Just to clarify: The GDPR applies whenever a service wants to do business in the EU and collects information from EU citizens.
My gut reaction is to agree. However, experience (from seeing similar situations play out in other places) and introspection both tell me that when someone gets into such a mental state, it never turns out productive to try to discuss it - certainly not in public, anyway.
FYI, there was some previous discussion on account/topic deleation and it’s relation to GDPR here: Topic deleted by author
I think it’s probably worthy of a seperate topic though if someone is asking for all their content to be removed. I will point out it is trivial to work out who the author of this post was as they signed their post with their name.
While delving too deep into the specifics of this user is unlikely to be constructive for anyone, I do think there may still be higher-level insights worth learning from, in terms of shifting a long-term pattern of moderator interaction (and one I believe you’ve observed as well). To note, in their post prior on the other GDPR thread, the deleted user mentioned:
After the censorship and rude behaviour of admins, this is just another nail to this site.
After the moderator that they were referring to in that comment deleted that post complaining about them (which raises a potential COI concern), a day later they followed up with this request for account deletion.
Overall, my experience moderating this and a number of other communities suggests that, in general, moderators tend to be a lot more effective at ensuring user cooperatation and cultivating a welcoming, constructive community when they are more kind and empathetic and less harsh and authoritarian when communicating with users, even if they still enforce the rules to the same strictness. Like the warm sun rather than the cold wind convincing the person to take off their coat, I’ve seen time and again how a little compassion really does go a long way toward at turning things around with users instead of turning them off, or turning them away completely.
And that’s something I think we can do a better job at, at least with our words if not our actions.
I am pretty sure I will be able to inexpensively identify the topic starter (TS) from their posts (actually, I already know their name). The question then - is any of the moderators going to screen all the TS’ messages and remove any personal information that is left? Implementation-wise, it is much easier to just remove all the data associated to the person.
It is important to note that there are two parts to the definition:
any data which can be associated with a person (personal data)
identifying a person (the data subject)
Specifically for a forum like this, the complete chat history of a person, all log entries relating to the person’s actions and all meta data stored for a person are part of the personal data which is being processed. This includes data stored in the active system and any other copies of this data stored by the data processor(s), for example as backups.
Accordingly, a person may request deletion of all this data, which can be a very time consuming task for the data processor(s).
Anonymizing the data by removing the identifying link between the data and the person is a much easier to implement task and will often have the same effect.
Given that the forum is being run mostly by individuals investing their free time into administering / moderating the forum, I believe that this second option is the more appropriate way to ask for handling an account deletion request. Anything beyond this should be taken up with the service provider, IMO.