Support » Requests and Feedback » GDPR and the forum of

  • Resolved gdpr2018


    It has been years since I was last active on this forum, it has also been years since I used WordPress as an engine to power websites. The main reason to my absence is how the moderators treated people that wanted to delete their own threads. The moderators would simply not do it, unless you could persuade a moderator to do it anyways.

    There are many reasons to why someone might want to have their own threads/posts deleted, none of which should concern the moderators, the community nor the owners of the website.

    I don’t know how these things are handled these days, but with GDPR threads and posts will be deleted without having to specify any reason at all. That is if WordPress don’t want a £20M fine issued by the EU, of course.

    GDPR is set to be enforced from May 28, 2018. Considering the awful experience I and many others have had with this forum with regards to deleting threads, how have this website prepared itself towards GDPR? In other words, how can I finally delete my threads and posts from

    • This topic was modified 3 weeks ago by  gdpr2018.
Viewing 4 replies - 1 through 4 (of 4 total)
  • Moderator Samuel Wood (Otto)

    (@otto42) Admin

    The GDPR requires that users have a way to delete their personal data. It specifically defines “personal data” in these terms:

    ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

    The only data we have in this forum that could be considered to fall under those guidelines would be data in your forum profile. All of that data is available for you to edit (including total deletion) at any time. We do not keep records of it.

    We have been discussing this internally, and we are working on a plan to make a “delete account” mechanism, which will effectively kill a account entirely. The data in the profile would be deleted, the profile would be removed from view, and the username would become blocked for any future use by anybody.

    Threads in the forums, however, do not qualify as personal data. If you have posted any personal data in the forums, then a moderator will quite happily remove that specific information on request. Heck, they do that already, frequently removing signatures, which we actively do not allow those to be used in the forums in the first place.

    However, the thread itself, the questions posted by users and the answers that other users provide them, does not fall under the category of “personal data”. The only remaining personal data that is left is the username, and the plan is for the account-nuking interface to also remove that remaining information from display. The username itself cannot be removed for technical reasons (we have to retain them in order to prevent them from being reused by others), but showing threads that do not contain personal data as being made by “Anonymous” or similar is planned.



    Thanks for your prompt and thorough reply.

    This sounds ok, and I hope that the feature for account deletion will be in place soon.

    However, there is one issue with your plan:

    The username itself cannot be removed for technical reasons (we have to retain them in order to prevent them from being reused by others)

    As GDPR classifies usernames as personal data, users can legally have you delete their username from your databases entirely, regardless of your technical issues with it.

    Moderator Samuel Wood (Otto)

    (@otto42) Admin

    Actually, the GDPR covers that one as well.

    Because we use the username as part of the SVN system, the username is associated with any commits they made. If they have made any commits to SVN, say, as a plugin author, then deletion of the username and the history is not possible. This is the only reason username is retained and thus blocked.

    The right to erasure does not apply to exercising the right of freedom of expression and information, nor for archiving purposes in the public interest, scientific or historical research purposes. See Article 17.

    If you have not made any SVN commits, then the username will be simply gone. Poof.

    If you have made such commits, then the username will be retained in the history there, because that is the purpose of code repositories: to maintain the history of the files within them, who changed them, and when. The data in our code repositories is open-source, available to all, and in the public interest. Open source code is both a freedom of expression and information. Says so right in the license, it intended to guarantee your freedom to share and change free software.

    Note that your username of “gdpr2018” is not personal information, unless you have a very interesting life story.



    Well, I stand corrected.


Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘GDPR and the forum of’ is closed to new replies.