When deleting a user, all its associated wiki changes / comments / etc. needs to be anyonmized according to DSGVO / GDPR
Steps to reproduce:
A creates a wiki page W1
B creates a wiki page W2
A changes the wiki page W2
A. adds a comment to wiki page W3
Admin deletes user A
After step 4: W1, W2 and W3 will somehow have a association to user A (new page, edited page, comment)
After step 5: A is still in the history of W1, W2 and W3
Expected: the user should be completely anonymized according to DSGVO / GDPR
Someone know if this is possible, can be configured or is a feature request?
That would be a feature request. The way to implement something like this is generally to listen to deleted documents events in a listener and cleanup related metadata (which is already done for users but only for rights and group members and not for document authors).
Note that there are some companies sponsoring the development of the XWiki open source software and Iâm sure you could contact them to ask to sponsor this feature in XWiki if you need it anytime soon and you cannot develop it yourself (weâd love it if you could contribute it!) That would definitely help XWiki!
I would be interested to have a look how difficult this is to implement for my own. Can someone give me some hints and tell me some sections / files on which I should have a look on it?
As I said, its about DSGVO / GDPR, so, not something which can be ignored when running a xwiki in a company.
A probably better alternative would be to reuse the author switch system which is currently triggered when you deleted a user with programming right (so that the documents this user authored donât end up broken when they contain scripts). It would make sense to me to have an option to ask this question for all deleted users and not just PR ones. See Loading... for more details about this features
Itâs the same thing. The document always have an author, you would just choose the guest user (or some other virtual user we could introduce specifically for that) if you donât want a specific one.
As I said for me the best is to complete the already existing user deleting process to add support for the anonymization use case since it should not require much.
what about API? If you delete a user by API, is such a process to choose another user already implemented for the XWIKI-12142 use case?
I guess, there should be a âanonymousâ user which will be used automatically because I donât think that it does make sense to switch the author of comments to a real user
do you have an idea about the process to choose another user if you delete a user should look like? Would this be a checkbox in the delete user UI? Or a general setting?
There is no dedicated delete user API currently, you delete the user page which is technically the same thing for XWiki right now (since a user is a wiki page).
Yes we do have this kind of user already (called âguestâ or âunauthenticated userâ in the UI).
I guess something like a radio button choice between âanonymousâ or âselect another userâ with an input like we current have for PR user delete would do it but not really the UI expert here
Would it be also possible to fix the issue by running a SQL update after deleting the user?
âŚjust because of this GDPR, which specifies that user data needs to be deleted if there is no need for that data any longer. Would be interesting, how this is done by other companies / authorities as they have the same issue with the right to be forgotten.
I guess, a lot of companies / organizations will switch from confluence to xwiki in the next months because of the change of confluence how they sell their product.
They may ask the same questions of how xwiki handles âArt. 17 GDPR Right to erasure (âright to be forgottenââ (DSGV: Recht auf Vergessenwerden).
Does the newer versions of Xwiki improve the GDPR / DSGVO in this point?