what means anonymization ?
(during testing)
@raphael wrote elewhere:
Come amministratore di Discourse, si ha la possibilità di anonimizzare un utente.
L’articolo 17 del GDPR afferma quanto segue:
“The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay”
(Source: Art. 17 GDPR – Right to erasure (‘right to be forgotten’) - General Data Protection Regulation (GDPR))
L’utente deve quindi avere la possibilità di cancellare i propri dati personali tramite una richiesta. (I dati personali sono dati che possono essere ricondotti direttamente alla persona interessata: e-mail, nome utente, indirizzo IP, …).
Se un utente desidera che i suoi dati vengano cancellati, procediamo come segue: anonimizziamo l’utente. Ciò significa che cancelliamo tutti i dati personali e li sostituiamo con dati non riconducibili alla persona.
Con l’anonimizzazione, separiamo la persona fisica dall’account. Ciò è conforme al GDPR e l’account non può più essere ricondotto alla persona fisica.
L’utente ha la possibilità di anonimizzarsi stesso - questo può essere richiesto via PM o email agli amministratori (https://talk.lugbz.org/about ).
We never had such troubles with mailing lists. Why do they become relevant now that we are using Discourse?
If a person has posted something on a public forum, why are we responsible for deleting this post, if the user wants to delete it, or “anonimizing” the user (whatever that means)?
If this is what GDPR is about, than sorry but GDPR is crazy. I’d rather believe that Raphael is ignorant about GDPR (and so am I). I wouldn’t trust Raphael’s assertions about what GDPR requires.
We are not the only ones that are using Discourse in EU, are we? Let’s check the privacy policy of other similar organizations and adopt one of them.
My feeling is that we should just make it clear to the users that this is a public forum, therefore they should be careful about what they post, so that they don’t publish any personal, or private, or sensitive data.
This might be useful:
I’m not a lawyer, I can only read laws and understand what they say. I’m far from an expert!
But as operators, we have to comply with the GDPR (whether we like it or not).
perhaps only a language-problem @dashohoxha ?
It is NOT needed to delete the posts of the user who wants to be cancelled.
It is only “personal data” that has to be removed on request, not the postings.
I agree that the formulations of GDPR (and the comments of “authoritative interpreters at higher level” !) tend to spread insecurity.
Therefore i would like to be happy with this mechanisms offered by the devolper-team of discourse and not engage in GDPR-debate.
I suspect such requests are very very rare at LUGBZ. Am i wrong?
Maybe you are right.
I am ignorant on GDPR and other legal issues, and I have no wish whatsoever to become an expert on such issues.
Common sense suggests that GDPR is relevant to private companies that offer services to customers, not to non-profit associations like LUGBZ.
In our case (for Discourse, mailing lists, etc.) GDPR applies to us as much as it applies to a newspaper. After an article is published on a newspaper, can its author request it to be removed? Or can he request to change the name of the author to an anonymous one? It does not make sense, and it is not even possible.