User deletion not GDPR compliant : personal data not deleted (lastip)

User deletion not GDPR compliant : personal data not deleted (lastip)

by Dorel Manolescu -
Number of replies: 3
Picture of Plugin developers

Hi

When deleting a user from user interface (probably for web-service also) not all the personal data is deleted or scrambled. (example lastip, phone, address ...). This is not GDPR compliant.

Steps to reproduce:

1) create a user with personal data like phone, address, url

2) login as that user - lastip will be stored

3) delete the user

4) email and username are scrambled, but the other personal data is still there. 

Affected versions : probably all. (I tested in 3.5, 3.4, 3.3)

Tracker issue created:  https://tracker.moodle.org/browse/MDL-62830 and code added.

Regards


Average of ratings: -
In reply to Dorel Manolescu

Re: User deletion not GDPR compliant : personal data not deleted (lastip)

by Davo Smith -
Picture of Core developers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

There is a question around whether or not this is personally identifiable data, if the username (and first/last name?) has already been removed? For instance, I would point out that the webserver logs almost certainly still include a list of IP addresses that have accessed the site, but that wouldn't be considered personal data (or would it?)

I could also imagine good reasons why you might want to store the last IP address that a particular user account used, in order to perform security audits (which might be a required part of due-diligence and keeping the data on the site secure; which is, of itself, a part of the GDPR).


Average of ratings: -
In reply to Dorel Manolescu

Re: User deletion not GDPR compliant : personal data not deleted (lastip)

by Adrian Greeve -
Picture of Core developers Picture of Moodle HQ Picture of Peer reviewers Picture of Plugin developers Picture of Plugins guardians Picture of Testers

Hello,

The process to exercise the user's right to be forgotten (The user requests to have their personal data deleted) and privacy by design (user information is only kept for as long as it is needed) in Moodle are not done by just going to the user administration screen and deleting them.

A request needs to be be made. This can be done from the user's profile, of if an admin, from the data requests page (Site administration > Users > Privacy and policies > Data requests). The reason for this process is to clean all of the student's data from the site.

Most of the user's information is removed apart from critical information needed to prove in an audit that all data requests were complied with.

The last IP address is not critical and so is deleted.

Average of ratings: -