GDPR - Right to object processing of personal details
Is your feature request related to a problem? Please describe.
GDPR provides users the right to object the processing of their data (article 21). This means that an individual may want to preserve their details on the platform but object any processing of those details. This may be also needed in some cases where the user details need to be preserved on the platform for legal reasons before fulfilling the individual's request for data erasure.
Right now Decidim does not allow fully handling this use case. There are certain features that the user can control, such as:
- Disable receiving the automated newsletters
- Disable platform notifications
- Partly disable private messaging
However, these controls do not provide users the full control to object the processing of their personal data. In addition, there should be a clear place where the user could object all these features at the same time without going through multiple views to exercise their right to object the processing of their personal data.
Describe the solution you'd like
Under the account section, there should be a functionality where the users can exercise their right to object data processing for their account. Technically this means that the user account and related personal data is preserved on the platform but it will be no longer processed for any kind of purpose.
This includes e.g. sending any messages or notifications to the user, sending newsletters to the user, disabling private messaging, allowing finding the user on the platform in any way or processing the personal data for any purpose that may affect the user, unless legally required or "necessary for the performance of a task carried out for reasons of public interest".
Technically this could be implemented by adding a timestamp to the database that indicates when the user has objected the processing of their personal data. This flag could be checked before processing any kind of data regarding that user.
It may be hard to implement such feature that would fully end the processing of the personal details due to the account login functionalities because when the user logs in to the platform, the user account has to be searched from the database in order to allow logging in. I'm not a lawyer but I would imagine this is part of the "necessary" data processing if the user data is otherwise not processed for any purpose. In other words, it would be technically quite impossible to allow the user to preserve their account not being able to check from the database if their email address is there (e.g. during sign up to prevent duplicate accounts).
Another thing that might be needed for such requests is some kind of admin feature where admin users could review the objection requests and act accordingly to those. Sometimes, for example, the user details can be used also in some external systems where such objection request should also apply.
Describe alternatives you've considered
The best alternatives we have to handle this use case today is to take a manual copy of the user's data, then remove the account from the platform and finally managing this manual copy elsewhere, outside of Decidim. This is obviously not ideal because it requires manual handling of the data and also makes managing the data harder in multiple systems.
Does this issue could impact on users private data?
Yes, in a positive way. Providing users more control over how their details are processed.