Community » BeWelcome Forum

I think, the answer is No.

I am posting this after a discussion I have had with Philipp who was remaining me that according to German laws, when someone who has had personal data recorded on a Web Site decide to delete his membership, the company which is owning this website must obey.

In a practical way this is very difficult, on the technical point of view for companies.

For now, in BeWelcome we do not delete the data of the members who have leave by himself or who have ask to leave. Note that BeWelcome is not under German laws, but under French one which are also very very careful about people privacy. Anyway, we have talk about it and I think we should delete the data of the member who have left. 

I propose that we use the following technical solution (not so difficult to set in motion)

• We replace all text data in profile with *****
• We replace all crypted data (Name, EMail, Address, ...) with ****
• We replace the Username with Resigned_XXXX where xxxx is the unique Id of the member

Why does it look more complicated than a 'simple delete' ? Because the risk to create data base inconsistency will be very very Hight. In the database many data are linked together.

I think we will keep the forum contributions, because they are something collective. If We are to remove all the post of one member, it will make the collective thread completely unreadable .
However, the post of member jojo_lapin (for example) who have left BW will not be anymore maked as "from jojo_lapin" but from"Resigned_XXXX"

We will of course keep the message between members (if they have not deleted them both) because a message is something someone gives to someone else and this is not redable on the website except for the sender or the receiver.

 We will also keep a list of previously used username in order to prevent some new member from using this username (this could create confusion with people memory). Of course, the username in this list will not be any more connected to the various ***** or still readable forum posts of member resigned_XXXX

Something I don't know what to do with are the comments, may be w can consider that a comment is a comment given so it doesn't make sense to delete it ?

Something else too is the delay. Since we are not under German laws, I think we should keep a delay before deleting these data. Just in case it was a mistake or a joke of someone using the same computer. I would say, one month delay. Of course there is the case of the bad guy who has just killed is host, but I don't think this is a real consideration here. I mean, deleting member who leave should not be a problem for safety, and may be the one month delay can comfort people who think this is a risk for safety.

What do you think about it in general ?

I agree with both above recommendations.  One thing is that i think we should note remove the username because in the forum that will help us distinguish between users who had left and had added their comments...otherwise it would be difficult.

@Jared, problem with username is that they are people who signup with a username like jsacks ;-)

 Imagine that you leave bewelcome and want all your data to be removed, you will then probably consider that your username which is made from your family name (you made it public, so its not a problem to say it) is also a personal data.

 For me or for you it will look stupid  because we are aware of what a username and if we choose to include part of our identity in it, we know about the consequences. 

But I think that they are people who will not think the same.

@Julien, about banned abusers : in fact I was not considering them among the "members who have left" they are more "among the members who have been banned".

 So I don't think there is a need to have a special process with their data, unless they explicitely ask for it.

If so, I think this could be a case by case to be managed by safety team

About IP grey list : may be, for now we don't do this, I am not sure if it will be reliable. One problem I see : imagine we black list the IP of an abuser which was surfing from some internet café, the result will be that in fcact we will blacklist theinternet café

Matthias ask me what was the progress with this subject, and in fact, it was a no progress.

 I have a routine ready to rename the username as RETIRE_XXXXX and to fill the contents of profile with *** member deleted ***

This routine is ready to be run for members who have left since more than three weeks.

but in the wiki ( http://www.bevolunteer.org/wiki/Removing_the_data_of_a_left_member ) someone wrote :

It is not a stupid idea, but if I run my routine now, it will result in having Joe renamed RETIRED_XXXX also in his forum post .

Personally, I prefer to do so (nobody will be anymore able to link the post Joe wrote to Joe, if they are against laws, moderator can still empty them).

But problem is that if I run the routine, it will be irréversible (mark the french accent !), in other word I might be wrong.

Could you give feedback about it and can someone try to build a consensuss (I think we can save a poll here) ?

In fact I have already applied this process to Henri Barbusse (a fake profile we usually use for test).

Results are visible  here

As you could see, comments are still here, city too. Is it a problem ?

This profile is at Status inactive, not really Left because if so, no members will be able to see it and so nobody will really be able to comment.

For myself i think we shoudl keep the comments, they are owned by the guy who wrote them

Actually, BW should have data on the "departed" if only to have working knowledge on the circumstances and situations or conditions that led to dropping out, that possibly can be studied further for appropriate actions, if need be.

Members should recruit, NOT quit. BW should find out why quitters quit.  BW cannot afford members quitting.

It is totally to BW's disadvantage to not keep data on the "departed" .

Dissenting dissidents, like the HC vols are easily identifiable as far as the reason/s for their departure from HC is concerned. Basically it's a no win situation. Case closed.

But regular members quitting is another story all together. This mini-exodus should be quashed. (50 in one year with membership of only 5 thou is too many, in my opinion.). Their feedback on dropping out should be analyzed, in case corrective measures can be implemented.

@Coolnewyorker, the french laws (the BW server is in France) require that someone can access his personal data and can have them removed if he asks for it.
In fact most of the website in France don't really complies with it, but BW will.

If someone wants to leave BW, it implicitely mean he wants his data to be removed.

And, regardless this laws, it is a clear consenssus among BV volunteers that people must be free to leave and should have their personal data removed.

We just make a small adjustment:

• a delay before removing the data (21 days, I assume it is the right delay) to be sure that it was not a bug or a trick done by someone stealing the password of the guy
• in the case of a guy who abuse or spam (a guy who didn't follow the rules he accepted when he signup), if he is banned, the data are kept

I guess Quique that what you mean is that they just wanted to close their profile, they did'nt explicitely request for their data to be deleted.

But, the idea of the french law (theoric because practice is a great demonstration of laissez-faire) is that implicitely the guy who cancelled his profile believes that it also delete his data.

This is a very protective law for people privacy, and something which I think we believe a good choice (german laws for what I read in several discussion are the same).
This kind of law protects the citizen even if it creates difficulties in pratice for companies or website in general.

@Coolnewsorker, may be this is a western european way of  seeing things, how is it in US ?

@JY just do it like you proposed in the wiki.

Maybe dont replace profile data with ***** simply delete the whole "profile database entry" and replace it with a fresh site "user profile deleted"

the rest sounds good to me (even if I havent really long thought about it)

If I remember well, only one person has asked about the removal of personal data when leaving and this question was prior to membership, thus someone who wanted to be sure about the use we'll give to the data once becoming a member.

The normal question I get is "how can I leave?" and my normal answer is "here you are how to leave". From now on, I will include a suggestion to encourage those who leave to fill up the box about the reasons. You are right, cny, this can give us very useful information.

I don't want to put difficulties to those who want to leave. Leaving easily gives trust and good image to a group. I would not like BW to be seen as "easy to go in, hard to go out".

@coolnewyorker 

I think you might be mixing two topics here. One is the removal of PRIVATE data of members who requested to leave. The other, mentioned by you, is keeping track of how many members left and why they did it. 

 The legal and moral requirement discussed here is the question of deleting private data such as name and address.

Keeping stats is something completly different and I agree with you that it would be great to keep this info. This is also why we ask for feedback. But if someone leaves and gives no reason or gives the reason mentioned by Enrique (Not using my account), what would you like to do? There is no way to force them to be vocal if they don't want it. 

But anyway, just wanted to make sure that we understand that the two issues are separate.

Maria