Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GDPR - Right to rectification #12597

Closed
mattab opened this issue Mar 6, 2018 · 2 comments
Closed

GDPR - Right to rectification #12597

mattab opened this issue Mar 6, 2018 · 2 comments
Labels
c: Privacy For issues that impact or improve the privacy.
Milestone
3.6.0

Comments

@mattab
Copy link
Member

mattab commented Mar 6, 2018

At a glance (source / learn more)

  • The GDPR gives individuals the right to have personal data rectified.
  • Personal data can be rectified if it is inaccurate or incomplete.

Similar to #12596 and #12595 we want to allow users to update any data that is currently stored in the database. After identifying a user see #12596 and #12595, we could show a list of all known log tables and their respective columns. The Matomo user could see for example a list of all tables, when selecting a table, the user would see a list of all columns in that table. As most columns are defined in dimension classes, we actually have readable names and some description for each dimension there. If we don’t want to let users edit all fields, we could add a new property “holds potentially personal data” to show only these. However, easiest and most flexible way be to really show all fields.

We would need to see here as well regarding re-processing this data afterwards. In V1, we will not re-process historical data.

We ideally also have an event for plugins to support this feature in case they store personal data outside of log tables.

In V1 or V2 we could store data about how often this has occurred per day/week/month etc.

We would also support the Activity Log feature and trigger an event whenever some data was changed.
@mattab mattab added the c: Privacy For issues that impact or improve the privacy. label Mar 6, 2018
@mattab mattab mentioned this issue Mar 6, 2018
Closed
@mattab mattab added this to the 3.5.0 milestone Mar 27, 2018
@mattab
Copy link
Member Author

mattab commented Mar 27, 2018

We are considering that the Right to rectification, could be offered in Matomo via the new Personal Data Anonymisation & Removal tool for analytics raw data - GDPR compliance #12641

Therefore we are considering letting Super Users delete particular fields of users, but not "Edit" the data. This should be good enough to ensure GDPR compliance when users exercise their right to rectification. Maybe in the future Matomo would offer ability to "Edit" previous metadata (and not Delete), but we don't consider it necessary as part of GDPR compliance.

@mattab
Copy link
Member Author

mattab commented Apr 24, 2018

Right to rectification:

Anonymise all past data

we've decided to implement both a Data anonymising tool that will update all previous date (in a given date range):

anonymize previously tracked raw data

We've also Implemented in the new Administration > Privacy > GDPR Tools page in #12558

Search for visits

search for a data subject

Delete visits

delete visits

@mattab mattab closed this as completed Apr 24, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
c: Privacy For issues that impact or improve the privacy.
Projects
None yet
Milestone
3.6.0
Development

No branches or pull requests
1 participant
@mattab