Vés al contingut principal

Configuració de les galetes

Fem servir galetes per assegurar les funcionalitats bàsiques del lloc web i per a millorar la teva experiència en línia. Pots configurar i acceptar l'ús de galetes, i modificar les teves opcions de consentiment en qualsevol moment.

Essencials

Preferències

Analítiques i estadístiques

Màrqueting

GDPR / Right to be forgotten - User authorizations metadata

Avatar: AH
AH
When the user account is removed, the authorization metadata is still kept in the database which can store user's personal data. I very well understand the reason for this as otherwise users could possibly cast an unlimited amount of votes e.g. in participatory budgeting. However, the problem is that the GDPR's right to be forgotten is not complied with this approach. I don't know exactly how to solve this correctly to serve these requirements: - Make sure that the user does not cast duplicate votes (with the authorization's "unique_id") - The authorization metadata is available for validating the votes in case there is some investigation required for the validity of the voting result - The user's personal data would be cleared after some period of time when the voting has already ended Possibly after the voting has ended, the voting could be somehow permanently "validated" and locked which would count the results and make it impossible to cast any further votes, even if voting would be re-enabled for the component (cannot vote after voting results have been validated). Then, after this validation, the authorization metadata could be destroyed for the deleted user accounts if they don't have any more votes in components where the voting is still ongoing.
Comentari

Confirmar

Si us plau, inicia la sessió

La contrasenya és massa curta.

Compartir