People can view/delete their data? (GDPR)
One of the more technically complicated aspects of the new General Data Protection Regulation (GDPR) is the issue of allowing visitors to view, download their data and/or request that it be deleted.
It’s one of those things that is easy for bureaucrats to mandate… because they have no earthly idea what that actually means in terms of technical implementation. And honestly, they don’t care.
Essentially, it comes down to this…
Users need to be able to view and modify the data they submit to you.
Get THE EDGE Sent To You Every Monday!
Be sure to subscribe (for free) to have The Edge sent to you automatically every Monday morning. There’s some extra goodies in the email version you won’t find here in the archives. Just sayin’. 🙂
You will not be redirected from this post when you subscribe, so you can keep reading.
Users should be able to request they be deleted (aka the “right to be forgotten”).
Now, this is easy with some systems. For instance, a membership site like mine gets people’s data when they sign up for a course or a membership. When a member is logged in, they can view or edit their own data on their account page. And, if for some reason they asked to be deleted, I can do that.
Where things get a little fuzzier is with other systems that don’t provide view permissions to end user. Examples:
Blog comments. It isn’t as if it is normal to give visitors the ability to view every comment they’ve made, make a change, or delete them. Currently, even if we wanted to delete all comments from one user, it’d be a pain to do it.
Email Lists. Many opt-in form creators record the data submitted for the purposes of analytics. Also, when a person subscribes from an email list, they are not deleted automatically. It takes an additional step by the list owner to do that.
Aggregate data. All web servers collect visitor data in aggregate. It is not personally identifiable, but we get it. And it is unreasonable to expect to be able to delete analytics data on any one individual user.
The good news, tho, is that you are not on your own on addressing this GDPR requirement. Plug-ins are coming to the rescue.
Several Wordpress plug-ins have already come out to allow visitors to view their data:
GDPR (this one looks a little geekier, but flexible)
WPGDPR (this one, apparently, is going to soon be integrated right into Wordpress core, so everybody will have it)
Anyway, these plug-ins are making it easy to get consent on various forms across your blog. But also, they’re making it so that visitors can seek their data as a self-service. A visitor will have a screen on your blog where they enter their email address and can then pull up data they’ve submitted (like all blog comments). They can then download/update it or request that it be deleted.
I’m also seeing integration into some other plug-ins, such as Gravity Forms. So, when a visitor performs this action, it will also query the Gravity Forms tables for submissions tied to their email address.
List building plug-ins like Thrive Leads are going to be getting updates soon, too. One of the primary things is to allow checkboxes for consent. But, also, to allow to query any stored data by email address and allow it to be downloaded/deleted.
You’re going to see updates across many different plug-ins (and Wordpress itself) to accommodate for this. Simply keep tabs on it and issue those updates as they come out. Then, in your privacy policy, link to the page where your visitor can access/download that data.
As for any non-personal data collected (like Analytics or log files), it is unreasonable to expect users to be able to view that. After all, it isn’t really tied to them anyway. So, I think you just spell that out in your privacy policy that it is not personally identifiable and therefore is exempt from deletion.
Of course, that requires that you’re not sending anything personally identifiable to Google Analytics. That is against their terms of service anyway. One example of this would be sending user IDs to them, or passing user info in the URL which would then be seen by Analytics. This gets into techie stuff, but short story is… you shouldn’t be passing personally identifiable info in a URL.
In the end, plug-ins will provide the ability to abide by this requirement of the GDPR.
Between that and giving the ability for visitors to contact you to request such things, you should be OK.
And honestly, in actual practice, I doubt it will even happen that much.
– David