[MDL-62830] User deletion not GDPR compliant : personal data not deleted (lastip) - Moodle Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Not a bug
Affects Version/s: 3.2.9, 3.3.6, 3.4.3, 3.5
Fix Version/s: None
Component/s: Privacy
Labels:
- partner-enovation
- triaged

Affected Branches:
MOODLE_32_STABLE, MOODLE_33_STABLE, MOODLE_34_STABLE, MOODLE_35_STABLE
Pull from Repository:
https://github.com/dmanolescu/moodle/
Pull Master Branch:
~~MDL-62830~~_master

Description

When deleting a user from user interface (probably for web-service also) not all the personal data is deleted or scrambled. (example lastip, phone, address ...). This is not GDPR compliant.

Steps to reproduce:

1) create a user with personal data like phone, address, url

2) login as that user - lastip will be stored

3) delete the user

4) email and username are scrambled, but the other personal data is still there.

Regards

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Dorel Manolescu

Participants:: Adrian Greeve, CiBoT, Dorel Manolescu

Component watchers:: Andrew Nicols, Dongsheng Cai, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze

Votes:: 1 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 29/Jun/18 10:04 AM

Updated:: 01/Jul/18 5:48 PM

Resolved:: 01/Jul/18 5:48 PM