WordPress.org

Make WordPress Core

Opened 7 weeks ago

Last modified 2 weeks ago

#43923 new enhancement

Add a step to the Data Removal/Erasure UX for deleting a user account

Reported by: coreymckrill Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version:
Component: Privacy Keywords: gdpr has-patch needs-testing
Focuses: Cc:

Description

In the ERASURE.md file over on #43602, it is mentioned that processing an erasure request does not actually remove the user's account, as that should be a separate step. However, this isn't mentioned anywhere in the UX, and may not match the expectations of some admins who are trying to fulfill a request to completely remove a user.

Perhaps the request could include a row action that initiates the process of deleting a user account? Or at least a blurb at the top explaining that account deletion is a separate step over on the Users table.

Attachments (2)

43923.diff (2.4 KB) - added by allendav 7 weeks ago.
Add username and Delete User action to personal data erase request rows
delete-user.png (252.2 KB) - added by allendav 7 weeks ago.

Download all attachments as: .zip

Change History (19)

This ticket was mentioned in Slack in #gdpr-compliance by allendav. View the logs.


7 weeks ago

#2 @desrosj
7 weeks ago

  • Milestone changed from Awaiting Review to 4.9.7

@allendav
7 weeks ago

Add username and Delete User action to personal data erase request rows

@allendav
7 weeks ago

#3 @allendav
7 weeks ago

  • Keywords has-patch needs-testing added; needs-patch removed

This ticket was mentioned in Slack in #gdpr-compliance by allendav. View the logs.


7 weeks ago

#5 follow-up: @coreymckrill
7 weeks ago

Does deleting a user also erase/anonymize their comments and other potentially personal data? If not, I wonder if this row action should only be available after the erasure request has been completed...

#6 in reply to: ↑ 5 @allendav
7 weeks ago

Replying to coreymckrill:

Does deleting a user also erase/anonymize their comments and other potentially personal data? If not, I wonder if this row action should only be available after the erasure request has been completed...

Mostly no. Deleting a user does dump their user meta as their user is deleted. It also removes their authorship from posts. Nothing else is cleaned up. In general, you could actually run these actions (erase personal data, delete user) in either order safely.

#7 @iandunn
7 weeks ago

I think it'd be good to add a current_user_can( 'delete_user', $user->id ) check before displaying the link, to avoid showing the admin a link for something they won't be able to do, if a plugin has removed that cap from them.

This ticket was mentioned in Slack in #gdpr-compliance by xkon. View the logs.


7 weeks ago

#9 @TZ Media
7 weeks ago

Great work. This functionality could utilize a feature similar to what is proposed in #43880 to ensure an anonymous user is present and auto-reassign the posts to that user.

Also, it might be useful to add a filter for the $row_actions to allow plugins to add their stuff, if possible.

#10 @iandunn
6 weeks ago

#44009 was marked as a duplicate.

This ticket was mentioned in Slack in #gdpr-compliance by allendav. View the logs.


5 weeks ago

#12 @desrosj
5 weeks ago

  • Milestone changed from 4.9.7 to Future Release

Moving gdpr tickets that are not bugs to Future Release until the next steps can be properly evaluated.

#13 @desrosj
5 weeks ago

  • Component changed from General to Privacy

Moving to the new Privacy component.

This ticket was mentioned in Slack in #gdpr-compliance by allendav. View the logs.


5 weeks ago

This ticket was mentioned in Slack in #core-multisite by iandunn. View the logs.


4 weeks ago

This ticket was mentioned in Slack in #core by allendav. View the logs.


4 weeks ago

This ticket was mentioned in Slack in #core-privacy by allendav. View the logs.


2 weeks ago

Note: See TracTickets for help on using tickets.