TFL + GDPR Part II
Since my previous post I've taken a number of steps to clean up the site and reduce the amount of personal information stored here. Most notably, just by removing accounts that never activated or activated but never posted and haven't logged in in years, I was able to shrink the user database by over 75% (!). That is a change that you won't really notice, of course, because those accounts were by definition ones that hadn't made an impact, but it makes me feel much better about the amount of personal information I have stored here.
Other changes, changes you will (or may) notice:
- I've updated the privacy page to more accurately reflect the current state of affairs and technologies used here.
- I've granted all users the ability to delete their accounts.
- I've removed the ad display code from a number of screens where it seems inappropriate such as the user login, user register, user account edit, and content creation screens.
- I've configured Google Analytics, which is used to measure traffic here, to anonymize IP addresses and purge traffic information at the shortest interval allowed, 14 months.
I'm still figuring out how best to deal with accounts that have been idle for a long time that posted content of value to the community. I may try to contact them to get an explicit opt-in. Or I could remove their email addresses from the accounts, which I believe are the only personal information I have about them. Or I could close the accounts and associate their content with the "Anonymous baker" user. I'm not sure what makes the most sense yet, just that I want to respect people's privacy and honour current regulations regarding people's personal information while not losing the tremendous public resource we've built collectively over the years here.