Skip to main content

Has anyone had their GDPR team pop up to ask for your community’s policy on deleting old customer comments? Or old and inactive profiles?

 

Where’s the limit on how long old (all be it, high ranked, high traffic) topics can stay?

 

What approach should one take to make their data security teams happy? 

 

Should all of this be circumnavigated by simply having effective policies on member profiles and comments being anonymous and unidentifiable from the get go?

Thanks @timcavey for bringing this up!

We’ve had some discussion around this matter lately - it is a complex issue.

First of all, our view (at least until for now) has been that “All messages a user publishes in the community are stored indefinitely” - and this is stated in our community terms. By saying this, we view that it’s ok not to delete/anonymize content automatically.

However, we’ve been discussing the users’ right to be forgotten. Our legal teams’ view is that a user should have the right to ask for all content they’ve produced to be deleted. I’ve been asked to post and idea about it: GDPR/ Privacy / Data erasure policy: Allowing users to delete their own comments 

From the community perspective, deletion is not the best option, but I do understand the idea behind deletion.

We have not (yet) discussed about the need to delete old / inactive user profiles.. But I’ve already discussed this with @Kenneth R as I’m pretty sure our legal team will bring this up at some point.

Should the community be anonymous from the get go? It sure would make many issues go away, but for us as a large telco and the community being an important customer service channel - anonymity would make helping our community members a lot harder.:shrug:


Reply