Make account GDPRing possible in the account settings

PPPDUD

PPPDUD wrote:
Za-Chary wrote:
I thought GDPR is only a European law. Can those residing in the United States, for example, get GDPR'd?
Technically it is indeed an EU law, but it's extremely hard to ensure that someone is actually an EU citizen, and if the Scratch Foundation fails to GDPR a citizen, they may face severe penalties or be banned legally, so it's best safe than sorry.

Because users are not going to use Contact Us as much, the support team will be able to respond to more important requests quicker and help make Scratch a better place.

Also, remember: Contacting the ST is NOT a suitable alternative. It wastes the time of moderators, who should be verifying reported projects, not GDPRing random accounts.

dhuls wrote:
Za-Chary wrote:
(#2)
I thought GDPR is only a European law. Can those residing in the United States, for example, get GDPR'd?
California has a similar law to the GDPR, known as the California Consumer Privacy Act, which has similar provisions of requesting the deletion of personal data and requesting that personal data. It has fines of $2,500 if one unintentionally violates it, and triple that amount if intentional. It's also probably difficult to identify if someone is a resident of California, so the ST would probably still have to apply the law to everyone.

I still think this should require email verification, because making it easier to permanently delete your account with absolutely no chance of getting it back is a recipe for disaster on a website used mostly by children.

I think that the user should have to do email verification and type in their passwords and their usernames twice, since there's no recovery after the account has been deleted.

Last edited by PPPDUD (Oct. 23, 2023 18:07:23)

Za-Chary

I thought GDPR is only a European law. Can those residing in the United States, for example, get GDPR'd?

Zydrolic

Under GDPR, the company should use and take all reasonable measures in order to verify the identity of a data subject who requests access, in particular context of services and online identifiers.
(edited out, this was wrong lol)

Last edited by Zydrolic (Oct. 20, 2023 19:30:09)

PPPDUD

Za-Chary wrote:
I thought GDPR is only a European law. Can those residing in the United States, for example, get GDPR'd?

Technically it is indeed an EU law, but it's extremely hard to ensure that someone is actually an EU citizen, and if the Scratch Foundation fails to GDPR a citizen, they may face severe penalties or be banned legally, so it's best safe than sorry.

Because users are not going to use Contact Us as much, the support team will be able to respond to more important requests quicker and help make Scratch a better place.

Last edited by PPPDUD (Aug. 17, 2023 16:24:58)

dhuls

Za-Chary wrote:
(#2)
I thought GDPR is only a European law. Can those residing in the United States, for example, get GDPR'd?

California has a similar law to the GDPR, known as the California Consumer Privacy Act, which has similar provisions of requesting the deletion of personal data and requesting that personal data. It has fines of $2,500 if one unintentionally violates it, and triple that amount if intentional. It's also probably difficult to identify if someone is a resident of California, so the ST would probably still have to apply the law to everyone.

I still think this should require email verification, because making it easier to permanently delete your account with absolutely no chance of getting it back is a recipe for disaster on a website used mostly by children.

PPPDUD

dhuls wrote:
Za-Chary wrote:
(#2)
I thought GDPR is only a European law. Can those residing in the United States, for example, get GDPR'd?
California has a similar law to the GDPR, known as the California Consumer Privacy Act, which has similar provisions of requesting the deletion of personal data and requesting that personal data. It has fines of $2,500 if one unintentionally violates it, and triple that amount if intentional. It's also probably difficult to identify if someone is a resident of California, so the ST would probably still have to apply the law to everyone.

I still think this should require email verification, because making it easier to permanently delete your account with absolutely no chance of getting it back is a recipe for disaster on a website used mostly by children.

I think that the user should have to do email verification and type in their passwords and their usernames twice, since there's no recovery after the account has been deleted.

Zydrolic

PPPDUD wrote:
(#6)
I think that the user should have to do email verification and type in their passwords and their usernames twice, since there's no recovery after the account has been deleted.

And what about the identity verification?

Zydrolic wrote:
(#3)
Under GDPR, the company should use and take all reasonable measures in order to verify the identity of a data subject who requests access, in particular context of services and online identifiers.

baleeted

there is already an option to delete your account, and on top an additional option to delete all of your projects afterwards

Zydrolic

baleeted wrote:
(#8)
there is already an option to delete your account, and on top an additional option to delete all of your projects afterwards

GDPR includes evaporizing identifiable data of the requestee/requestor or whatever the term is as long as they are a EU Citizen, although from what I know they must also be in the European Economic Area (EEA).

It's not really the same as a full account deletion.

Last edited by Zydrolic (Aug. 17, 2023 17:16:57)

PPPDUD

baleeted wrote:
there is already an option to delete your account, and on top an additional option to delete all of your projects afterwards

That doesn't really delete your account. It just hides your content permanently, rather than actually deleting it.

PPPDUD

Bump!

PPPDUD

PPPDUD wrote:
Bump!

-Valtren-

No support. People are stupid and will definitely lose their accounts from this.
And if someone is trying to have their account GDPR'd, you can be fairly certain they would at least know enough to use contact us.

7salad3salad

Many people would accidentally GDPR themselves and then contact us would get flooded.

ajskateboarder

7salad3salad wrote:
Many people would accidentally GDPR themselves and then contact us would get flooded.

Also, how would GDPR be accessible to people living outside of EU countries? Would the feature just do nothing for people living anywhere else, and how would Scratch know if you truely live in the EU or not?

I think Contact Us would work better for GDPRing

GIitchInTheMatrix

Za-Chary wrote:
I thought GDPR is only a European law. Can those residing in the United States, for example, get GDPR'd?

Just because its only legally allowed in one place doesn’t necessarily mean that it can’t be done for others outside of the location.
—
Contact Us, as others have said, is a better option, but a possible compromise exists.
It could be a “Request GDPR” button, which essentially just sends a Contact Us message, where you talk to a real ST member about it.

gdfsgdfsgdfg

if there’s accidents then there should be a confirmation
———————————————————————————
also most scratchers live in United States (not counting people who lie about their location)

Last edited by gdfsgdfsgdfg (Sept. 20, 2023 13:57:50)

7salad3salad

gdfsgdfsgdfg wrote:
if there’s accidents then there should be a confirmation

People will still not understand it and do it anyway, and complain when their account is gone.

GIitchInTheMatrix wrote:
Za-Chary wrote:
I thought GDPR is only a European law. Can those residing in the United States, for example, get GDPR'd?
Just because its only legally allowed in one place doesn’t necessarily mean that it can’t be done for others outside of the location.
—
Contact Us, as others have said, is a better option, but a possible compromise exists.
It could be a “Request GDPR” button, which essentially just sends a Contact Us message, where you talk to a real ST member about it.

Seems like contact us but with extra steps

Last edited by 7salad3salad (Sept. 20, 2023 12:49:27)

jvvg

I think there is actually benefit to requiring people go through a bit of extra effort to GDPR their accounts. First, the Scratch Team is a bit overworked, and GDPRing accounts seems like it's a manual process, adding to their workload. Requiring users go through a few extra steps ensures that users don't invoke it just for fun. Secondly, a lot of the users on this site are pretty young and don't necessarily think about the long-term consequences of their actions. I could definitely see people GDPRing their accounts just for fun and then being surprised that this means all their projects (and other stuff) are deleted and unrecoverable. By requiring they go through Contact Us and thus making them go through a few extra steps, this helps ensure this is only used by people who actually know what this is all about and the full implications of it and really want it.

gdfsgdfsgdfg

7salad3salad wrote:
gdfsgdfsgdfg wrote:
if there’s accidents then there should be a confirmation
People will still not understand it and do it anyway, and complain when their account is gone.

then we add explanation

Discuss Scratch