faf
commented
6 years ago Well... I'm neither a lawyer, nor an EU-citizen, so I can be wrong. But I don't believe that this is really a big deal.
Mibew Messenger doesn't store any 'personal data' by default. It can ask a visitor to enter email at the pre-chat stage, but it's an option. So, one could just inform a visitor that by clicking on button 'start chat' he confirms the submission of his email for further usage. And, btw, there are no validation of the email.
Bulk erasement and export of logs by visitor's name is indeed missed. But that name is optional and non-unique. And that matters, because it is impossible to identify a person with it. Multiple visitors could make use of the same name. Maybe one could identify a person with a combination of email, ip and a name, but it's hard to tell.
Moreover, it is possible to make use of the appropriate plugin to not store logs at all (erase it immediately). As a kind of a temporary solution for people who scared of this initiative of the EU.
Maybe someday I'll create a plugin of two that will implement export / erasement of logs, but at the moment it's definitely not a primary goal for me. Though, one could send a pull request. ;)
josemi-ca
The General Data Protection Regulation (GDPR) came into effect on 25 May 2018, affecting all busineses handling europeans data (even if based outside EU).
I've noticed Mibew seems to be lacking some basic features for GDPR:
The ability to export chat logs from an user (to comply with right of data portability/access requests). Right now it's possible to search by email or name, but the list of chat conversations cant be exported.
It should also be possible to bulk delete all conversations by an user (to comply with right to erasure)
It should be possible from settings to include a link to privacy policy to accept with a checkbox to accept it, in the pre-chat creen (to comply with right to be informed)