WordPress.org

Make WordPress Core

Opened 2 years ago

Last modified 2 months ago

#43923 new enhancement

Add a step to the Data Removal/Erasure UX for deleting a user account

Reported by: coreymckrill Owned by:
Milestone: 5.5 Priority: normal
Severity: normal Version:
Component: Privacy Keywords: has-patch needs-testing
Focuses: Cc:

Description

In the ERASURE.md file over on #43602, it is mentioned that processing an erasure request does not actually remove the user's account, as that should be a separate step. However, this isn't mentioned anywhere in the UX, and may not match the expectations of some admins who are trying to fulfill a request to completely remove a user.

Perhaps the request could include a row action that initiates the process of deleting a user account? Or at least a blurb at the top explaining that account deletion is a separate step over on the Users table.

Attachments (2)

43923.diff (2.4 KB) - added by allendav 2 years ago.
Add username and Delete User action to personal data erase request rows
delete-user.png (252.2 KB) - added by allendav 2 years ago.

Download all attachments as: .zip

Change History (23)

This ticket was mentioned in Slack in #gdpr-compliance by allendav. View the logs.


2 years ago

#2 @desrosj
2 years ago

  • Milestone changed from Awaiting Review to 4.9.7

@allendav
2 years ago

Add username and Delete User action to personal data erase request rows

@allendav
2 years ago

#3 @allendav
2 years ago

  • Keywords has-patch needs-testing added; needs-patch removed

This ticket was mentioned in Slack in #gdpr-compliance by allendav. View the logs.


2 years ago

#5 follow-up: @coreymckrill
2 years ago

Does deleting a user also erase/anonymize their comments and other potentially personal data? If not, I wonder if this row action should only be available after the erasure request has been completed...

#6 in reply to: ↑ 5 @allendav
2 years ago

Replying to coreymckrill:

Does deleting a user also erase/anonymize their comments and other potentially personal data? If not, I wonder if this row action should only be available after the erasure request has been completed...

Mostly no. Deleting a user does dump their user meta as their user is deleted. It also removes their authorship from posts. Nothing else is cleaned up. In general, you could actually run these actions (erase personal data, delete user) in either order safely.

#7 @iandunn
2 years ago

I think it'd be good to add a current_user_can( 'delete_user', $user->id ) check before displaying the link, to avoid showing the admin a link for something they won't be able to do, if a plugin has removed that cap from them.

This ticket was mentioned in Slack in #gdpr-compliance by xkon. View the logs.


2 years ago

#9 @TZ Media
2 years ago

Great work. This functionality could utilize a feature similar to what is proposed in #43880 to ensure an anonymous user is present and auto-reassign the posts to that user.

Also, it might be useful to add a filter for the $row_actions to allow plugins to add their stuff, if possible.

#10 @iandunn
2 years ago

#44009 was marked as a duplicate.

This ticket was mentioned in Slack in #gdpr-compliance by allendav. View the logs.


2 years ago

#12 @desrosj
2 years ago

  • Milestone changed from 4.9.7 to Future Release

Moving gdpr tickets that are not bugs to Future Release until the next steps can be properly evaluated.

#13 @desrosj
2 years ago

  • Component changed from General to Privacy

Moving to the new Privacy component.

This ticket was mentioned in Slack in #gdpr-compliance by allendav. View the logs.


2 years ago

This ticket was mentioned in Slack in #core-multisite by iandunn. View the logs.


2 years ago

This ticket was mentioned in Slack in #core by allendav. View the logs.


2 years ago

This ticket was mentioned in Slack in #core-privacy by allendav. View the logs.


2 years ago

#18 @desrosj
23 months ago

  • Keywords gdpr removed

Removing the GDPR keyword. This has been replaced by the new Privacy component and privacy focuses in Trac.

This ticket was mentioned in Slack in #core-privacy by garrett-eclipse. View the logs.


3 months ago

#20 @garrett-eclipse
3 months ago

  • Keywords changed from has-patch, needs-testing to has-patch needs-testing
  • Milestone changed from Future Release to 5.5

This ticket was mentioned in Slack in #accessibility by pbiron. View the logs.


2 months ago

Note: See TracTickets for help on using tickets.