I want to enable comments on my blog again, but (I'm current possibly overthinking things in that) I'm worrying if I need a privacy policy, or how I should think about things like GDPR, and should users be able to delete their comments?
Never thought about this stuff for a second back in the 2000s!
It's difficult to find good answers to these questions, I'm not sure what to search for and I don't trust LLMs for this kind of thing either
@simon https://eur-lex.europa.eu/eli/reg/2016/679/oj#d1e1797-1-1 remember, this is a blanket text. Member-states can add but hot remove constraints.
Under general don't need a function to delete comments, but you need to have a [not necessarily automatic] way for a user to ask to delete all the comments and the information that they ever left any comments. I'll find the exact article and point in some minutes.
I'm very interested what LLM would say.
@simon very importantly – none of this matters if you pseudonymise identities. This is what we're currently doing on the public deployment of https://app.zerohr.io. See our PP: https://app.zerohr.io/privacy
GDPR and laws alike only protect the identities of natural persons, not the devices or software. That's why usages of systems like @plausible are automatically as GDPR-complaint as the system that embeds it.
@simon @plausible this one trick GDPR lawyers don't want you to know about. 🤣
@simon back to the text of the law: if you insist on storing personal data and its mapping to a user name or displaying personal data or identifiable information [I.(26)], you will have to forewarn the user by presenting them with a privacy policy. Note that E-Mail addresses can sometimes squarely and beyond doubt be personal data. In PP, you will have to tell the user everything they legally need to know about the way you process it [II.(6)].
The user will then have to have a way to break consent, which means that the content of their comments may be retained based on terms of service, while the link between the personal data and the data the user produced on the platform must be severed and further processing should be avoided. Furthermore, they may exercise the right to be forgotten (III.(17)] to make you, within reasonable time, delete their data.
The problem is that even if your tos say "we will anonymise your user-generated content", you will have to go through all the content to demonstrate that other user-generated content which is in itself data that your system processes doesn't expose or even internally contain personal data or PII. Examples: quote feature on forums, users calling each other by name based on the information disseminated by your system, archive.org snapshots.
Aside from this consideration, as long as your platform doesn't use automated decision-making based on the personal data, you're in the clear.
@simon I honestly don't think that completely automated erasure is possible in good faith.
When user-generated data comes into play, an erasure in good faith should create an audit trail certainty that the controller took steps to also remove PIIs from user-generated content.
I would probably write a script which amends PII mentions in posts and responses, creates the trace of affected URLs and asks the user who requested deletion if they are happy with that. It's not perfect, but can be done completely automatically and with a good success rate.
P. S.
I assume your website isn't evil and you don't sell the data to Coca Cola and other Amazons. If so, it's pure hell, as it's your responsibility to reach out to third parties and facilitate erasure.
@jonn have you seen any good examples of this? I am totally OK with people requesting erasure