PII data + account deletion requests -> Keep user names

[peter.schaefer]

As far as i can see, a deleted user will always be a guest, but with more and more deleted users, you can't understand threads any longer, where a few different deleted accounts seem to talk to themselves. Adrianos plugin does that quite fine.

And it is often not a good idea to have username used twice by different users.

Thanks.

[Dreadknux]

The problem you have with this is that, a username is technically PII (as it can be traced across other platforms, if the user has the exact same username across social media etc). Also some people may use their real name as a username, which would be a privacy issue if a deleted user's name is kept intact... *looks at your username* 😅

There's probably something to having a generic auto-generated username made for deleted users instead of 'Guest' all the time, but you still have the issue of not knowing who people are talking about in-post if old users are referenced. It's a tricky one.

[peter.schaefer]

There are not that many idiots like me, using their own real name in the internet and  who should know that the user "HappyClown" here is the same as on reddit or any low place board?

As a matter of fact, we don't know and so nobody else does. Simply assuming it might be the same, does't make it a personal identifiable information. It could be anyone.

Maybe the NSA or any other rubber hose decryption specialist know better, but having kind of them looking for you, any user name you have anywhere would have been in a log file from a long time ago.

Edited February 7 by peter.schaefer

[My Sharona]

Perhaps giving the admin the power to choose the name that postings get attributed to is the solution here.

[Dreadknux]

14 hours ago, peter.schaefer said:

There are not that many idiots like me, using their own real name in the internet and  who should know that the user "HappyClown" here is the same as on reddit or any low place board?

As a matter of fact, we don't know and so nobody else does. Simply assuming it might be the same, does't make it a personal identifiable information. It could be anyone.

Unfortunately, that kind of argument won't get you very far with legal/data authorities asking why you haven't been compliant with PII data. 😅 If it can happen, regardless of how often it does or not, then it needs to be covered.

[peter.schaefer]

12 hours ago, My Sharona said:

Perhaps giving the admin the power to choose the name that postings get attributed to is the solution here.

Better than now  think, but it will get difficult with a large community.

I have used https://www.openwall.com/passwdqc/ very often and it gives good readable passwords like "lucy7Spain*legal" and would give nice original user names for the different guests created.

[peter.schaefer]

33 minutes ago, Dreadknux said:

Unfortunately, that kind of argument won't get you very far with legal/data authorities asking why you haven't been compliant with PII data. 😅 If it can happen, regardless of how often it does or not, then it needs to be covered.

"Personal data means any information that relates to an identified or identifiable living person. Various pieces of information that together may lead to the identification of a specific person also constitute personal data."

https://commission.europa.eu/law/law-topic/data-protection/reform/what-personal-data_de#:~:text=Personenbezogene Daten sind alle Informationen,stellen ebenfalls personenbezogene Daten dar.

Tell me how you identify user fritz.mueller?

To quote the great philosopher Brian Mills - Good luck. 😉 

Just to remember: All I want is guests with distinguishable names. Doesn't have to be the same as used before.

[Dreadknux]

22 minutes ago, peter.schaefer said:

"Personal data means any information that relates to an identified or identifiable living person. Various pieces of information that together may lead to the identification of a specific person also constitute personal data."

https://commission.europa.eu/law/law-topic/data-protection/reform/what-personal-data_de#:~:text=Personenbezogene Daten sind alle Informationen,stellen ebenfalls personenbezogene Daten dar.

Tell me how you identify user fritz.mueller?

To quote the great philosopher Brian Mills - Good luck. 😉 

Just to remember: All I want is guests with distinguishable names. Doesn't have to be the same as used before.

For the record, I do think your request is a reasonable one. 🙂 I am simply explaining that, regardless of what you might think or interpret, a username is still considered personally identifiable information, and so simply keeping a user's name upon PII deletion (which is what you suggested in the OP) isn't really a viable option.

For example, my username is obviously not my real name, but if you were to Google it, you would find similar accounts with that name all over the internet. It is a personally-identifiable piece of information that can associate me with other content online. You could likely do the same with "fritz.mueller" - any kind of information that could reasonably be associated with that name, counts as a method of "how you identify" that person.

That is the meaning of the GDPR, the right to be fully anonymised and removed from a platform upon request. If your username remains, you are not fully removed or anonymised.

So as I said, I think the best solution is to have a name that an admin might select (as you say, a different distinguishable name)... but it would probably still have to be generic (or auto-generated in some way) in order not to not accidentally associate the orphaned content with someone else. 

Edited February 8 by Dreadknux

[peter.schaefer]

3 hours ago, Dreadknux said:

It is a personally-identifiable piece of information that can associate me with other content online

I got your point, but it is not.

I can google for your username, but i will never know, if that same name in another place is you or anyone else. As I said the rubber hose decryption companies can under certain circumstances identify you, but not anyone else. You'r idea of the GDPR would be able to delete the internet, because all can be connected wit all and identify every one of the people around here.

By the way - the EU internet regulations are one of the dumbest and totalitarian regulations I ever saw. 

[Dreadknux]

55 minutes ago, peter.schaefer said:

I got your point, but it is not.

I can google for your username, but i will never know, if that same name in another place is you or anyone else. As I said the rubber hose decryption companies can under certain circumstances identify you, but not anyone else.

Well, as I said before, this interpretation of things will not hold up well if you're being audited about it (which is unlikely if you run a small-ish community anyway, but you know). It's pure conjecture. You can certainly try it, though. I won't stop you.

Quote

You'r idea of the GDPR would be able to delete the internet, because all can be connected wit all and identify every one of the people around here.

No, my 'idea' of the GDPR would be to simply anonymise personal data. Nothing more, nothing less. The way IPS' PII deletion feature currently works, works. That's not "deleting the internet", lol.

Quote

By the way - the EU internet regulations are one of the dumbest and totalitarian regulations I ever saw. 

I mean, sure, whatever. I don't care honestly.

I'm not trying to have an argument about this, I'm simply giving you some insight as to why a certain request, the way you made it, wouldn't be the best idea. But you don't have to agree with me. At the end of the day you can manage the PII data on your community any way you want. I wish you the best of luck with it.

Edited February 8 by Dreadknux