Delete IPs per user (GDPR)

[pequeno]

It would be very useful delete IPs for each user.

[Stuart Silvester]

Please take a look at our recent blog

 

[Aiwa]

Read the recent blog about 4.3.3. 

There is a new setting that will automatically remove ALL IPs after a set period of time ( GDPR reasonable storage ). Configure that setting put it in your privacy policy and call it a day.

What utility would removal of IPs for a single user provide with that setting already existing? 

[pequeno]

Thank you @Stuart Silvester and @Aiwa

I already have 4.3.3 installed and I had read that blog post.
I can indicate a time to delete IPs from the members, or delete a member and their IPs. But can I remove the IPs from a single member without removing their account?

If a member asks me to delete their IPs, how do I do it?

[Aiwa]

22 minutes ago, pequeno said:

If a member asks me to delete their IPs, how do I do it?

Honestly... I'd not bother yourself with such requests.  Show them your privacy policy, and make sure they've accepted it... Tell them their IP's will be removed after X days, and call it a day.  Tell them if they want all their individual IPs to be removed outside of the normal privacy policy, their account must also be removed... I say that because the next time they post any content, their new IP will be stored thus defeating the purpose of their original request.

By the time the user gets someone involved that would send you a scary letter demanding their IPs be removed, they'll have already been removed... 

[PPlanet]

I actually see a good point to have that capability of deleting individual IP addresses (as opposite or in addition to a periodical prune), particularly for those who are not based in the EU.

It would add greatly to the capacity to anonymise a particular user, deleting what GDPR considers private data, yet still have a token user with all the posts and content posted and interrelated, just like any other active user.

Let's face it, many people welcome the GDPR, but I am not particular happy having to comply with it operating outside the EU and not targetting EU users for anything (yet one may come along requesting for his/her data to be deleted). I'm in Australia, where there's a privacy act which was applied with much more common sense IMHO (it does not apply to businesses with turnover under 2 AUD million unless you voluntarily opt in). Anyway, I digress.

My main point is that 99% of my users are not in the EU, but we'd have to bend over backwards for that remaining 1%. Having IP addresses not only may be a legal requirement in some cases, it helps us with the running of the site. My site is mainly about customers posting reviews of a particular type of services/industry, and we don't allow more than one account per user to avoid people abusing the system. Many, many times the IP address is what have allowed us to establish the reviewer is not a bonafide customer but a competitor, etc. Not to mention your common garden variety trolls. It's been getting more difficult with VPNs and new technology, but still I'd rather keep the IP addresses because to some degree they still help us.

So, it would be fantastic to have the capacity to delete all IP addresses of just one individual user if it needs be.