To improve data privacy and conform with DSGVO the following will be implemented:
- Refactor UserDeletionManager to better use the UserDataDeletable interface. Move code from userDeletionManager to responsible managers.
- Remove the following legacy properties, they are not supported anymore:
- Remove the "isDeletable" flag in both UserPropertyHandler.java and userPropertiesHandlerContext.xml.
- On delete
- for normal users: set all user properties to NULL
- for administrative users: set all user properties to NULL except firstname ** and lastname**
- In the database upgrade,for old deleted users all user properties are also cleared
- On delete, replace the identity.name (username) to the identity database key
- In the database upgrade, for old deleted identities all user names are also cleared**
When deleting some data will remain in the system such as
- forum posts
These data is treated as contributions to the learning and collaboration process and can not be withdrawn since other actions might refer to this one. However, the system must not reveal the identity of the creator of the data (anonymise).
OO-3486 we will implement a mechanism how for administrative users the first and lastname can be deleted as well. The reason to keep those data is that administrative users perform many actions not as individual user but rather as an institutional role. The transparency of such actions is very important and log entries such as the course log must be readable and consistent even when a user has been deleted.
Administrative user are all users with administrative rights such as authors, course owners, teachers (lecture block roll call relevant), user managers, pool manager, administrators etc.