Anonymization / GDPR

[Jibeji]

Hi,

In the context of the GDPR, I am wondering wether there is a way to anonymize all the content refering to un unsbscribed user. In my forum, everybody uses its real name, not a pseudo.

I know that the content a user has posted can by anonymized while deleting it in the Admin CP, but the user can also request his name to be deleted everywhere it appears.

Is there a way replace the name of that user in every post (quotation, @user, etc...) ? 

[ptprog]

On 12/5/2018 at 4:35 PM, Jibeji said:

[...] but the user can also request his name to be deleted everywhere it appears.

That would mean you could forbid others from mentioning your name.  I don't think that GDPR requires that level of anonymization.

[Jibeji]

Unfortunately yes.

As the name is a personal information, a user can request it to be deleted.

[opentype]

12 minutes ago, Jibeji said:

Unfortunately yes.

As the name is a personal information, a user can request it to be deleted.

Parts of the GDPR read very strictly can be interpreted that way, but there are also clauses which can explicitly overrule that, e.g. “for exercising the right of freedom of expression and information” or “for archiving purposes in the public interest”, which might apply to forum discussions. Just stating what “Jon Doe” said publicly in a forum might be a typical case for both points. For a definitive answer, we would have to wait for a court ruling which specifically deals with that. Note that GDPR is about data processing and the (mis)use which can follow from that. It is not a tool for people to never being mentioned again on the internet. That’s not the goal since it would have tons of bad consequences as well. 

[Jibeji]

I know that, but the whole sentence is :

Quote

Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:

1. for exercising the right of freedom of expression and information;

It has been declared by the local regulator in France that keeping a name public on a forum is not a such necessity.

[opentype]

Interesting. Then you better post it in the Feedback forum as feature request. There is no way currently to find username in posts and to anonymize them. 

[ptprog]

59 minutes ago, Jibeji said:

It has been declared by the local regulator in France that keeping a name public on a forum is not a such necessity.

Can you provide a source?  (I'm trying to understand to what extent that position applies.  It makes sense for the post metadata, but not for contents written by others.  We could say that quotes are metadata too. When we are talking about content directly written by other users, we would be constraining the freedom of expression of such users, though.)

Edited December 6, 2018 by ptprog

[Jibeji]

The source is a registered letter from the CNIL (Commission nationale de l'informatique et des libertés) I received at home... 😞  

[Nathan Explosion]

This will allow you to display names in quotes and mentions as 'Guest' instead of the original name of the account at the time the quote/mention was made. Note that it doesn't make any changes to the saved content in the database at all - the changes are performed at display time.

 

[bfarber]

What happens (or should happen) exactly if I visit a random forum on the internet right now and post about "Jibeji"? Is the site liable to remove that? Is that "personally identifying information"?

[Nathan Explosion]

On 12/5/2018 at 4:35 PM, Jibeji said:

everybody uses its real name

@bfarber - Jibeji's requirement is based on the above, which is 'personally identifying information' as it's their name. 😉

 

Edited December 7, 2018 by Nathan Explosion

[Jibeji]

Hi,

I'll sql / replace in the database to sort this quickly out.

Thanks for your answers.

[tonyv]

I love this whole real name thing insofar as the internet is concerned. Even an IP address doesn't prove who posted something. For example, every one of my posts on this forum, even if attributed to the same IP address, could have been made by a different person … even from the same computer! 

I take note of the varying levels of brainwashing in other areas of life, too. For example, I don't care for the whole "legal signature" thing either. I'll sign my name however I want -- differently every time if I like. Here's how that has gone down in a bank when cashing a check I endorsed with some scribble in front of the teller:
 

Teller: Is this your actual signature?

Me: You just witnessed me sign it!

Teller: Well, could you please sign it so it looks like it does on the ID ...

Me: Okay
 

Yea, I guess no one else in the world could have done that. And the picture on the ID even kind of looks like me … 

Edited December 7, 2018 by tonyv

[bfarber]

On 12/7/2018 at 8:07 AM, Nathan Explosion said:

@bfarber - Jibeji's requirement is based on the above, which is 'personally identifying information' as it's their name. 😉

 

Doesn't really answer my question, however. I can go to any site and post someone's name...that's not the same as retaining records of a user unnecessarily.

But anyways, I'm not going to get drawn into a legal debate about GDPR right now. 😛 

[Jibeji]

Just in case it is needed by someone else, here is what I have done:

$sql = "select member_id from ibf_core_members where name = '".$name."'";
$result = $pdo->query($sql);
$row = $result->fetch();
$member_id = $row['member_id'];
   
require_once('/path/to/forums/init.php');
$IPSLogin = new \IPS\Login\Internal;
$IPSLogin->init();$member = \IPS\Member::load( $member_id );
$member->delete(false);

$sql = "update ibf_forums_topics set starter_name = 'Nickname You Want' where starter_name = '".$name."'";
$pdo->query($sql);
$sql = "update ibf_forums_topics set last_poster_name = 'Nickname You Want' where last_poster_name = '".$name."'";
$pdo->query($sql);
$sql="update ibf_forums_posts set post = replace(post, '".$name."', 'Nickname You Want'";
$pdo->query($sql);
$sql = "update ipb.ibf_forums_posts set author_name='Nickname You Want',edit_name='Nickname You Want' where author_id=".$member_id;
$pdo->query($sql);

 

Edited December 10, 2018 by Jibeji

[bfarber]

That worked? Because this looks like a broken query:

$sql="update ibf_forums_posts set post = replace(post, '".$name."', 'Nickname You Want'";

 

[Jibeji]

A parenthese is missing.

In my case, 'Nickname You Want' field contains a paranthese, I messed the paste up. 🙂

$sql="update ibf_forums_posts set post = replace(post, '".$name."', 'Nickname You Want')";

 

[jesuralem]

Hi there,

I know i am very late on this subject but i have a related question, when we delete a member and we want to keep the content, we only have to options :

now i know gpdr requires us to remove all personal information if the user requests it, but our "internet host" status also requires us to store IP addresses of content published by the members so they can be identified if they post something illegal.

I would thing keeping the IP addresses of deleted accounts posts qualifies as legitimate interest and thus we do not have to delete them.

Anyway, basically what i am saying is i would very much like a third option with anonymization of the posts but keeping the IP addresses. At the moment i do it manually by renaming the users prior to deleting him with the "continue to attribute" option.