[buddypress-trac] [BuddyPress Trac] #7825: Privacy: Erase/anonymize user content

buddypress-trac noreply at wordpress.org
Fri May 11 19:58:36 UTC 2018 

#7825: Privacy: Erase/anonymize user content
--------------------------+-------------------------
 Reporter:  boonebgorges  |      Owner:  (none)
     Type:  enhancement   |     Status:  new
 Priority:  normal        |  Milestone:  3.1
Component:  Core          |    Version:
 Severity:  normal        |   Keywords:  2nd-opinion
--------------------------+-------------------------
 Parent ticket: #7698

 GDPR guarantees the Right to Erasure, which we must respect.

 We already do a fairly thorough (perhaps too thorough) job of deleting
 data on user deletion. On `'delete_user'`, we do the following:

 - delete all of a user's friendships and friendship requests
 `friends_remove_data()`
 - delete all of a user's notifications
 `bp_notifications_delete_notifications_on_user_delete()`
 - delete all activity items belonging to the user (matches `user_id`)
 `bp_activity_remove_all_user_data()`
 - delete all "user blogs" - metadata about user-blog connections from
 `wp_bp_user_blogs` - `bp_blogs_remove_data()`
 - delete all of a user's group memberships, all group
 invitations/requests, and all groups of which the deleted user was both
 the creator and the sole administrator (yikes)
 `groups_remove_data_for_user()`
 - delete user's custom avatar `bp_core_delete_avatar_on_user_delete()`
 - delete user's last activity `bp_core_remove_data()` (redundant with
 activity deletion)
 - delete user's xprofile data `xprofile_remove_data()`

 Stuff we don't delete:
 - Messages. Instead, we anonymize username and content. See
 `bp_get_the_thread_message_content()`.
 - Cover images. See #7636.

 Are there things I've left off the list?

 In terms of GDPR, I'm uncertain that there's anything else we need to do
 here. In terms of having a better system more generally (like allowing
 admins to retain certain kinds of info that might be legally required for
 other reasons), we have a lot of work to do, but it's perhaps less urgent
 than other GDPR-related tasks.

 Anyone else have thoughts about whether anything additonial needs to be
 done here for 3.1?

-- 
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7825>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac

More information about the buddypress-trac mailing list