Discussion in 'Forum Management' started by Robust, Oct 17, 2016.
Do you legally have to delete a user's account if requested?
Only in Europe. If your servers are located elsewhere you should be OK.
Requested by who? Legal authorities? The user itself?
I believe he's talking about the user.
Ah, I remember him being from UK if I am not mistaken (in my first post I was thinking he is from US, but now I do remember better).
If so, I think you should google for "UK Data Protection Act". It is in multiple sources listed, that you have to remove their personal data, if asked, which also means a user account. But as I am not a native English speaker and don't live in UK, you should probably double check it.
No. It is your site and they agreed to license their content to you when they registered.
Note: You may want to delete anyway it just to be nice. On my forum, I delete accounts on request but not the content they made.
(Disclaimer: I'm not a lawyer and this is not legal advice)
A forum account under an anonymous alias name does not equate private data. Such account will need to be cleared of email, date of birth and anything identifiable.
A forum account under a real name does equate private data. Such account will need to be deleted or modified.
Mind that we are publishers and that our members are our authors who submit texts about our niche topics. This is very different from social media where all user content is private data tied to a personal account.
What if you sell something? Technically, for legal reasons, you must keep proper information about the customer (name, address, etc.) for VAT, for example, and taxes (if more information is requested). If the user requests their personal information removed here, what takes priority?
Whilst account data (email address, dob, possibly username depending on what they picked etc) would likely count as personal data, in general forum posts do not count as personal data (a fairly good guide as to whether data is personal or not can be found in this guide). As such, it should be sufficient to either remove the account or change all of the data fields mentioned but leave all of the posts intact.
OK, so apparently according to the UK Data Protection act, address, name, etc. is not classed as sensitive information subject to the act. http://www.legislation.gov.uk/ukpga/1998/29/section/2
@Robust don't forget to register as a data controller...
You have to register if you process 'personal' data - it doesn't have to be sensitive data.
Separate names with a comma.