[wp-trac] [WordPress Trac] #43175: Discussion - Pseudonymisation

WordPress Trac noreply at wordpress.org
Sat May 19 03:18:28 UTC 2018 

#43175: Discussion - Pseudonymisation
-------------------------+------------------------------
 Reporter:  xkon         |       Owner:  (none)
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  Awaiting Review
Component:  Privacy      |     Version:
 Severity:  normal       |  Resolution:
 Keywords:  gdpr         |     Focuses:
-------------------------+------------------------------

Comment (by summoner):

 Not so easy to find a proper solution:

 On one hand i would delete personal data only as a last resort and only in
 such cases when it is compulsory to do so /see Article 17 (1) a)-f)
 considering even exceptions noted in (3) b) and e) /

 In any other case i would suggest just pseudonymisation or encryption of
 the data mainly because the subject should be able to make themselves
 reidentifyable as it stands in Article 11. (2). So if the controller does
 not store the encryption key anymore but the subjects provides additional
 info to identify themselves, they should be reenabled to exercise their
 rights to access or rectify their data, right to erasure, right to
 restriction of processing and right to data portability.


 However the data controller must also assure proper level of security of
 processing (Article 32 (1) a) and as storing hashkeys separated from the
 hashed data might be too complicated, maybe deleting personal data is more
 preferable in most cases. I mean if there are no obligations to keep
 billing data  for X years in case of online shops for example.

 On the other hand if data deletion will be preferred, then someone who has
 been banned by an admin before just can request the deletion of their
 data, and re-register themselves with the same email address as before the
 ban. Just because in that case not even a hashed version of the actual
 email address will be kept and so there is no means compare that in case
 of such a re-registration. This will challange some admins for sure...

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/43175#comment:17>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list