Account removal
-
@sheikah okay, I thought there would be some questions to confirm ownership or alert that account would be deleted.
-
Ownership is confirmed by sending the request from the email that owns the account.
-
It's been more than a month since my request but I still can log in. Does this mean my e-mail somehow wasn't sent? I'm using GMail.
-
I never understood why so many websites allow people to create accounts so easily without any moderator to be involved but when it comes to deleting an account its nearly impossible.
-
It's not impossible. It just takes time(and if anything it's easy to have your account deleted.) as there aren't many people who can deal with it and we are busy doing other work behind the scenes as this is volunteer run community/app. Removing accounts is lower on priority list than making sure the server stays up(which been iffy for some time, hopefully the new server will alleviate the problem).
-
If the FAF servers are based in the EU, I imagine they have to comply with the GDPR. If this is the case, @FantaZtic's request is covered under 'the right to be forgotten' clauses. Might be a good reason to take this seriously, soon.
-
If the account creation process is automated than why cant the account deletion process also be automated?? I agree people should have the right to have their info deleted in a timely manner regardless of how minor it may seem to some.
-
automating the deletion process would cause huge problems because of the virtual inevitability of deletion happening when it shouldn't
-
@arma473 why are other websites able to achieve this but we cant? How would one person deleting thier account cause another persons account to be deleted? or whatever unintended deletion you speak of happen?
-
@dorset said in Account removal:
@arma473 why are other websites able to achieve this but we cant? How would one person deleting thier account cause another persons account to be deleted? or whatever unintended deletion you speak of happen?
I've done a little bit of computer programming, so I know that any time you attempt to implement anything, there's a pretty good chance there will be unwanted behavior, including false positives/false negatives
In this case, a false positive would mean the system decides that a certain account should be deleted, but the human FAF admins don't believe it should be deleted
It would probably be a big pain to un-delete accounts, especially if deleting the account means FAF actually purges itself of information about the account (if FAF is trying to recognize a right to be forgotten)
I can't even predict all of the different ways that the system could go wrong or could be exploited
-
accounts deletion request have to be manually removed from all the database tables by 1 of 3 sever admin which have been buzzy dealing with sever issues the the request is made it make take a bit but it will be deleted.
-
@dorset said in Account removal:
why are other websites able to achieve this but we cant?
I think you're confused with deleting an account and 'deleting' it. A lot of services have a flag that they can set to 'delete' an account. If that flag is set then all interactions with that account are denied. That allows you to easily automate it, but the actual deleting of the data happens at another time.
And occasionally your data is never really deleted, as I found out through https://haveibeenpwned.com/ .
-
I've worked at a major game developer, and the wrong account was deleted all the time.
-
Deleting an account does not work automatically as it is easy to build a connected systems with single sign on, but deleting users across all systems is not considered. It is possible to automate but we did not have the time yet. Of course a self-service would be the best.
In my personal opinion GDPR is a joke on this behalf. All we have is your email and one ip. It's a free service. And a lot of people waste my time by demanding to have the account to be deleted which brings them ABSOLUTELY NOTHING. It's their right, so we have to follow. But there is no strict time window in the law.
-
@brutus5000 said in Account removal:
But there is no strict time window in the law.
That's not correct, as far as I understand it.
You must respond to a request for erasure without undue delay and at the latest within one month, letting the individual know whether you have erased the data in question, or that you have refused their request.
Though,
You can extend the time to respond by a further two months if the request is complex or you have received a number of requests from the individual. You must let the individual know within one month of receiving their request and explain why the extension is necessary.
-
UK law is not relevant here. Danish law is. Company interpretation is also irrelevant (which any kind of blog or website on the web is), actual court decision specify the law.
In contrast to Anglo-Saxon law, jurisdiction in most EU countries is based on individual cases. There are no precedents that are used. In the case of FAForever and its peculiarities, a ruling can therefore be completely different than in the context of a for-profit company.
-
@brutus5000 The article in question discusses the GDPR, which is an EU-wide privacy law. This website (specifically from the EU) has a copy of the complete law and discusses some of its articles.
In any case, I am not a lawyer, and you guys probably know what you're all doing. o/
-
@IndexLibrorum Uk use DPA not GDPR since we left the EU
-
@indexlibrorum said in Account removal:
@brutus5000 The article in question discusses the GDPR, which is an EU-wide privacy law. This website (specifically from the EU) has a copy of the complete law and discusses some of its articles.
In any case, I am not a lawyer, and you guys probably know what you're all doing. o/
Dude that website is not from the EU but from some consulting firm.
Also EU law always needs to be transfered into national law. And I mention this particularly, because some countries can decide go stricter than EU law, but never more relaxed.