These are just two of many examples. Every online platform has this option to easily delete your account yourself. Why not us here?
Other Comments
At least from a GDPR perspective, a complete deletion of all personal and owned data must be easily possible. Probably a PM to the admin is enough from a legal perspective, but why so complicated? Why canât users simply delete their account at the push of a button like they can on any other online platform?
Are there any particular reasons for making it as difficult as possible for the user as it is currently handled?
Do we want to prevent account deletion by any possible means? If yes, why?
There is a similiar plugin for make it easier, but not to do it by yourself:
There is already option to delete entire OSM account if I am right.
Providing option to delete just community.openstreetmap.org part of OSM account may be nice (as long as it does not enable block evasion etc) but is in no way required by GDPR.
AFAIK they can already do it with OSM account in its entirety. Not idea is it handled as expected by the forum.
Yes that is correct, however as far as I interpret the information correctly, this only deletes the account on the openstreetmap.org site and not here in Discourse. Or am I completely wrong?
In case it was misleading, Iâm talking here in this post about deleting the account in Discourse, not on osm.org
According to Art.17 - EU-DSGVO - âRight to erasureâ, every user within the EU has the right to have all their data deleted. (Link)
I am not a lawyer, but â[âŠ] the right to obtain from the controller the erasure of personal data concerning him or her without undue delay [âŠ]â is already ârequired by GDPRâ in my eyes. Or am I misinterpreting here again?
In addition, it also says âwithout undue delayâ again in writing. The question is whether a court has already decided what âundue delayâ means. In case of doubt, however, this requires the immediate deletion, which would not be legally effective by the detour via a DM.
That the GDPR also expects a simple way for a user to download all their data at once, Iâll leave out here.
This is repetitive now, but will my entire forum (Discourse) account be deleted, including all the data and information I have written, if I delete my account on openstreetmap.org? I just canât find that specific point on this site. Please help me where it says that. If thatâs the case, should that definitely be added there or not?
I donât know, but if there is an issue with that itâs much more likely to get actioned if you prove that thereâs a problem (create new OSM account, test post to Discourse, delete new OSM account) than if no-one is sure whether there is a problem or not.
I just tried it with a new user. After deletion my Discourse account still exists, but it is temporarily on hold. That means I canât post anything anymore, but my posts are still there.
Of course, the question is also why we do not distinguish between the forum and the map. Why do I always have to have my forum posts and my map posts deleted together? Why canât this be done separately?
I have to correct myself. The first account was put âon holdâ because I wrote something with âtestâ. The second account is not affected because I did not use a trigger word.
account is deleted, OSM edits are not deleted (and OSM can do this). In case of users breaking rules and adding GDPR-covered data to OSM database it can be hidden (DWG should be notified)
Once you log-off here you wonât be able to log-in again. AFAIK, there is no mechanism that informs the forum about deleted account, only the auth system that allows you to log-in or not.
So to sum up the whole issue:
It is not possible for a user to simply and immediately delete all their data here on the forum.
It is my right to have ALL my data deleted. This also includes my self-made postings here. To what extent this is a violation of the GDPR, I am not able to judge, since I am also not a lawyer, but my understanding tells me that this could already be one.
Yes, but if I never delete my cookies again, I can operate with a deleted account until forever.
But my username should be deleted / anonymized and all data attached to my account should be deleted. And someone should check all my forum postings if there is any personal information posted.
EDIT: Since none of us here is a data protection lawyer. Does the OSM(F) have a data protection officer who takes care of such things?
Weâre also going in circles a bit here. Some people want to delete their account here, which only a handful of people can do here and for this reason there have already been âcomplaintsâ, at least in the German forum. Since the deactivation in this case took some time, this already passes " Without undue delay " from my point of view.
Here are the options I see at the moment:
all moderators should be able to deactivate / delete users here in the forum to grant a faster response time.
users should be able to delete / deactivate themselves.
we should clarify at a higher instance, how exactly we are subject to the GDPR here. I think that would also be in the sense of OSMF, because in doubt threatens a lawsuit.