View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0005139 | Composr | core_privacy | public | 2022-12-07 18:39 | 2022-12-24 01:08 |
| Reporter | Patrick Schmalstig | Assigned To | |||
| Severity | Feature-request | ||||
| Status | non-assigned | Resolution | open | ||
| Product Version | |||||
| Fixed in Version | |||||
| Summary | 0005139: Add privacy data options to a member's profile / Assorted GDPR-related privacy management changes | ||||
| Description | Do the following on a member's profile edit screen: * Rename "delete" to something like "Account & Data". * Default to anonymising a member's data when they delete their account. * Add a tickbox under the "delete account" section specifying if a member also wants all of their data deleted (opposed to anonymised) when deleting their account. * Add an additional section allowing members to request downloading, deleting, or anonymising their data automatically. * Make note that any actions regarding their data will be processed using their current username / e-mail / IP address. It will not match previously-used e-mails, usernames, or IP addresses. If they wish to download / purge that data, they will need to contact a site staff. Also do the following: * Add a new config option specifying how long a member must wait in days before they can download their data again. Perhaps also add the ability to charge for the download of one's data (after the first download), which is permissible under the GDPR, if eCommerce and/or points is installed. * Add a new field (default is null) specifying the last date/time a member downloaded their data. If null, a member should be allowed to download their data for free at any time. Once a date is filled in, subsequent download is subject to the configured waiting period and can be charged. * On the Admin Zone privacy screen, add a field for specifying a member who is to be notified of the privacy action (and for download, a link to download the data). If the task queue is enabled, the task will be created under the specified member's behalf. * In privacy hooks, define a "human name" and a "description" for each database table. These are displayed to the member when they request which tables to download, delete, or anonymise. | ||||
| Tags | No tags attached. | ||||
| Time estimation (hours) | 8 | ||||
| Sponsorship open | |||||
|
|
This issue could be split up into a few different issues really. But I'll leave it for now as a big one. What's the rationale for charging for data? Seems it is not really using significant resources so has no real cost to the webmaster, and is very tangential to Composr as a product (i.e. it's a very specific business model that I don't think many would have any interest in). |
|
|
I agree, I see no point in charging for data download. It's just something I read in the GDPR that you could legally do so after making the first download free. |
|
|
For requests where a user is requesting specific data, rather than all data, perhaps a small fee might be applicable. There is also the question of which format a user's data is shared when requested. Email, Secure PDF etc. I think Freedom of Information requests work on the basis of being free except for more specific requests which may need special handling. Not sure whether a charge should be considered for dealing with specific GDPR requests, just comparing with similar acts which are free in principle but may have costs involved in practice unless everything is automated. https://www.techrepublic.com/article/how-to-request-your-personal-data-under-gdpr/ |
|
|
"There is also the question of which format a user's data is shared when requested. Email, Secure PDF etc" - there's no requirement for any specific format, so it is just a dump in whatever format works for us. In our cases we are providing a partial SQL dump. Having data in a rawer format allows people to potentially do their own thing with it, while formatting it into a document would not. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2022-12-07 18:39 | Patrick Schmalstig | New Issue | |
| 2022-12-07 18:52 | Patrick Schmalstig | Category | General => core_privacy |
| 2022-12-07 19:03 | Patrick Schmalstig | Description Updated | View Revisions |
| 2022-12-07 19:26 | Chris Graham | Note Added: 0007784 | |
| 2022-12-07 19:27 | Chris Graham | Summary | Add privacy data options to a member's profile => Add privacy data options to a member's profile / Assorted GDPR-related privacy management changes |
| 2022-12-07 19:34 | Patrick Schmalstig | Note Added: 0007785 | |
| 2022-12-08 19:35 | Adam Edington | Note Added: 0007788 | |
| 2022-12-08 19:36 | Adam Edington | Note Edited: 0007788 | View Revisions |
| 2022-12-10 21:57 | Adam Edington | Note Edited: 0007788 | View Revisions |
| 2022-12-24 01:08 | Chris Graham | Note Added: 0007839 |
