|Problems? Is your data what you think it is?|
Proposed EU law: right to be forgottenby davies (Vicar)
|on Mar 17, 2011 at 17:47 UTC||Need Help??|
This isn't law, at least, yet, and there are usually several years between something becoming EU law and individual nations having to make it national law. IANAL, but I can see plenty of scope for PM to be harassed by the disgruntled or malicious, especially since at least one of the gods claims to live in the EU. I therefore offer a few ideas on how to minimise the risks. This should be read bearing in mind that no-one currently knows what the law will be in its final form and that I have no idea of the issues caused by the code that runs the site. Please read everything that follows as if I had started with "I suggest".
Registered monks can be forgotten by request to the gods. The process will involve the locking of the account, the change of ownership of all nodes written by the monk to "Anonymous Monk", the deletion of any links to the monk's home page and the deletion of the monk's name from all posts by that monk.
Anonymous monks who have posted personally identifiable information will have to show that there is a reasonable degree of linkage between the post and the individual to get the post edited. John Davies has no chance (it's such a common name) unless he can quote the IP address and PM keeps a record (see above). PM gods will have to take into account any other personally identifiable information in such a post. This seems to me to involve a lot of work, but should be rare enough.
It's now the Information Commissioner's Office, but when it was the Data Protection Registrar, I found the staff there very helpful. I hereby volunteer, if so instructed by the gods, to contact them and report back on their advice.
Not all mentions of MonkNames are linkified in other monks' nodes. This means there is a hole for personal information to slip through. I don't know how difficult it would be to automate a process to check that MonkNames are linkified. If it must be done manually, I hereby volunteer to check all my own nodes, consider any other nodes I find and, should the gods see fit to grant me the power, do such janitorial work as is needed.
I think what I am proposing is overkill. I certainly hope it is. But we have had instances of monks leaving in hissy fits and it seems to me that the proposed new legislation could give such people the power to cause considerable problems. Were I a god, I would sleep better if the issues had been considered in good time and mechanisms put in place to minimise disruption.
Update 2012-06-08: This suggests that the current draft might not apply to PerlMonks, in that it refers to companies offering a service. TTBOMK PM is not a company and since it's not a business either, we might be exempt. Let's hope so. The article also mentions the likely cost to businesses of compliance (which might cause delay or cancellation) and the problems of "unprecedented co-operation", so there are grounds to hope that this will get nowhere near us.