Propose new features
Designing Decidim together
GDPR / Right to be forgotten - User authorizations metadata
List of Endorsements
Report inappropriate content
Is this content inappropriate?
We use cookies to ensure the basic functionalities of the website and to enhance your online experience. You can choose for each category to opt-in/out whenever you want.
These cookies are essential for the proper functioning of my website. Without these cookies, the website would not work properly.
These cookies allow the website to remember the choices you have made in the past
Analytics cookies are cookies that track how users navigate and interact with a website. The information collected is used to help the website owner improve the website.
These cookies collect information about how you use the website, which pages you visited and which links you clicked on.
Designing Decidim together
The piece of text below is a shortened, hashed representation of this content. It's useful to ensure the content hasn't been tampered with, as a single modification would result in a totally different value.
Value:
2f6d68f5235fc387a3bd42ced318d948bab9dd66acf1d4c17cf69fc7b6b415cd
Source:
{"body":{"en":"When the user account is removed, the authorization metadata is still kept in the database which can store user's personal data.\r\n\r\nI very well understand the reason for this as otherwise users could possibly cast an unlimited amount of votes e.g. in participatory budgeting.\r\n\r\nHowever, the problem is that the GDPR's right to be forgotten is not complied with this approach.\r\n\r\nI don't know exactly how to solve this correctly to serve these requirements:\r\n\r\n- Make sure that the user does not cast duplicate votes (with the authorization's \"unique_id\")\r\n- The authorization metadata is available for validating the votes in case there is some investigation required for the validity of the voting result\r\n- The user's personal data would be cleared after some period of time when the voting has already ended\r\n\r\nPossibly after the voting has ended, the voting could be somehow permanently \"validated\" and locked which would count the results and make it impossible to cast any further votes, even if voting would be re-enabled for the component (cannot vote after voting results have been validated). Then, after this validation, the authorization metadata could be destroyed for the deleted user accounts if they don't have any more votes in components where the voting is still ongoing."},"title":{"en":"GDPR / Right to be forgotten - User authorizations metadata"}}
This fingerprint is calculated using a SHA256 hashing algorithm. In order to replicate it yourself, you can use an MD5 calculator online and copy-paste the source data.
<script src="https://meta.decidim.org/processes/roadmap/f/122/proposals/14850/embed.js"></script>
<noscript><iframe src="https://meta.decidim.org/processes/roadmap/f/122/proposals/14850/embed.html" frameborder="0" scrolling="vertical"></iframe></noscript>
Is this content inappropriate?
You need to enable all cookies in order to see this content.
Change cookie settings
7 comments
Loading comments ...
Add your comment
Sign in with your account or sign up to add your comment.
Loading comments ...