Description
Your use case
GDPR lists the right to deletion / erasure. We are not adequately allowing for users and customers to enact this right.
There are many places where 'deletion' of user content could be done better. Including federation of redactions.
The Admin API on account deletions https://matrix-org.github.io/synapse/develop/admin_api/user_admin_api.html#deactivate-account
The following actions are NOT performed. The list may be incomplete.
Remove mappings of SSO IDs
Delete media uploaded by user (included avatar images)
Delete sent and received messages
Remove the user's creation (registration) timestamp
Remove rate limit overrides
Remove from monthly active users
Remove user's consent information (consent version and timestamp)`
Steps towards GDPR compliance
For Individual on Matrix: Self serve erasure Tooling
- Account deletion
- message deletion/redaction (without account deletion)
- Rageshake/ issue submission deletion.
- Media deletion
- Containment for Law enforcement Requirements
Customers Tooling
- admin able to enforce deletion (controller responsibilities) URGENT
- Customers need this to enact their rights as controllers.
- Delete Identifiable data. If name is used in mxID, can that be redacted?
Education Documentation
- ensure users understand how erasure works in Matrix and technical limits.
Additional context
Currently you can deactivate an account. Deactivating an account does not free up the username, and does not delete user messages, but we do delete all other local user data : Deactivating “(…) removes active access tokens, resets the password, and deletes third-party IDs (to prevent the user requesting a password reset).
It can also mark the user as GDPR-erased. This means messages sent by the user will still be visible by anyone that was in the room when these messages were sent, but hidden from users joining the room afterwards.” (see Admin API documentation)
Are you willing to provide a PR?
No