SNAP inserts regular WordPress comments, so SNAP imported comments are no different from regular WordPress comments. There is not need to make a separate tool. Any tool that can allow you to delete user comments will work for that.
Actually WordPress does not have anything that could be used for identification of the comment source. So once comment is posted, there is no way to tell if it was posted by SNAP, another plugin or manually.
Regular WP comments differ from SNAP imported comments by the email with which they are recorded and identifiable. In the case of FB imported comments for example this format is as follows: userIDnumeric@facebook.com There an auto recorded URL to the user profile: facebook.com/userIDnumeric
Current WordPress GDPR tools/plugins have no way to identify these comments as they are not recorded with user’s personal email. Most users don’t know their userIDnumeric@facebook.com and will not be able to use such tools to request/delete their data; which leaves the website’s “information controller” (the actual legal term) with no way to fulfill their requests having no way to identify a given user’s information and comply with the requests. This in term, may move responsibility to the plugin that controls how this information us used (transferred and recorded) thus making it the sole “information controller.” Admittedly, this is still gray area in GDPR legality, but it’s perhaps worth looking into for the plugins own sake and for the safety of websites that use the SNAP plugin.
1. So what happens if someone use his user@facebook.com email for making a regular comment?
2. The whole “Importing comments” feature is a gray area by itself. You are not asking users for permission to take their comments made on Facebook and post them on your site. As you said most of them are not even away that their comments are appear on your site.
3. What exactly are you purposing us to do? Make a button that will allow user to delete his comments? Why should we do that? How is is button different from another button for regular users?
GDPR plugins now are asking for user email where they can send _confirmation link_ from where the user can click and receive the requested data.
This cannot be done (IMO) with userIDnumeric@facebook.com type emails:
1. Users hardly know what their ID is
2. Facebook will probably block a mass email from domain/IP to multiple userIDnumeric@facebook.com type emails as SPAM.
The gray area is correct, and therefore most websites are including privacy consent. Obviously a user is (somewhat) aware they are posting publicly on FB under a public link that belongs to a public website. Thus, GDPR does not argue against displaying the comments, but for the option to be forgotten and/or removed at any given time.
If the user can provide their userIDnumeric@facebook.com, GDPR plugins can remove their comments BUT ONLY IF they can receive the confirmation email and click on the link provided. Otherwise, anyone can go to a website enter a number of userIDnumeric@facebook.com type emails and remove comments left and right without proper confirmation from each user.
The old option was to identify user via FB login, but if FB is removing apps that will be no go, as it seems
It’s pretty easy imho: Did the users of which you import their Facebook comments allow you to do so? No, because they are not asked. So the import is not GDPR compliant.
1. From what we see every GDPR compliant site must provide its users with buttons to download and delete their comments. Users who’s comments were imported by SNAP can use those same buttons to download/delete their comments as well. No additional actions from us are required.
2. Your Facebook/Twitter page description should make users aware that their comments will be imported to the site. This is also beyond the plugin’s ability.
The import is allowed because the user clearly commented under a post of your website (regardless if the platform was FB or WP or whatever). According to GDPR, this makes you controller of the information as well as the social platform (FB or WP or whatever). The new rules may require you to request consent, but the grandfathered comments are as is and are treated under your website as controller just like the user who made comment under your post using regular FB API app that provides comment box.
The difficulty with “comments were imported by SNAP can use those same buttons to download/delete their comments” is that users MUST know their FBdigitalID@faecbook.com email in order to request download/erasure which they generally dont.
GDRP require the controller of the information to provide a “human form” of the request, meaning, providing a way which is somehow obstructed or is no way to request download/erasure is basically seen as direct non-compliance with GDPR.
Same if not worse difficulty is proposed by users who commented with FB accounts that are inactive any-longer or somehow anonymously. They have no way to provide a valid email with their request for download/erasure. Nevertheless, GDPR still entitles to that right as owners of the information.
-
This reply was modified 5 years, 11 months ago by
bibliata.
Again, what exactly are you purposing us to do?
If its not possible automatically to match users with comments, it looks like problem could be solved via extra “Contact us” from with title “Comments download/removal request”
