Right off the top, we want to talk about GDPR and specifically Article 17, Right to erasure - the right to have personal data removed from a system. Let’s start with the definition of “personal data”, defined in Article 4;
We are sometimes contacted by forum users issue a request under GDRP for all of their personal data and forum posts to be erased or removed from the system. We are easily able to comply with the removal of personal data from the system through a process called account anonymization. That process consists of renaming the account to the word anon followed by a long series of random digits (anon67512437 for example) , and the complete removal of the user’s email address and all profile information the user entered into their account profile from the system.
Under this definition, account anonymization fulfills Article 17’s requirements by removing / destroying all personal information related to the user’s account profile including name or chosen handle, email address, and any other account profile information entered about the user, by the user.
What is not possible in some cases is the complete removal of that user’s posted content in the forum. This due to our forum software’s design (Discourse). According to Discourse developers, a forum is set up for conversations, and the value to the forum and the community is in the discussion (hence the name Discourse). Removing all posts from a particular user would irreparably damage each and every thread that user participated in. Therefore, Discourse does not allow users to delete posts who have A) many posts across multiple threads, and B) posts older than 60 days:
Not only do we happen to agree with Discourse’s developers on this point, we are also confident that account anonymization is successfully fulfilling Article 17’s requirement. If you disagree, we advise you to refrain from publicly posting personal data to any threads or wikis hosted on this forum.
We collect information from you when you register on our site and gather data when you participate in the forum by reading, writing, and evaluating the content shared here.
When registering on our site, you may be asked to enter your name and e-mail address. You may, however, visit our site without registering. Your e-mail address will be verified by an email containing a unique link. If that link is visited, we know that you control the e-mail address.
When registered and posting, we record the IP address that the post originated from. We also may retain server logs which include the IP address of every request to our server.
Any of the information we collect from you may be used in one of the following ways:
- To personalize your experience — your information helps us to better respond to your individual needs.
- To improve our site — we continually strive to improve our site offerings based on the information and feedback we receive from you.
- To improve customer service — your information helps us to more effectively respond to your customer service requests and support needs.
- To send periodic emails — The email address you provide may be used to send you information, notifications that you request about changes to topics or in response to your user name, respond to inquiries, and/or other requests or questions.
We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information.
We will make a good faith effort to:
- Retain server logs containing the IP address of all requests to this server no more than 90 days.
- Retain the IP addresses associated with registered users and their posts no more than 5 years.
Yes. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow). These cookies enable the site to recognize your browser and, if you have a registered account, associate it with your registered account.
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our site, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
Occasionally, at our discretion, we may include or offer third party products or services on our site. These third party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
Our site, products and services are all directed to people who are at least 13 years old or older. If this server is in the USA, and you are under the age of 13, per the requirements of COPPA (Children’s Online Privacy Protection Act), do not use this site.
This document is CC-BY-SA. It was last updated May 31, 2013.