@sgiehl opened this Pull Request on May 9th 2018 Member

fixes #12864

@tsteur commented on May 9th 2018 Member

FYI: We still have to mention the data retention period they should enter in a privacy notice, consent notice, or privacy policy.

This would be usually whatever is higher - aggregated reports or raw data retention rate. If the delete reports delete all reports except the numeric reports, then we only show the raw/log data retention rate to be used for this. That's because aggregated reports still contain personal information and therefore need to be included in the data retention rate.

@mattab commented on May 10th 2018 Member

Maybe we should add a sentence below the bullet points "Data retention policy can be set by a Super User." with the link only there for Super Users.
(IIRC the page "Anonymise data" is not visible to admin users)

@tsteur I would only mention both and let users pick the one they need depending on their needs and requirements. we can't really go into more details for them, because they may not have PII (user id, custom dim) in their aggregate reports and then would only need to mention the raw data retention.

@tsteur commented on May 10th 2018 Member

@tsteur I would only mention both and let users pick the one they need depending on their needs and requirements. we can't really go into more details for them, because they may not have PII (user id, custom dim) in their aggregate reports and then would only need to mention the raw data retention.

the thing be to at least educate them on helping to make a decision. Nobody can realistically know which one to pick so we need to help our users.

@sgiehl commented on May 10th 2018 Member

I'm fine with changing it again, just let me know what exactly to change/add.

@tsteur commented on May 10th 2018 Member

We would only need to add a message. Like "The overall data retention rate for your privacy policy is the raw data retention rate. Please note that aggregated reports may contain personal data as well. If you are using features like User ID, Custom Variables, Custom Dimension, or track personal data through other events such as events, page URLs or page titles, etc, then the overall data retention rate is the data retention rate that is higher. "

In reality, people sometimes track different websites and for some pages, they may have personal data in aggregated reports and for some not.

btw: I don't know if you use "Log data" somewhere, but lets maybe always use raw data instead as this is better understandable for people that don't know our tables etc are called "log" and also in general?

@sgiehl commented on May 13th 2018 Member

we use log data in some other translations in PrivacyManager. Should we replace it with raw data at all occurrences?

@tsteur commented on May 13th 2018 Member

Makes sense I would say @mattab ?

@mattab commented on May 13th 2018 Member

Sounds good to replace wording by raw data :+1:

@diosmosis commented on May 18th 2018 Member

Not sure why but I'm getting weird results when I test this. If I set the "Delete old visitor logs" entry to 180 days & don't delete report data:

image

image

It says it will never delete raw data & will delete report data if > 1 year 5 months:

image

I think for the aggregated data section at least, it's not checking if the report deletion feature is enabled?

@diosmosis commented on May 18th 2018 Member

If both features are enabled:

image

image

then the gdpr overview says it will delete raw data, but it gets the number wrong (13 days instead of 182, I think it's using the wrong setting):

image

Powered by GitHub Issue Mirror