I think, the answer is No.
I am posting this after a discussion I have had with Philipp who was remaining me that according to German laws, when someone who has had personal data recorded on a Web Site decide to delete his membership, the company which is owning this website must obey.
In a practical way this is very difficult, on the technical point of view for companies.
For now, in BeWelcome we do not delete the data of the members who have leave by himself or who have ask to leave. Note that BeWelcome is not under German laws, but under French one which are also very very careful about people privacy. Anyway, we have talk about it and I think we should delete the data of the member who have left.
I propose that we use the following technical solution (not so difficult to set in motion)
- We replace all text data in profile with *****
- We replace all crypted data (Name, EMail, Address, ...) with ****
- We replace the Username with Resigned_XXXX where xxxx is the unique Id of the member
Why does it look more complicated than a 'simple delete' ? Because the risk to create data base inconsistency will be very very Hight. In the database many data are linked together.
I think we will keep the forum contributions, because they are something collective. If We are to remove all the post of one member, it will make the collective thread completely unreadable .
However, the post of member jojo_lapin (for example) who have left BW will not be anymore maked as "from jojo_lapin" but from"Resigned_XXXX"
We will of course keep the message between members (if they have not deleted them both) because a message is something someone gives to someone else and this is not redable on the website except for the sender or the receiver.
We will also keep a list of previously used username in order to prevent some new member from using this username (this could create confusion with people memory). Of course, the username in this list will not be any more connected to the various ***** or still readable forum posts of member resigned_XXXX
Something I don't know what to do with are the comments, may be w can consider that a comment is a comment given so it doesn't make sense to delete it ?
Something else too is the delay. Since we are not under German laws, I think we should keep a delay before deleting these data. Just in case it was a mistake or a joke of someone using the same computer. I would say, one month delay. Of course there is the case of the bad guy who has just killed is host, but I don't think this is a real consideration here. I mean, deleting member who leave should not be a problem for safety, and may be the one month delay can comfort people who think this is a risk for safety.
What do you think about it in general ?