@mattab opened this Issue on March 6th 2018 Owner

At a glance (source / learn more):

  • The right to erasure is also known as ‘the right to be forgotten’.

  • The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing.

Similar to the right to access data, it is needed to be able to delete data for a specific visitor. The same challenges apply as in #XX . However, erasing the data is less critical as there is no risk that we hand out data of a person A to a person B which is actually not person A. In the worst case there is simply more data erased than needed. However, as we might use the same screen as in #XX for this, the Matomo user will be notified about the same warnings/challenges etc.

We need to see whether we will reprocess all already archived reports after erasing some data. As most reports don’t contain any personal data unless someone uses eg custom variables, custom data, events, … . Once we have the feature to invalidate and re-process individual plugins/reports only, we could make use of that feature ideally to not needing to re-process all reports. However, the safest solution be to reprocess all reports as personal data could be present in a URL for example. In V1, we will only notify Matomo admins of the possible need to reprocess historical data.

We also need an event for this so plugins can delete data in case they store custom data that isn’t for example using the LogTable API.

In V1 or V2 we could store data about how often this has occurred per day/week/month etc.

We would also support the Activity Log feature and trigger an event whenever some data was deleted.

@mattab commented on March 8th 2018 Owner

Ideally when we implement the Right to erasure, it will also cover: https://github.com/matomo-org/matomo/issues/3385 as this is one of our top requested features.

Powered by GitHub Issue Mirror