Compliance with the The EU General Data Protection Regulation (GDPR)

[lpatmo]

General Data Protection Regulation (GDPR) is a new regulation which applies to anyone in the EU, but also to anyone who collects and processes data from EU residence. If your website has EU users, this affects you.

See: https://www.eugdpr.org/

Right to Access

•    What information / data are you collecting from me?
•    What is its purpose?
•    To whom are you sharing the data (e.g. third parties)?
•    What is the origin of the data?

Data Portability

Delete functionality

[nalbina]

What happens when we delete our account at codebuddies? Would all hangout participations in the past also have my name pruned?

[distalx]

What happens when we delete our account at codebuddies?

All the information related to account holder(learning hangouts, studygroups) gets soft deleted. We archive user's profile (id, email, username) information into a separate collection.

Would all hangout participations in the past also have my name pruned?

Hangout created by you will be soft deleted but if your an attendee of some hangout your avatar will still appear on that hangout. Still avatar would be clickable, but the link to your profile would be dead.

[distalx]

This article covers some of the technical aspects: https://techblog.bozho.net/gdpr-practical-guide-developers/

[billglover]

It looks as though many of the DB collections could fall within scope, the the fact that we don't have a users collection is a great start.

• soft delete -> hard delete?
• deleted user -> anon 'former' user?
• what logs/data do we collect, why, for how-long?
• archived_users appears to be admin only but may need some clean-up
• the profile page looks to be a good summary of much of the data, do we need to build an export template?

These are just the initial questions from someone unfamiliar with the code base.

[distalx]

@billglover, Thank you for raising those questions.

It looks as though many of the DB collections could fall within scope, the the fact that we don't have a users collection is a great start.

We do have a users collection. It is a system defined collection (defined by account-base package). So you wouldn't find it under collections.js. users collection is attached to the global Meteor object.

soft delete -> hard delete? deleted user -> anon 'former' user?

I think we should absolutely do delete data where it's possible. If not possible then pseudo-anonymization it. AFAIK Under GDPR, One can keep information for 1) Archiving purposes in the public interest. 2) Defence of legal claims (If the dispute arise over some issue in future).

what logs/data do we collect, why, for how-long?

logs

• nginx error log (system generated)
• nginx access log (system generated)

data

• user's email address. (to send notifications, and authentication purpose)
• user's avatar. (to display as a profile picture)
• apart form these user can add links of social media profiles.

archived_users appears to be admin only but may need some clean-up

👍

the profile page looks to be a good summary of much of the data, do we need to build an export template?

This is really good idea.

[lpatmo]

Thanks @billglover, @distalx, and @nalbina for your comments and advice/thoughts here.

My thoughts on actions:

1) [X] We need to obtain the consent of EU subjects to collect and use their data, who must positively opt in. Proposal: show a checkbox next to a submit button on the header on the navbar. If a user checks the checkbox and clicks on "submit," the header will disappear.

2) ✅ ++ on adding an export link on the profile page We can use https://atmospherejs.com/harrison/papa-parse

Note: I've added the ability to download data from the user profile into a CSV in https://github.com/codebuddies/codebuddies/pull/885. There's a bug I haven't figured out, though: we need to flatten nested objects.

Meteor.users.find({}).fetch() returns a nested object. If we don't flatten it, the CSV will look like this:

_id,profile,username,createdAt,email,roles,status
ch2p3hWbc54rx2Luw,[object Object],lpatmo,Mon May 21 2018 00:47:09 GMT-0700 (PDT),email@example.com,[object Object],[object Object]

I tried using a flatten function and the console logs looked OK, but when I applied it like const csvString = Papa.unparse(flatten(Meteor.users.find({}).fetch())); my CSV turned up blank. Don't know what's up with that.

3) [X] Yes, we'll need to work on hard-deleting data (making sure all discussions and groups associated with a user are deleted too when the account is deleted). See: #848

4) ✅ I've updated our privacy policy and TOS to underline the age (16) requirement and made clearer exactly how we're collecting user information in https://github.com/codebuddies/codebuddies/pull/885.

5) ❓ Do we need to let users edit their username as well as their email address and avatar on their profiles? I'm not sure if editing email will break the Slack or Github integrations.

6) (FUTURE) Right now our newsletter (which we haven't sent in a few months) is on a TinyLetter. When we start sending newsletters via Mail for Good (which'll be more integrated with site users), that's when we can ask EU subjects to opt in to future emails by managing their preferences on the Settings page on the site. I don't think we need to send out an email to the Tinyletter now to ask for opt-in.