Using GDPR Compliance to bypass bans
I had an interesting chat with Digital Spy this morning about user deletion. They are preparing for an influx of request to be forgotten. Due to the nature of their forums, they are often faced with having to ban users when they break community guidelines with their opinionated, often disrespectful, sometimes racist comments. With GDPR coming into action, they've received requests from Banned Users to have their personal data deleted. Now, Digital Spy is faced with a dilemna - how do they keep track of these users, without keeping any of their personal info?
This raises an interesting question - how do we protect our users against wise-a** users who use GDPR compliance to bypass their Banned status?
"How could they do that?" you ask?
The banned user submits a request to be forgotten - the community manager deletes the user's data as requested - email, username, IP address, all gone. The user then returns to the forum, and creates a new account.
Ideally, the customer would like to keep a record of the banned user's IP address to at least be able to identify them when they apply for membership, and be able to make the decision of whether or not to ban the user.
N.B. - Digital Spy users the Approval Registration Method and rely heavily on IPs to identify comeback kids.
Now, looking at the Applicant lists, we can see the IP users are registering with, and quickly check the user list and see if you've rejected a user from this IP in the past:
There doesn't seem to be such a feature for Banned Users.
The option here for DS is to keep track of the IP addresses associated with banned users and add them to their Ban Rules. As we all know, banning IPs is not ideal as IPs are dynamic and you run the risk of banning legitimate users. This would also be a time consuming manual process for the DS team.
Does anyone have any ideas on how we can help this customer find a way to respect a user's right to be forgotten under GDPR compliance, while still protecting themselves against unwanted users?
Comments
-
After doing a little more reading about the GDPR, I discovered there is a "legitimate interests" clause.
It requires that the controller balances its own (or a third party’s) legitimate interests against the interests or fundamental rights and freedoms of the data subject. Unless the data subject’s rights override the controller’s rights, it can proceed with the processing.
I think retaining a record of bans for the common good of the community would clearly fall inside anyone's interpretation of legitimate interests, so preserving IPs for the purposes of blocking abusive behavior is allowed and cannot be overridden by a user request for erasure.
0 -
Thanks, Linc. I think the question remains then - how do our customers go about doing that, without having to set up a ton of ban rules and risk blocking legitimate members? I like the way it's working for Applicants where you can see if that IP is associated with a user that was rejected previously. Is there any chance we would build something like that into the product, or do that as a service for Hearst specifically?
0 -
I think declining to delete a banned user falls under the same exception. No additional tools are required.
0 -
EU Data Protection Directive (95/46/EC)
"personal data" shall mean any information relating to an identified or identifiable natural person ('Data Subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.
The definition is – deliberately - a very broad one. In principle, it covers any information that relates to an identifiable, living individual. However, it needs to be borne in mind that data may become personal from information that could likely come into the possession of a data controller.
There are different ways in which an individual can be considered 'identifiable'. A person's full name is an obvious likely identifier. But a person can also be identifiable from other information, including a combination of identification elements such as physical characteristics, pseudonyms occupation, address etc.
The definition is also technology neutral. It does not matter how the personal data is stored – on paper, on an IT system, on a CCTV system etc.
My understanding is that as long as you wipe anything that can lead to know who that person is we're good.
We don't have to wipe the IP from our DB. We just have to make sure it's not linked to any other information like email or whatever. When we "delete" a user we remove the email, name, etc. It's enough no?
0 -
I think there is another approach to play with black listed email addresses.
I don't know what is exactly definition of personal data, but the spirit is: everything that come from the user and associated/linked with/to the user.
I guess we can easily convert personal/private data into non-personal when it comes to forum/community protection system.
Let say when we are trying to protect any email system against spammers and we use any spam protection system. Those systems could have some data matching to some of forum users, but we can not consider them as personal/private because we did not get that data from our users and we do not associate that data with any of our users.
My idea is to detach personal data from user.
- Step 1: When user (User1) register there can be a phrase: "by this I allow to share my email to forum members and admins". That way we have a right to share email address to forum members.
- Step 2: When anybody (User2) complains about (User1) post or comment , in the report form we share-copy-paste (User1) email into the form. This way we are getting this information not from User1 and we can say that this is not his private/personal data. But just data collected for statistics and analysis from User2.
- Step 3: Ban system/plugin collects these complains unlinked from User1 profile and plugin do not associate banned emails list with any profile and personal data, but uses it to filter registrations, according to community collected data
Not sure if this approach is clear and valid, but just an idea.
5
