Right to be forgotten - deleting user content which is part of a story

[beaker121]

I have a small social network style website, which has user content at its core. Forums, articles, comments and so forth.

Currently, members can hide their account which removes their profile and articles from public view, and turns anonymous their comments and forum posts. This account can be un-hidden later and everything restored.

User content in a chain (i.e. a forum conversation, or comment and reply chain) can be edited, and the edit date shown, but posts cannot be fully deleted if there are replies. This is to protect the logic of the thread, and the integrity of other users who have replied.

Even without GDPR looming, I have always believed that it's right to offer a user the ability to delete their account, but I have grappled with the logistics of this.

If I were to delete all of their content, this would leave illogical gaps in "stories", chains of comments, forum posts and so forth. However, if I didn't delete all of their user content, merely turned it anonymous, but deleted their personal details like their email address, then they would lose future control over this content.

The other option is to delete all related user content by other users, for example, all replies to a comment which I delete. My concern is that this amounts to censorship of other people, users can be very precious about their user content. In the years I have run my site, I have never had anyone contact me concerned about privacy, but people regularly contact me upset, crying censorship, if a comment is hidden by a moderator.

I'm unsure how to reconcile this. To an extent it's an edge case, but on a relatively small site, if an established user were to leave, it could lead to a vast amount of estranged/orphaned or deleted user content written by other users, depending on which approach I take.

Another consideration if deleting related content by other would be that user "ranks" are tied in part to volume of activity, from experience I know that people get VERY upset if their rank goes down.

I would be grateful of some advice and other perspectives on how to solve this quandary. Assume everything is possible from a programming perspective.

 

[beaker121]

Please note where I said "established user were to leave" I mean by that "established user were to delete their account". For some reason it won't allow me to edit my post, saying my change is "spam-like" *scratches head*

 

[Keith Budden]

If they exercise their right to be forgotten then technically all of their user generated content has to be removed (unless you could demonstrate one of the other reasons for retaining it, but in the case of a forum I would doubt this would be easy to prove). The fact it would leave gaps in the story is not the data subject's problem, they are the ultimate owners of their ugc. I would suggest if possible you find a way of inserting something along the lines of 'entry deleted at user's request.....' into the forum at the requisite points.

 

[Alan]

If they exercise their right to be forgotten then technically all of their user generated content has to be removed

I don't see the connection between user generated content and personal data, they are two separate things.

 

[Keith Budden]

I see where you're coming from, my original comment was possibly a bit too broad brush. I guess a lot depends on what was in their ugc - if it was information from which they could be identified then it would by pii data, if it was just "isn't the weather lovely today" then yes I take your point.

 

[Newchodge]

Perhaps you should ask Sift how they propose to deal with this issue on this site?

 

[beaker121]

Thanks for the replies. I discussed this with someone offline and they came up with a similar solution. In broad technical terms, I was thinking to implement this by nullifying the user content text but otherwise leave the entries in the database (no personal information, just comment ID linked to an account which has had email and other personal data wiped), with a flag on the comments to say they have been deleted. Then show some kind of placeholder message to show where in the thread or discussion, the content has been deleted by a user.

It leaves the data a bit "holey", but would avoid refactoring a lot of code, to accommodate generating these placeholders, using different kinds of database records for deleted items.

 

[beaker121]

Another sticky point is private messages, once a message is sent to someone, does it become as much theirs as the person who wrote it, or should it still get deleted?

 

[Keith Budden]

My gut feel would be with a private message, once sent it belongs as much to the recipient as to the sender, so I don't think I would stress too much about those. What you might need though is a note in your forum rules that members should not copy and paste content from private messages into public threads on the forum....

 

[James Rae]

Maybe look at how Linkedin handle it too

 

[fluffybunny]

A private message is data owned by the sender. Thus needs deleting if requested.These rights are not transferable to the recipient. If i asked facebook to close my account(i dont have one but its an example). Then my messages as well as my profile would be deleted. Its really simple if you grasp the idea that i own my data not anyone else. My choice to post my data is my choice, and one i can revoke later.

 

[beaker121]

It sounds simple, but I don't think it is.

From what you've said, emails that I send would also be my data, so I would need a way to unsend an email, or unpost a letter. So if I unsend those emails to my solicitor and everything is deleted, then I could say I never agreed to anything. Also, dealing with cyber abuse and harassment is going to become impossible if people can delete all the evidence.

Also, where people quote others, either using a quote button (where the database may record that a post has been quoted), or simply copying and pasting, or indeed copying and pasting but changing bits. Who owns the data then?

As with all things like this, the edge cases are what makes things complicated.

My main concern with all this is that, while people never contact me concerned about privacy, I am contacted several times a week with disputes between members, for example, abuse, harassment and plagiarism. Removing all content, ip addresses, everything, seriously impairs my ability to protect vulnerable members from trolls, predators, people creating multiple accounts etc.

 

[beaker121]

Its interesting because there are two conflicting debates raging. One about people taking responsibility for what they say and do online, and the other about privacy. To me they seem completely at odds with each other. My website is not like Facebook, where they insist you use your real name and can push you to show evidence of this. My site, like most others, allows complete anonymity.

 

[fluffybunny]

"My main concern with all this is that, while people never contact me concerned about privacy, I am contacted several times a week with disputes between members, for example, abuse, harassment and plagiarism. Removing all content, ip addresses, everything, seriously impairs my ability to protect vulnerable members from trolls, predators, people creating multiple accounts etc."

But this is a lawful reason for operating your business. The GDPR allows for that. However once they stop being a member they are entitled to deletion.

 

[Raw Rob]

A private message is data owned by the sender. Thus needs deleting if requested.These rights are not transferable to the recipient. If i asked facebook to close my account(i dont have one but its an example). Then my messages as well as my profile would be deleted.

As others have said, this is not necessarily true. And in the specific example of Facebook, if someone deletes their account, messages they sent to me are still available to view by me (I just checked in my account).

 

[fluffybunny]

I wasn't talking about person to person. I'm sure you can view whatever messages are sent to you. I was talking about the wider context of a personal account with say facebook. Along with the account deletion, there is an expectation that messages (being data that is part of that account) are deleted too.

 

[paulears]

How does this work with the forum style of posting where we have no idea who fluffybunny actually is? If people use their real names or daft ones, are they treated differently? Obviously on Facebook, most people use their real names, but plenty use less obvious ones to keep them anonymous. Teachers rarely use their normal names to prevent the kids finding them. Does this remove their right to have it removed. Many forums do not allow deletion of the data that's been posted because it wrecks the threads. How does the new rules impact here?

 

[fluffybunny]

The account name is irrelevant. The account contains personal data. That is all that matters for the purposes of GDPR. You should look at reddit or any type of comments section on news articles. There are plenty of cases where posts have been deleted. As to forum owners rights concerning personal data, its irrelevant. The ownership of personal data under GDPR transfers to the individual. Providing the posts contain no identifying information then you can make a case of not removing the posts (which could be challenged by the individual under GDPR), however you would still have to remove the account name i.e. identifying personal data.

 

[fisicx]

Just close their account. Their personal data is retained (but not publicly available) for legitimate interests. For example, if there was a legal dispute or to prove ownership.

Make sure your privacy policy / T&C make it clear that all posted material belongs to the forum not the member.

 

[Alan]

So if I unsend those emails to my solicitor and everything is deleted, then I could say I never agreed to anything. Also, dealing with cyber abuse and harassment is going to become impossible if people can delete all the evidence.

Don't forget erasure request can be refused, as far as I understand you have to respond with a legal basis for refusal. If you ask you solicitor to delete all correspondence relating to an agreement they can quite legitimately refuse and give their reason.