Opened 6 years ago
Last modified 4 years ago
#43923 new enhancement
Add a step to the Data Removal/Erasure UX for deleting a user account
Reported by: | coreymckrill | Owned by: | |
---|---|---|---|
Milestone: | Future Release | Priority: | normal |
Severity: | normal | Version: | |
Component: | Privacy | Keywords: | has-patch needs-testing needs-refresh |
Focuses: | Cc: |
Description
In the ERASURE.md file over on #43602, it is mentioned that processing an erasure request does not actually remove the user's account, as that should be a separate step. However, this isn't mentioned anywhere in the UX, and may not match the expectations of some admins who are trying to fulfill a request to completely remove a user.
Perhaps the request could include a row action that initiates the process of deleting a user account? Or at least a blurb at the top explaining that account deletion is a separate step over on the Users table.
Attachments (2)
Change History (26)
This ticket was mentioned in Slack in #gdpr-compliance by allendav. View the logs.
6 years ago
This ticket was mentioned in Slack in #gdpr-compliance by allendav. View the logs.
6 years ago
#5
follow-up:
↓ 6
@
6 years ago
Does deleting a user also erase/anonymize their comments and other potentially personal data? If not, I wonder if this row action should only be available after the erasure request has been completed...
#6
in reply to:
↑ 5
@
6 years ago
Replying to coreymckrill:
Does deleting a user also erase/anonymize their comments and other potentially personal data? If not, I wonder if this row action should only be available after the erasure request has been completed...
Mostly no. Deleting a user does dump their user meta as their user is deleted. It also removes their authorship from posts. Nothing else is cleaned up. In general, you could actually run these actions (erase personal data, delete user) in either order safely.
#7
@
6 years ago
I think it'd be good to add a current_user_can( 'delete_user', $user->id )
check before displaying the link, to avoid showing the admin a link for something they won't be able to do, if a plugin has removed that cap from them.
This ticket was mentioned in Slack in #gdpr-compliance by xkon. View the logs.
6 years ago
#9
@
6 years ago
Great work. This functionality could utilize a feature similar to what is proposed in #43880 to ensure an anonymous user is present and auto-reassign the posts to that user.
Also, it might be useful to add a filter for the $row_actions
to allow plugins to add their stuff, if possible.
This ticket was mentioned in Slack in #gdpr-compliance by allendav. View the logs.
6 years ago
#12
@
6 years ago
- Milestone changed from 4.9.7 to Future Release
Moving gdpr
tickets that are not bugs to Future Release
until the next steps can be properly evaluated.
This ticket was mentioned in Slack in #gdpr-compliance by allendav. View the logs.
6 years ago
This ticket was mentioned in Slack in #core-multisite by iandunn. View the logs.
6 years ago
This ticket was mentioned in Slack in #core by allendav. View the logs.
6 years ago
This ticket was mentioned in Slack in #core-privacy by allendav. View the logs.
6 years ago
#18
@
6 years ago
- Keywords gdpr removed
Removing the GDPR keyword. This has been replaced by the new Privacy component and privacy focuses in Trac.
This ticket was mentioned in Slack in #core-privacy by garrett-eclipse. View the logs.
5 years ago
#20
@
5 years ago
- Keywords changed from has-patch, needs-testing to has-patch needs-testing
- Milestone changed from Future Release to 5.5
This ticket was mentioned in Slack in #accessibility by pbiron. View the logs.
5 years ago
This ticket was mentioned in Slack in #core by david.baumwald. View the logs.
4 years ago
#23
@
4 years ago
- Keywords needs-refresh added
Latest patch fails against trunk
, so marking needs-refresh
.
#24
@
4 years ago
- Milestone changed from 5.5 to Future Release
With 5.5 Beta 1 releasing tomorrow ans this still needing a refresh and a review, this is being moved to Future Release
. If any maintainer or committer feels the remainder of this ticket can be resolved in time, or wishes to assume ownership during a specific cycle, feel free to update the milestone accordingly.
Add username and Delete User action to personal data erase request rows