Inconsistency in Export and Erase Personal data behavior

[subrataemfluence]

I am not sure if it is done on purpose but I have noticed an inconsistency in selecting contents for Erase Personal Data tool compared to Export Personal Data tool.

I have made a few comments as well as uploaded some images through Media Library.

My account display name is Subrata Sarkar and the email address is gdpr-tester@…

I created an Export Request for gdpr-tester@… and downloaded the .zip file. I see both comments and media files are considered in index.html as a part of Personal Data.

On the contrary, Erase Personal Data for the same email address does not consider Media Files. In Media Library the images uploaded by me are still showing uploaded by Subrata Sarkar!

Comment author is updated to Anonymous though.

Am missing something?

One more thing I have noticed. May be this is done to comply with GDPR regulations. That is, in users' list the email addresses are no longer appearing for each user, although I am logged in as the admin. Just wanted to know if this is the case.

[subrataemfluence]

One more thing I have noticed. May be this is done to comply with GDPR regulations. That is, in users' list the email addresses are no longer appearing for each user, although I am logged in as the admin. Just wanted to know if this is the case.

Please ignore this. I forgot to check the Screen Options! :P

[xkon]

Hi @subrataemfluence!

Allow me to add some context here as all the privacy-related tickets do have long discussions over slack most of the time that can't easily be tracked.

Let me first say that yes Exporters will show personal data but that isn't always the same as what is erased due to some of the data even if personal needs to be kept.

When the erasers were built, we agreed that core wouldn't touch the user profile by default. On some occasions, data from the profile might be needed to be kept for other legal issues.

Since comments live on their own tables and relationships in the database we're able to anonymize them as they keep their own data in their tables i.e. "comment_author", "comment_author_email" and so on.

Media files, on the other hand, are living under posts that are bound to users and since we are not changing anything in the profile then the uploader name continues to show.

Do note that any plugin that might be handling attachments from users could add it's own erasers in any way that seems fit, but core can't handle this by design (at least at the moment) as attachments are essentially posts.

I'll cc @azaozz here for an extra comment since the only way to be able to properly anonymize Media by default would require changes first on how core handles them which would bring other long discussions and tickets :D (I'm not even sure if we would like to go down that road at the moment).

Overall this can be considered as "intended behavior" at the moment.