Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GDPR - Right to erasure or right to be forgotten #12596

Closed
mattab opened this issue Mar 6, 2018 · 2 comments
Closed

GDPR - Right to erasure or right to be forgotten #12596

mattab opened this issue Mar 6, 2018 · 2 comments
Labels
c: Privacy For issues that impact or improve the privacy.
Milestone

Comments

@mattab
Copy link
Member

mattab commented Mar 6, 2018

At a glance (source / learn more):

  • The right to erasure is also known as ‘the right to be forgotten’.

  • The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing.

Similar to the right to access data, it is needed to be able to delete data for a specific visitor. The same challenges apply as in #12595 . However, erasing the data is less critical as there is no risk that we hand out data of a person A to a person B which is actually not person A. In the worst case there is simply more data erased than needed. However, as we might use the same screen as in #12595 for this, the Matomo user will be notified about the same warnings/challenges etc.

We need to see whether we will reprocess all already archived reports after erasing some data. As most reports don’t contain any personal data unless someone uses eg custom variables, custom data, events, … . Once we have the feature to invalidate and re-process individual plugins/reports only, we could make use of that feature ideally to not needing to re-process all reports. However, the safest solution be to reprocess all reports as personal data could be present in a URL for example. In V1, we will only notify Matomo admins of the possible need to reprocess historical data.

We also need an event for this so plugins can delete data in case they store custom data that isn’t for example using the LogTable API.

In V1 or V2 we could store data about how often this has occurred per day/week/month etc.

We would also support the Activity Log feature and trigger an event whenever some data was deleted.

@mattab mattab added the c: Privacy For issues that impact or improve the privacy. label Mar 6, 2018
@mattab
Copy link
Member Author

mattab commented Mar 8, 2018

Ideally when we implement the Right to erasure, it will also cover: #3385 as this is one of our top requested features.

@mattab
Copy link
Member Author

mattab commented Apr 24, 2018

Implemented in the new Administration > Privacy > GDPR Tools page in #12558

Search for visits

search for a data subject

Delete visits

delete visits

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
c: Privacy For issues that impact or improve the privacy.
Projects
None yet
Development

No branches or pull requests

1 participant