User delete own account: explicitly list the entities ( comments, alerts, ... ) that will be removed
Opened this issue · 4 comments
I discovered this while trying to manually remove a user in the admin (see #179). Adjustments needed with on_delete on the models?
Now that #181 is fixed, I was able to delete accounts (after manually removing the two observation comments). It would still be better if that was done automatically, though.
I can very easily change the system so the comments are automatically deleted when we delete a user, but is it a desirable behaviour? We might lose some valuable contents there (Imagine there's an actual discussion taking place for an observation, and half of the comments disappear).
If we want to avoid that, I see two possible options:
- Alter a the model (allow NULL in comment/user relationship) so when a user is deleted, is comment is kept (and displayed with something like
posted by <deleted user> on ...) - take the habit to actually never delete users, but disable them instead (so they cannot login anymore). I am not sure if this is GDPR-compliant.
Thanks @niconoe to point this aspect.
First of all, I don't think long and interesting discussions will take place here. At least, it never happened and it will be unlikely to happen.
Second, I think that even your first option is not GDPR compliant. It's a right of any user to delete ALL kind of informations he/she provided via its own account. Just to give an idea, the same applies to iNaturalist accounts: see screenshot below taken from the delete webpage related to my account.
As you see, by deleting my account I would remove all my 110 comments as well.
Maybe such kind of page could be shown to the user willing to delete an account? Something more than just "are you sure"?