and I don't think the wiki should be a problem either
ruaok
should we mention discourse in the GDPR statement then?
Freso looks over GDPR statement again
Leo_Verto
couldn't hurt to mention that it may send you emails if you opt in
ruaok: iliekcomputers alastairp I just had a realization, isn't Spotify legally obligated to provide an export of a user's full listen history now? :O
Freso
Hm. "Right to be forgotten" is not fully compliant right now. "Restriction of processing" I think is fine. "Right to data portability / exporting your data" is fine, users can download their essential data from the interface, and zas/me can install a plugin to allow them to download extensive data about them upon request.
"Right to rectification" - they can alter their data either in Discourse itself or via MB.
Leo_Verto
"right to be forgotten" should probably use that account deletion system bitmap is working on
Freso
"Right to be informed" is the same as everywhere else.
Leo_Verto: Right now if you delete you MB account, MB will ping Discourse and change username and email to the new anonymised username and e-mail from MB, but it won't change the "name", which means the name will remain the same as the username was.
I think there's an option to toggle this, which will mean that e.g., CatQuest won't be able to be "CatQuest, the Endeavouring Cat" but only "CatQuest".
"Right to access" is the same as "Right to data portability / exporting your data"
But I guess I should turn that name toggle on for now, which should mean that someone deleting their MB account will also effectively get anonymised in Discourse.
Leo_Verto
yeah, right to access mostly doesn't apply because we don't track our users
reosarevok
Heh. "We are preparing your data file. This can take up to 30 days to complete."
Freso
:p
reosarevok
I guess that's the legal requirement? Because it should take like 5 minutes...
Leo_Verto
yeah, because they legally have to do it within 30 days
I wonder if they're going to artificially delay this
Freso
ruaok: I think the "IP addresses" section of "Right to data portability / exporting your data" of our GDPR page is directly applicable to the Discourse site as well.
ruaok
Fresco, I pretty much came to the same agreement.
-c
Leo_Verto
as far as I understand it, IP addresses are kind of a gray zone so we're already playing it pretty safe
Freso
I updated our Discourse install this morning to include a number of PRs merged in the last 48 hours to decrease the numbers of IPs logged in the Discourse db too.
Nyanko-sensei joined the channel
D4RK-PH0ENiX has quit
ruaok
I cant wait to get my spotify data.
Leo_Verto
we should totally build an importer for that data
ruaok
yep, already on my mind.
should be a matter of parsing whatever format they give us.
Leo_Verto
do you know any other services we'd want to import from?
ruaok
deezer. google music. tidal.
Leo_Verto
pandora
ruaok
yes
though...
do they have service in the EU?
if not, they can just ignore the GDPR
Leo_Verto
ah, they don't
shame
I wonder if google music is part of the complete google download?
ok, back to our own GDPR statement.... With regard to discourse, I think we're fine, and I don't really think we need to amend our statement. does anyone disagree with that?
Freso
Seems good to me.
ruaok
Leo_Verto?
Freso
ruaok, bitmap (if you're awake/around :)): I'm thinking of creating an MBS ticket to send a "please delete user" request to Discourse when a user deletes themselves on MB, so the user actually gets removed instead of just "anonymised".
Leo_Verto
does discord store IP addresses for longer than 7 days?
ruaok
does that mean that their posts go away?
Freso
ruaok: That's configurable (a boolean in the "delete user" call), so we can say "yes" or "no" or let the user decide.
ruaok
the real question is this: do we want that? potentially very useful posts will go away from that action.
Freso
I'm also thinking of making a script to iterate over all our "deleted user #…" users in Discourse and deleting them (without removing any posts they may have).
ruaok: I'd say we say "no, don't delete posts (but do delete user)".
ruaok
I'm ok with that.
Leo_Verto
do we still allow deleting all posts at once?
i.e. right to be forgotten
Freso
Leo_Verto: Right to be forgotten, as I understand it from discussions, is also okay with anonymisation as an alternative to deletion.
(Which this would be, a step further than currently.)
reosarevok would rather not allow removing any posts
Leo_Verto
pretty sure we have to allow that
D4RK-PH0ENiX joined the channel
Nyanko-sensei has quit
samj1912
Leo_Verto: lol
reosarevok
Leo_Verto: even if there's the anonymity option?
samj1912
I wonder if I should comment
Leo_Verto
do it :D
rsh7[m] joined the channel
ruaok
ok, last concern from me... google captcha. what concrete action should we take there?
it'd be interesting to know if they store more detailed data there... under the "old" freedom to data my understanding is that they need to give you more data
but I don't know how possible it is to use that right now, or how much gdpr overrides it
it's funny that they want to exclude MB for it being a wiki and unreliable while wikipedia is also a wiki
:)
ruaok
yeah. and with their deletionist tendencies our track record for stable data is better than theirs.
SothoTalKer
it's just one stupid guy
well, 2
looks like the "community" decides on it again (:
legoktm: thanks for trying, at least (:
legoktm
:/
SothoTalKer
well, they want to get rid of it from the authority control template.
which i can kinda understand (:
zas
MB is an unreliable wiki ? bs.
SothoTalKer
i know
zas
Wasn't the possibility to add homepage link removed for new editors ?? Because we have plenty of new editors (few days), 0 edits, Beginner, which are spam accounts