Cog-Creators / Red-DiscordBot

A multi-function Discord bot
https://docs.discord.red
GNU General Public License v3.0
4.8k stars 2.31k forks source link

Privacy API #3239

Closed LGACode closed 4 years ago

LGACode commented 4 years ago

Feature request

Select the type of feature you are requesting:

Describe your requested feature

Would like to see Red implement a Privacy API so that cog creators can hook their cogs up to it and be more GDPR and Discord ToS compliant.

Relevant Discord API ToS sections: Sections 2.2.v, 2.4, 2.5.c, 2.5.d, 2.5.f, and Section 13 https://discordapp.com/developers/docs/legal

Functionality should include:

Obviously Discord has not enforced these terms in the API ToS because I've never in my life seen a bot with the ability to delete End User Data upon request, or check for data that is associated with accounts that are deleted and remove that data within 7 days, both of which are requirements according to the Discord API Terms of Service:

You shall delete all End User Data upon Discord’s or the End User’s request and within seven (7) days following the End User’s termination of the End User’s account. You may only retain chat logs as necessary for the operation of your Applications. Discord’s offering of an API or SDK that allows you to reproduce or display End User message content is not an express or implied license to such content from Discord.

However I believe we as a community have an opportunity here to provide tools for people to "do the right thing", even if there's no fear of violating the ToS.

Bakersbakebread commented 4 years ago

This seems like a sticky situation to start getting involed in.

Red (core) is only storing data collected from Discord (such as profile information or information from messages; anything that Discord delivers to bots).

The right to be forgotten, as enshrined in the GDPR under Article 17, does not allow an individual to simply assert that any data that exists must be deleted. The GDPR specifically states that the right to be forgotten does not apply insofar as the processing is necessary to the exercise of freedom of expression and information (Art. 17 Section 3). Discord processing data about messages as a communications platform is kinda what they need to do...

Discord have done a fantastic job in ensuring that as little information is required from you, no DOB, address, Social Security - nothing personal. It doesn't expose this information to Red bots, either.

I don't think that (core) should implement such a feature, but encourage that if a Cog Author is writing a Cog that could be potentionally seen as "invasive" or "illegal" under privacy concerns, they are outlawed / reported to Discord T&S.

LGACode commented 4 years ago

The sections I referenced in the API ToS have more strict requirements than the GDPR, such as requiring bots to delete what they define as "End User Data" in Section 2.4 within 7 days of the account being deleted. The point that I'm trying to make is that Discord has conditions in its ToS that I don't think any bot is following so far.

mikeshardmind commented 4 years ago

Core Red doesn't store anything which qualifies under those sections. I also don't think Discord has ever sent a bot one of those notifications.

LGACode commented 4 years ago

I also think that your blanket statement on outlawing cogs seen as "invasive" is not a good stance to take. One of the many cogs I have a bounty out for is to implement an analytics function to find out how much activity and engagement your Discord server is having over time. Cogs like these that capture analytics cannot be properly implemented while still being legal or adhering to the ToS without a Privacy API.

CURRENTLY core does not collect data like this both of you are correct, but if something like this is not implemented it stifles innovation for future cogs.

LGACode commented 4 years ago

Core Red doesn't store anything which qualifies under those sections. I also don't think Discord has ever sent a bot one of those notifications.

Plenty of quote cogs and other message storing cogs do though. Badly coded quote cogs store the User Name along with the message contents, which counts as End User Data. Even without usernames, simply storing the User ID counts as "message metadata" under Section 2.4.

There is a clear distinction between End User Data (as defined by Discord), and Personally Identifiable Information (as defined by the GDPR). I'm not arguing if we're storing PII, I'm arguing if we're storing EUD. Core cogs do not store any PII, core cogs may be storing EUD.

mikeshardmind commented 4 years ago

I don't think it does.

For the record on this, I think some user data fetching (for packaging like GDPR) / deletion request handlers (etc) could be useful in core Red for cogs to make use of.

However, until discord actually sends a data deletion request, nobody is bound by those sections. A user can't confirm they are the deleted user requesting it, it has to come from Discord.

It's likely to get added eventually, but under the current circumstances, there isn't much of a rush for it either.

Bakersbakebread commented 4 years ago

I understand the differences between PII and EUD and also your concerns go advocate privacy, I also agree with it. Which is why I reached out to discord and asked them, specifically this:

Sep 16, 05:10 PDT Email to discord

To which they replied: Discord reply

I agree with Sinbad above, it definitely is something that would be useful to implement but is low priority / not feasible at this moment.

Drapersniper commented 4 years ago

In regards to deleting the data discord will contact the bot owner to let them know if they need to delete the data if any is required to be deleted (in regards to data having to be deleted within 7 days of account deletion)

In addition to this user ID and the such is NOT EUD, upon an audit of core cogs EUD is stored in 3 places of which one has explicit content from the user. One has a PR to remove it as it is no longer required and the other is in talks. But as I mentioned this data would only require to be removed if discord contacts the bot owner to remove such data.

Flame442 commented 4 years ago

Freezing this until we have a more formal plan for creating APIs and until after the higher priority APIs have been created.

mikeshardmind commented 4 years ago

This will be worked on, and is on my personal todo list for the bot.

It needs much more discussion before it gets started code wise, and we also want to try the design of it with a simpler prospect first.