It's difficult to find good answers to these questions, I'm not sure what to search for and I don't trust LLMs for this kind of thing either
@simon very importantly – none of this matters if you pseudonymise identities. This is what we're currently doing on the public deployment of https://app.zerohr.io. See our PP: https://app.zerohr.io/privacy
GDPR and laws alike only protect the identities of natural persons, not the devices or software. That's why usages of systems like @plausible are automatically as GDPR-complaint as the system that embeds it.
@simon back to the text of the law: if you insist on storing personal data and its mapping to a user name or displaying personal data or identifiable information [I.(26)], you will have to forewarn the user by presenting them with a privacy policy. Note that E-Mail addresses can sometimes squarely and beyond doubt be personal data. In PP, you will have to tell the user everything they legally need to know about the way you process it [II.(6)].
The user will then have to have a way to break consent, which means that the content of their comments may be retained based on terms of service, while the link between the personal data and the data the user produced on the platform must be severed and further processing should be avoided. Furthermore, they may exercise the right to be forgotten (III.(17)] to make you, within reasonable time, delete their data.
The problem is that even if your tos say "we will anonymise your user-generated content", you will have to go through all the content to demonstrate that other user-generated content which is in itself data that your system processes doesn't expose or even internally contain personal data or PII. Examples: quote feature on forums, users calling each other by name based on the information disseminated by your system, archive.org snapshots.
Aside from this consideration, as long as your platform doesn't use automated decision-making based on the personal data, you're in the clear.
@simon tl, dr: you may choose to not gather PII, then you need PP mentioning it.
If you choose to gather PII:
- PP with your contacts, memo of users' rights.
- TOS.
- Think ahead about how will you process requests for erasure.
@jonn have you seen any good examples of this? I am totally OK with people requesting erasure
@simon I honestly don't think that completely automated erasure is possible in good faith.
When user-generated data comes into play, an erasure in good faith should create an audit trail certainty that the controller took steps to also remove PIIs from user-generated content.
I would probably write a script which amends PII mentions in posts and responses, creates the trace of affected URLs and asks the user who requested deletion if they are happy with that. It's not perfect, but can be done completely automatically and with a good success rate.
P. S.
I assume your website isn't evil and you don't sell the data to Coca Cola and other Amazons. If so, it's pure hell, as it's your responsibility to reach out to third parties and facilitate erasure.
@jonn @simon @plausible GDPR lawyers really hate this neat trick
"All subject requests will be answered and will have their accounts closed to stop the collection of further data. Data is deleted after a year of inactivity"
@simon @plausible this one trick GDPR lawyers don't want you to know about. 🤣