Open Louis-wr opened 2 years ago
Louis-wr
commented
2 years ago id | affiliation | email | firstname | lastname |
position | superuser | useridentifier | emailconfirmed | createdtime | lastlogintime | lastapiusetime
| deactivated | deactivatedtime
philippconzett
commented
2 years ago Is this about the metrics database? If so: We should not remove this kind of personal data. Instead we should add the following purpose of processing of this kind of personal data to the Data Privacy Statement section of the DataverseNO Access and Use Policy (https://site.uit.no/dataverseno/about/policy-framework/access-and-use-policy/) as highlighted with bold style in this table:
| Types of users | Description | Purpose of registration and processing |
|---|---|---|
| Users (depositors) | Users who register metadata and upload files to the repository. | Administration of the Service including maintenance of content and configuration of access to functions and content. Registration of resources in the repository. Users must be registered with their identity to acquire rights to deposit data in the repository. |
This is a perfectly legitimate reason to process personal data of this type.
philippconzett
commented
2 years ago In addition, we need to add that metrics database is deployed in the same cloud service (Azure) as the rest of the DataverseNO cloud deployment.
Check GDPR compliance if we remove names and emails.