Security and privacy

GDPR / data registry / data deletion plugins - questions, discussion and experiences

 
Picture of stefan weber
GDPR / data registry / data deletion plugins - questions, discussion and experiences
Plugin developers

I would like to have some discussion / comparison about how people ended up implementing the GDPR plugins at their sites, and maybe have some questions answered in the process.


Our implementation

School: Austrian university with around 6000 active students
Moodle: 3.4.3
Current Data policy / purposes:

  • Users will be deleted after 1 year of inactivity
  • No current policy on course content


Problems / Experiences

  • Since implementing the GDPR plugins and site policy on May 25th, we only had 2 data requests and no deletion requests from users
  • We now have over 6000 inactive user accounts waiting for deletion, but I havent gotten around to actually deleting them, because I was hoping that the deletion lists get improved, or maybe get around improving them myself (see https://tracker.moodle.org/browse/MDL-62590). I don't want to delete such a massive amount of data without re-checking it, but the current list makes it impossible (cant export, sort, or display all on one page) - how have others handled this? Is there a good way to pull this data out of the database directly?
  • We discussed setting a retention period for course content, but it seemed impractical to start deleting information from old courses that students can still access before they even finish their degrees - how have others handled this? what policies are you using?


Questions

  • Is there any exhaustive documentation on the GDPR plugins? I find the current documentation in the moodle docs severely lacking in depth, I couldnt find any answers to any of the questions below
  • What happens if a user or course gets flagged for deletion, but afterwards the criteria changes, for example
    • A user is flagged for deletion because he is inactive for >1 year, but then logs on again before he is actually deleted - does he get removed from the deletion list?
    • Course content is flagged for deletion, but then the teacher changes the course end date so it is within the retention period - does the course content get removed from the deletion list?
  • How exactly does course content deletion work?
    • Does it really only delete personal data from activities? What exactly gets deleted? Is there any documentation or list out there that shows exactly what gets deleted?
    • What happens if all the personal data gets deleted from a course, the course is removed from the data deletion list, but then new personal data is added - for example, after a retention period of 1 year, all forum posts are deleted, but then a student goes back to that course and adds another forum post - will the course immediately show up on the deletion list again?
  • What process actually deletes content after I press delete in the data deletion list? Does it get deleted immediately, or by the next cron job? Is deletion logged anywhere?
  • It seems to me, that the whole implementation of GDPR right now is pretty bare and rushed, which is understandable, since everyone was in a hurry to meet the 05-25 deadline. Are further features planned or already requested or even needed by other persons, such as
    • A usable data deletion list (see above)
    • The possibility in the data registry to assign purposes / data retention periods to specific types of modules, for example assign a specific purpose to all quizzes in all courses?


Thanks in advance for any input, I hope to get a good discussion going that benefits everyone, now that some time has passed after the general rush to implement the GDPR plugins.

 
Average of ratings: Useful (2)
Picture of Howard Miller
Re: GDPR / data registry / data deletion plugins - questions, discussion and experiences
Core developersDocumentation writersParticularly helpful MoodlersPlugin developers

Moving to Security and privacy forum...

 
Average of ratings: -