In this case, the OP voluntarily chose to manually add a (otherwise redundant) personal identifier to the free-text body content of their messages, a practice that is (officially discouraged by Discourse) and by general best practices in online communication, for this reason among others.
Given this was entirely voluntary at their own initiative rather than anything requested by or part of our platform (and in fact actively discouraged by such), no different from any other details they might have chosen to add to their free-text posts that could plausibly identify them or someone else, and they could have edited their posts to remove it or requested our help doing so, I see this as ultimately the responsibility of the user rather than of the platform administrators. In this case, they did not do so and explicitly agreed that anonymizing their Discourse account name was sufficient.
If this a concern in the future, though, we could officially adopt a policy stating that members should avoid adding manual âsignatureâ lines to post, both for this reason and because it is redundant and merely takes up space and clutters the conversation.
Indeed, the linked blog post (which was written by a lawyer) appears to confirm our interpretation here. The account must be anonymized and its personal data deleted, but not the userâs posts, nor references to their username in the post body (unclear if that would include the userâs own posts, but they are free to edit them or request help doing so if they choose).
Just to note in case there is any doubt, the former option was what was taken in this case.
What exactly IS the jurisdiction of the GDPR and other EU legislation though? Iâm still a bit confused by that. Is the PSF subject to EU law? Is EU law even a thing, or is it that EU guidelines are adopted by member states and become the laws of each country? What are the consequences if we get this sort of thing wrong - given that this thread is based almost entirely on non-legal-advice, with just one blog post by a lawyer (which itself has to be translated, so thereâs the risk that weâre reading it incorrectly)?
Our Discourse instance is run by the PSF (AFAIK), so the PSF is the data controller under the GDPR.
The company CDCK behind the hosted instance is one of the data processors and their IT service providers chained to them under the GDPR (Iâm assuming here that our instance is indeed hosted by CDCK; there are other hosters as well, but the situation is the same, regardless of where the hoster is based).
If we get this wrong, there are various ways for people to file complaints. Itâs also possible to go to court (search for âSchrems GDPRâ to get an idea of whatâs possible).
Finally, the GDPR has been a thing since 2018 across all EU member states (its a regulation, unlike a directive, which has to be put into national law). To make things more interesting, EU national regulations may add ways of opening up restrictions of the GDPR (see article 85 ff.) in certain cases.
Where unsure, the PSF can seek legal advice. The topic is fairly complex to say the least and different lawyers will have different opinions on this. At the end of the day the EU Court of Justice has the final say and they have been very much pro-data privacy in the past.
Why am I writing all this ? I have been helping companies comply to the GDPR and received training for this. In general, itâs prudent to be aware of the consequences, because the regulation does have significant fines attached to it.
Weâre sorry to see you go. Just to confirm, per the discussion here your account will be irreversibly anonymized (all personal data deleted) and deactivated (unable to log in again or be used any further) like the OPâs here, while your post content will remain (as part of the public record).
Okay to proceed? And any last feedback (entirely optional, of course) youâd like to share as to why, or what we could do better in the future (Iâm not seeing any moderation history, negative interactions or anything else in your post history that might help us understand this, sorry)?
(N.B., moderators can also suspend, anonymize and delete accounts, not just admins.)
In the long run, it would be better to have some kind of system in place, at least to automate making such requests - and to require authentication when the request is placed and/or finalized (probably only one of those). Otherwise the risk of leaving oneâs computer unattended increases beyond just âsomeone made troll posts with my accountâ to âsomeone got my account anonymizedâ.
Why would it be, if the procedure involves providing login credentials back to the site? People who take advantage of an unsecured laptop are taking advantage of the fact that itâs already logged in; as long as people remember their passwords or use managers, being challenged for the password represents an actual security hurdle. GitHub has âsudo modeâ for a reason, and itâs not just to avoid slip-ups or rage-quits.
Lots of people have password managers. Login credentials donât prove that itâs an exact person.
(emphasis added) Not sure how you come to that conclusion. Even if a password manager requires a master password (some donât), it usually wonât require it for every input of every password, and so the same problem can still occur. And thatâs not even getting into how much easier it is to figure out one master password than different passwords for every site/service.
And no, 2FA is not a solution, unless youâre going to demand it for every single user who signs up for Discourse. And thatâd be a solution far worse than the problem (we do not need that level of barrier to entry just to talk on a basic forum!).
Frankly, I donât think this is a big enough issue to warrant a generalized solution. If the way for people to get their accounts anonymized is âmessage the adminsâ, then itâs (a) possible, but (b) not so obvious that a troll will want to do it. Sometimes, itâs easier to just not formalize anything.
One low-tech and simple to implement, but likely quite effective method of ensuring this send having a 24 hour waiting period after the initial request, after which we the user confirms their intent and then we fulfill it if so. This not only more or less prevents this sort of walk-up attack, but also ensures that users are really sure that they want this. The GDPR allows one month to fulfill the request, so this should not be a problem there.
Yeah. The worst case scenario is⊠You have to make a new account for a web forum? This is one of the most benign things an attacker could possibly do with someoneâs computer.
FWIW, you should be able to contact the admins using the Message button at the top of https://discuss.python.org/g/admins rather than this conversation.