Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automated flow for GDPR/CCPA deletion requests #7

Merged
merged 19 commits into from
Oct 25, 2024
Merged

Automated flow for GDPR/CCPA deletion requests #7

merged 19 commits into from
Oct 25, 2024

Conversation

cmyui
Copy link
Member

@cmyui cmyui commented Oct 21, 2024
edited
Loading

Tested locally, generally seems to be working as intended.

cmyui
cmyui commented Oct 21, 2024
View reviewed changes
app/api/internal/v1/users.py


@router.delete("/api/v1/users/{user_id}")
async def delete_user(user_id: int) -> Response:
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To be invoked from RAP

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably with a ratelimit on admins, e.g. 3/hr or 10/d or something

@cmyui cmyui changed the title Draft: Work towards improved GDPR/CCPA compliance Draft: Improve GDPR/CCPA compliance Oct 21, 2024
@cmyui cmyui marked this pull request as ready for review October 21, 2024 07:24
@cmyui cmyui changed the title Draft: Improve GDPR/CCPA compliance Draft: Automated flow for GDPR/CCPA compliance Oct 21, 2024
@cmyui cmyui changed the title Draft: Automated flow for GDPR/CCPA compliance Draft: Automated flow for GDPR/CCPA deletion requests Oct 21, 2024
cmyui
cmyui commented Oct 21, 2024
View reviewed changes
app/usecases/users.py
"""\
An anonymization process for user deletion, mainly implemented
for the purpose of complying with GDPR, CCPA and other regulations.
"""
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are still quite a few open questions for "full compliance", but this is a pretty good start

@cmyui cmyui changed the title Draft: Automated flow for GDPR/CCPA deletion requests Automated flow for GDPR/CCPA deletion requests Oct 21, 2024
@cmyui cmyui self-assigned this Oct 21, 2024
@cmyui cmyui added the enhancement New feature or request label Oct 21, 2024
cmyui
cmyui commented Oct 21, 2024
View reviewed changes
app/usecases/users.py Outdated Show resolved Hide resolved
@infernalfire72
Copy link

dont clear hardware ids please (just set the associated user to 0 maybe or anonymize the actual user)

@cmyui
Copy link
Member Author

cmyui commented Oct 25, 2024
edited
Loading

dont clear hardware ids please (just set the associated user to 0 maybe or anonymize the actual user)

I want to get this feature our ASAP & there are some other code changes required here to accomodate this desire, so I think we can treat this as p3/follow-up, so long as we're only really deleting unbanned users for the time being. We do have the follow note in our account deletion acceptance terms:

4. If you are currently banned from our services, your device ban will be unassociated from the user account, and your ban will become un-appealable.

@cmyui cmyui merged commit 3b0fe85 into master Oct 25, 2024
2 checks passed
@cmyui cmyui deleted the gdpr-ccpa-compliance branch October 25, 2024 04:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tsunyoku tsunyoku Awaiting requested review from tsunyoku tsunyoku is a code owner

@infernalfire72 infernalfire72 Awaiting requested review from infernalfire72 infernalfire72 is a code owner

Assignees

@cmyui cmyui

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cmyui @infernalfire72 @tsunyoku