GDPR / Privacy functionality

[Ruud68]

Currently Kunena implements the onPrivacyCollectAdminCapabilities via the system plugin. This will add Kunena to the list of components having GDPR data stating what the data collected is and why it is collected.

Kunena however does not implement the onPrivacyExportRequest event. This event is responsible for generating the user data that will be exported and emailed to the user when he requests and export of his data via com_privacy.

Also the onPrivacyRemoveData event is not implemented. This function is responsible to cleanup data for a user who requests his account to be deleted. This is currently a potential issue as when the user account is deleted, the user his posts and topics (under his username) are NOT deleted and thus visible on the forum.

I am currently working on integrating com_privacy into ochSubscriptions and can make time to do this also for Kunena.
This will need some discussion on what to report and how to handle delete / rename etc.
We should also discuss if this can be done via the system plugin or that we need a new privacy plugin (both is possible, although via the system plugin not all functionality is available so we need to copy some functions).

anyway,
let me know if this is something that would be good for Kunena

[xillibit]

It will good to add more capabilities for taking care of GDPR to more to comply with it, this kind of improvements should be done in K6.1 branch.

[Ruud68]

goodmorning.
I think it is best to create a new plugin for this: a privacy plugin (plg_privacy_kunena). That is 'independent' of Kunena version (other then that it reads tables and needs to be installed on J4 (so K6.x).

I will develop this (as I also need it on my own site currently). We can then make it part of any Kunena 6 version, only thing to do then is to move the capabilities part that is currently part of the system plugin into this privacy plugin.

Will try to get this done over the coming holidays #hohoho

[xillibit]

ok it's to re-use code that to have duplicate code at differents places

This is currently a potential issue as when the user account is deleted, the user his posts and topics (under his username) are NOT deleted and thus visible on the forum.

Removing posts in same time that the user in existings topics will make topics not understandable and useless

[Ruud68]

Removing posts in same time that the user in existings topics will make topics not understandable and useless

agree, we need to investigate how to do this GDPR compliant. When a user wants to be removed (the right to be forgotten), then I think also his posts need to be removed, or at least emptied out with a replacement text or something.

Do you know somebody who can give advise in this use case?

[Ruud68]

So found this summarized info that is relevant: https://law.stackexchange.com/a/32370
In short; deletion of forum posts is not required. Deletion of the account / profile is.
The account deletion (anonymized by joomla user privacy plugin) is already done
next the rename usernames in message / topics should be executed (to remove the users name from messages / topics and replace that with the anonymized username.
next the account (Kunena part) can be removed (deleted) or anonymized (like Joomla does)

Only thing is that this works via plugins and we do not have control over the order the plugins are executed (the site owner does have this).
This can lead to the situation where kunena runs first and renames all names (which are the same because Joomla plugin hasn't renamed the names).

So maybe instead of doing this via the plugin, the plugin should give instructions on what to do next: 1. Kunena > tools > sync users > rename usernames in messages 2. delete user in Kunena

[xillibit]

There IP addresses to remove too in tables #__kunena_users and #__kunena_messages

[Ruud68]

Okay, so first version of privacy plugin is ready. It does the following:

• capabilities (copied from system plugin)
• report:
  • #__kunena_announcement
  • #__kunena_attachments
  • #__kunena_logs
  • #__kunena_messages > #__kunena_messages_text
  • #__kunena_polls_users > #__kunena_polls
  • #__kunena_private
  • #__kunena_rate
  • #__kunena_thankyou
  • #__kunena_topics
  • #__kunena_users
  • #__kunena_user_banned

per exported table we have two options to redact and remove data. So when evaluating the exports please also check if there is data exported that should be excluded or 'redacted' (redacted means that the value is replaced with a '*** REDACTED ***' string. You can use that e.g. for password hashes etc.)

Please note that this plugin is build with my own build tools so when finished we need to set the headers and other information correct before adopting it as part of the kunena package: for me this is the easiest to build and test :)
Note: the remove part is not part of this plugin (yet), need to first get some hands-on to be able to determine what is the best approach here.

Latest version can be downloaded here: https://nextcloud.onlinecommunityhub.nl/index.php/s/oyRC8B3FR22c4Cr

[Ruud68]

In the link above is a new version (time stamp on filename = plg_privacy_kunena-1.0.0.DEV-20230103-1654)

This version is now feature complete as it now will also handle remove / delete requests:

• Anonymizes user name in messages
• Removes IP in messages for deleted user
• Anonymizes user name in topics (first_post_guest_name and last_post_guest_name)
• Deletes user entry in users table
• Deletes category and topic subscriptions for the deleted user
• Deletes message / topic read statusses for deleted user
• Deletes entries in log (both where user is user_is or target_user)
• Deletes entries in rates for the user
• Deletes thankyou's (given and received) for the user
• Deletes entry in banned users table for this user

The plugin doesn't change polls / votes on polls (as that would have impact when poll has maximum nuber of votes)
The plugin doesn't change private (messages), I have no data so do not know what is stored and if it can be deleted
The plugin doesn't delete announcements made by this user

Looking forward to tests: does it work
and feedback: removing to much / to little

[xillibit]

Thnaks, do-you make a PR or i can make a PR ?

For private messages don't take care for now, in Kunena there is the logic but the UI part hasn't be done or not working totally

[Ruud68]

I can do an initial pr. Do you want it on the addons or on the kunena repo itself? If kunena which branch?

[xillibit]

Make in in Kunena repo and against K6.1 branch

[Ruud68]

okay, PR is done, please note that it is untested as I do not have 6.1 test / dev environment.