On 13.04.2018 13:07, Daniel Stone wrote:
The biggest stumbling block for us is probably Bugzilla and Mailman. Deleting messages and profiles from those just isn't practical for us, especially at any kind of scale. We could write a script to censor those, but once it has been posted to either, then it's all over the public internet anyway.
In many countries it has already been the case that if someone requests personal data to be deleted, you have to make that happen. This does not mean you have to delete the data from all the _other_ places it already went out to, so the only thing we're talking about in the Mailman case is the archives: Posts themselves and potentially quotes, yes, as long as it is personal identifiable data. My understanding there is that it would be enough in most cases to remove the sender information, and the quoted name above quotes, not the quoted statements themselves.
In almost all larger project that I've been involved in, we had such cases already: People mistakenly posting sensitive information to a list, or asking for removal later because they didn't understand their mail would be publicly archived. Few, yes, but still. Which meant exactly what you mentioned: the manual hacky way of censoring the archived post.
I don't see how the GDPR changes that. You cannot argue your way out of it, the obligation exists that you do need to remove such personal content on request, but: How often will it happen, really? There is no obligation to fully and cleanly automate it.
-- moritz