Duplicate Allow users to delete their accounts, to adhere to GDPR regulations

[HJW]

Would be good for it to be built in to allow users to delete their personal data as it's part of GDPR regulations and a pain to keep doing it manually.

 

[Chris D]

I believe there are other suggestions to this effect.

However, it's worth noting, GDPR does not stipulate that users should be able to cancel or delete their own accounts.

The software currently fully and wholly complies with GDPR in its current form.

 

[Alpha1]

The only thing that is not compliant is when a member requests to delete personal information from a conversation. This is not possible and is required under gdpr as I understand it.

It's worth noting that the amount of requests for manual deletion is significant while the majority could be handled automatically if certain members could do it themselves. The deletion itself doesn't take much time but the support ticket communication and checking the account for eligibility makes it unnecessarily time consuming.

 

[Robust]

The only thing that is not compliant is when a member requests to delete personal information from a conversation. This is not possible and is required under gdpr as I understand it.

Maybe, but it's a bit of a messy application of the GDPR. It couldn't really be done automatically, since it's hard to automatically identify what is and isn't personal in a conversation. The only way to then 'comply' with this by the site admins, assuming it is something that has to be deleted, is to give moderators the ability to view the conversations of others and edit them in the frontend, which I think was suggested multiple times before and was controversial. I wouldn't want this in the core personally.

Just to note, the equivalent of this in larger platforms is to ask Facebook to edit or delete a private message or group message sent a year ago. Facebook and Twitter both provide delete message functionality that can be exercised by a user themselves. I don't know whether messages are deleted automatically if a user deletes their account, and if not, if a user can request deletion of those messages after their account is deleted.

So an alternative might be just giving users non-time-limited ability to hard-delete messages in PMs. And it would be worth seeing how larger platforms deal with those two niche cases of account deletion and implement a similar feature.

 

[HJW]

It's worth noting that the amount of requests for manual deletion is significant while the majority could be handled automatically if certain members could do it themselves. The deletion itself doesn't take much time but the support ticket communication and checking the account for eligibility makes it unnecessarily time consuming.

This exactly, a handful of people asking every week is unnecessarily time consuming.

I know xf meets the gdpr regs, but it could be better to reduce the workload of admin. Deleting your account on a social media site is common functionality.

 

[victorjqv]

totally agree

This exactly, a handful of people asking every week is unnecessarily time consuming.

I know xf meets the gdpr regs, but it could be better to reduce the workload of admin. Deleting your account on a social media site is common functionality.

totally agree