Hello to all GDPR specialists,
As the author of several Moodle plugins I want all of them to support the Moodle privacy API for May 25th.
The only real problem I have is for My "Question Creation" activity module (mod_qcreate)
In this activity students create question and they receive a grade made by aggregation of an automated grade based on the number of questions that they have created and a manual grade given by teachers that grade their questions and (optionally) give a comment.
Currently my function to erase user data
- don't really erase questions created but just anonymise the userid of the question creator (well in fact this is not my decision but this is how the question component privacy code works, so just declaring that my module use the core question component does that).
- erase manual grades received by a student for the questions they created
- if the user submitting the request to erase data has graded any question, I anonymise the grader id and suppress the comment in the grade record.
Do you think this is the right thing to do or should I also completely erase the grade for a teacher request ? This seems incorrect to me as the grade value also belongs to the user graded, but maybe I am wrong ?
Thanks for your help.