the the site. This makes the user the controller, not the forum. The forum is just the processor, so being compliant simply means giving the user additional privacy options like ability to alter that email without external assistance or 3rd party services.   

*IP address could be used to identify users, but those aren’t exposed to anyone outside of staff and can’t be changed anyway.

**I’m not a lawyer or expert in this space. Users should retain their own counsel to determine what’s best for them in complying with this change approaching in May. 

Edited by iNow
  • Upvote 1

Share this post


Link to post
Share on other sites

Thanks. The implications of this law are just now making their way to me at work and I'm still on the low end of the learning curve. :) 

Share this post


Link to post
Share on other sites

It’s wonky. In short, hide and protect personal data. Those who see it need a valid reason to. Those identified by it need a way to hide it. 

Share this post


Link to post
Share on other sites
9 hours ago, Iota said:

Surely it would be an option to allow users to delete their accounts without deleting their posts and answers. I'm sure other websites manage this; it just means said user's profile is no longer viewable and their email isn't plugged into the website and linked to the account. 

We're limited by the software that we run.  

If you have things in your profile you don't want viewed, you can edit them. But we don't delete accounts.

 

9 hours ago, Iota said:

 Just seems bizarre that people can never leave. 

Anyone is free to leave. It's easy. Log out and don't come back. 

 

8 hours ago, iNow said:

Two reasons: 1) It applies to businesses. This isn’t a business. 2) Applies to PII. There is no PII collected here.

More orecisely...The only data here that could allow one to trace the user is the email*. The user has the power to change or refrain from sharing that email so maintains the power, not the the site. This makes the user the controller, not the forum. The forum is just the processor, so being compliant simply means giving the user additional privacy options like ability to alter that email without external assistance or 3rd party services.   

*IP address could be used to identify users, but those aren’t exposed to anyone outside of staff and can’t be changed anyway.

**I’m not a lawyer or expert in this space. Users should retain their own counsel to determine what’s best for them in complying with this change approaching in May. 

As you've noted, email isn't PII, and it's trivial to get a "burner" email address of one so desired. Any association of identity with an email address lies with the service providing the email address, not us.

IP addresses only resolve to regions, but even then there are those who use proxy servers (whether intentionally or not). I've run across a few examples in efforts to hunt down sockpuppets. A dozen or more different users who have used the same IP bloc, even though they don't physically live anywhere near each other. An IP address doesn't identify you, but as with other information, it could be used as a piece in a puzzle to do so.

The bottom line is that any PII that is provided happens because a member volunteers it. And that genie will not go back in the bottle.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now