GDPR - actively clean up rejected comments older than 1 year about talk HOT 4 CLOSED

Hi there,

Thanks for the suggestion! Can you clarify what you mean by "To be GDPR compliant we have to cleanup rejected comments of users that are posted > 1 year ago."?

(I'm assuming you're using the GDPR API endpoints/features already in our code: https://docs.coralproject.net/gdpr )

Thanks!

from talk.

Yes, we're already using the suggested GDPR API endpoints. This is for when a user decides to act on his right to be forgotten or his right of access.
However, the project I work for also requires to actively cleanup private data of inactive users.
In our case that woud be to remove rejected comments that are older than 1 year. I'm not entirely sure if it's an European law or just our company policy.

from talk.

Got it. As far as we're aware, there's no European law that says you have to remove old rejected comments, and so that's not a feature we're looking to build (let us know if you know differently). It might be the other way around – rejected comments still belong to commenters, so should be included in any GDPR data request as they may contain something broadly included under "personal data". Maybe the situation is that your company doesn't want to deliver older comments to users, so is proposing deleting them so they can't be sent?

We do some archiving to improve performance on our larger SaaS clusters but this sounds like it's something different from that, as we still include archived comments in any GDPR data request output.

If your goal is to clean up inactive users to reduce the size of your DB, I'd suggest simply deleting them. (And if the problem is that many are spammers, GDPR doesn't apply to non-persons.)

Coral will struggle to adjust if you remove individual comments from the DB so you could replace the comment body with "[comment removed]" or similar.

Does that help?

from talk.

Since this isn't a GDPR requirement, I'm going to close this ticket.

from talk.