Thanks for the link; that’s very helpful. Just to note, the point I was making wasn’t that the “right to be forgotten” only applies to search engines, but that in the primary example of that “right” in practice, the standard accepted procedure required filing out a detailed form, undergoing human review and a substantial delay on the order of weeks for requests that were approved. Indeed, the page you’ve linked states (emphasis mine)
The right to be forgotten appears in Recitals 65 and 66 and in Article 17 of the GDPR. It states, “The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay” if one of a number of conditions applies. “Undue delay” is considered to be about a month. You must also take reasonable steps to verify the person requesting erasure is actually the data subject.
and also includes a lengthy template request form asking for a number of person details, justification for removing the data, a detailed description of the data to be removed, and a declaration, and requiring a number of supporting documents, including proof of identity and supporting documents for the data removal justification.
By that standard, a simple PM to a TL4, mod or admin that will likely be responded to within a few hours or days is far less of a burden, and thus its hard to see how it would not more than satisfy the requirements here.
Furthermore, the site also states, in part,
However, an organization’s right to process someone’s data might override their right to be forgotten. Here are the reasons cited in the GDPR that trump the right to erasure:
- The data is being used to exercise the right of freedom of expression and information.
- The data is being used to perform a task that is being carried out in the public interest or when exercising an organization’s official authority.
- The data represents important information that serves the public interest, scientific research, historical research, or statistical purposes and where erasure of the data would likely to impair or halt progress towards the achievement that was the goal of the processing.
Therefore, in the event the individual’s posts were a meaningful part of an important discussion, there would be reasonable grounds to decline the request (if perhaps with their name anonymized, which they can easily do themselves); this hopefully shouldn’t happen often, if ever, but the option exists if removing the content would cause significant harm.
As such, there doesn’t appear to be any conflict with GDPR, so long as users can still request that their content be (non-destructively) deleted by moderators with appropriate justification, and allowing deletion of OPs without affecting the rest of the thread would avoid it completely.