#43883 closed enhancement (fixed)
Add a user's attachments to the personal data export file
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Milestone: | 4.9.6 | Priority: | normal |
| Severity: | normal | Version: | 5.1 |
| Component: | Privacy | Keywords: | gdpr needs-unit-tests has-patch commit fixed-major |
| Focuses: | Cc: |
Description
Attachments (e.g. media) can contain personal data (e.g. images of the person, EXIF Geo location, etc)
We should at least include a public link to each attachment a user has uploaded.
For smaller attachments (e.g. < 3 MB), maybe include them in the export archive too.
I'll take care of this after #43546 lands
Attachments (1)
Change History (12)
This ticket was mentioned in Slack in #gdpr-compliance by allendav. View the logs.
7 years ago
#3
@
7 years ago
- Keywords needs-unit-tests added
- Owner set to allendav
- Status changed from new to assigned
#4
@
7 years ago
@desrosj @xkon - I stopped short of adding the smaller attachments to the ZIP file at this time. What do you think?
To test: Upload some media as a user you plan to run an export request against. Run the export request against them. Make sure URLs for each media item appear in the report.
Further note: We're doing this because we can't programatically handle all the possible ways attachments might contain personal data, so we're basically just going to treat any attachment as potentially containing personal data.