amilah-a
commented
1 year ago Open InezMc opened 1 year ago
amilah-a
commented
1 year ago amilah-a
commented
1 year ago https://github.com/vector-im/riot-meta/issues/163 Check for completion.
amilah-a
commented
1 year ago https://github.com/vector-im/riot-meta/issues/164 Check for completion. What happens when someone clicks on the deactivate button. What data is actually erased and what lingers?
amilah-a
commented
1 year ago amilah-a
commented
1 year ago https://github.com/vector-im/riot-meta/issues/166 WIP (see issue)
amilah-a
commented
1 year ago https://github.com/vector-im/riot-meta/issues/167 Check for completion.
amilah-a
commented
1 year ago https://github.com/vector-im/riot-meta/issues/168 Check for completion. Seems related to several other issues.
amilah-a
commented
1 year ago https://github.com/vector-im/riot-meta/issues/169 Check for completion. Likely related to other issues.
amilah-a
commented
1 year ago amilah-a
commented
1 year ago https://github.com/vector-im/riot-meta/issues/175 Check for completion? Or possibly duplicate?
amilah-a
commented
1 year ago https://github.com/vector-im/riot-meta/issues/176 Check for completion.
amilah-a
commented
1 year ago https://github.com/vector-im/riot-meta/issues/178 Check for completion. Likely a duplicate or has overlap with another issue.
amilah-a
commented
1 year ago https://github.com/vector-im/riot-meta/issues/194 Check for completion.
InezMc
commented
1 year ago It can also mark the user as GDPR-erased. This means messages sent by the user will still be visible by anyone that was in the room when these messages were sent, but hidden from users joining the room afterwards.” (see Admin API documentation)
InezMc
commented
1 year ago We have been made aware that customers are requesting GDPR tooling around deletion.
InezMc
commented
1 year ago There is a discussion currently happening of concerns around PII linked to the MX ID and the benefit of some kind of pseudomisation. CC @simaddis
What are the current technical limitations within synapse around deletion. Why are these the case and what would happen if the mxID were removed.
Would any of the new tooling eg auditbots break if mxID is removed, pseudomised or deleted?
Your use case
GDPR lists the right to deletion / erasure. We are not adequately allowing for users and customers to enact this right.
There are many places where 'deletion' of user content could be done better. Including federation of redactions.
The Admin API on account deletions https://matrix-org.github.io/synapse/develop/admin_api/user_admin_api.html#deactivate-account
Steps towards GDPR compliance
For Individual on Matrix: Self serve erasure Tooling
Customers Tooling
Education Documentation
Additional context
Currently you can deactivate an account. Deactivating an account does not free up the username, and does not delete user messages, but we do delete all other local user data : Deactivating “(…) removes active access tokens, resets the password, and deletes third-party IDs (to prevent the user requesting a password reset).
It can also mark the user as GDPR-erased. This means messages sent by the user will still be visible by anyone that was in the room when these messages were sent, but hidden from users joining the room afterwards.” (see Admin API documentation)
Are you willing to provide a PR?
No