Open kentsigurdsen opened 4 years ago
We probably need to split this up. We have a general GDPR-issue with pictures, so we should really delete all pictures. I suggest we do this for TG after the main recruitment period is over. But this is a TG-thing.
The second is that we need to fix permissions in general. Only people in the crew should see pictures, regardless. And this needs to be event-specific. (e.g.: tg20-crew should not see pics for tg19-members)
The third is that we should ideally have auto-prune, where a user can provide a drop-down when uploading a picture. "Delete X months after event, delete after 2 years of inactivity, keep forever/until I delete".
I suggest this specific issue be used for the second case?
I made #20 for the permissions issue. Probably better to stick to the title for this issue.
Auto-pruning could be a neat feature, but how about defining these properties in the event itself? Set event duration and such when creating the event, and include a "prune" date for sensitive data. Could automatically delete the medical or needs information based on this date for example.
Small update on this. When migrating to new TG20 wannabe hosting we plan to only move only profile images for users with activity the last x years. This will be a one time prune, but might also lead to some related PR's with part of the tooling used during that process.
If you have access to an event you can search for crew pictures, even if they have been inactive as crew members for multiple years.
I have two suggestions to solve this problem: