Feedback For this page: Andrea’s comments on “right to delete history” write-up. This was a detailed standard that just says “follow GDPR” when no one knows what that means.
1 – Rather than lead with ” just follow one thing in GDPR” – need to lead w/ the underlying theme of rights that GDPR is giving that we want.
2 – Right to delete is one of a thousand things GDPR requires.
3 – We should have a focus on “no knowledge about us without us” if a platform is generating knowledge.
4 – Further, right to delete is problematic for our community if we need the history as a shared way of making decisions. Delete what when and how?
Original Draft:
The GDPR is a new privacy regulation that applies to EU citizens.
While the GDPR is not perfect, the specifically defined, limited and parameterized “right to be forgotten” in GDPR is so much better than any other standard that we are aware of that we assert that the GDPR right to be forgotten should apply to any patient forum software.
A caveat that specifically applies to patient forum software is that when a user invokes their right to be forgotten, their individual posts will be deleted but the threads in which they participate will not. Instead, their name will be replaced with ‘Deleted User’ or the equivalent but the content they contributed to the thread will remain. For example, suppose patient John Doe and patient Jane Smith have a conversation involving dozens of back and forth comments. John Doe later requests that his information be deleted. John Doe’s contributions to the conversation will remain but his name will no longer be associated with them.
In addition, an effort will be made to replace John’s name in the free text conversation. Thus, any time Jane Smith replied to John Doe using his name, e.g., “That is a good point, John”, the system ideally should remove the word “John” and replace it with “Deleted User” or equivalent. We understand that this is currently a technically difficult problem and we expect a best-effort approach to it until technology improves.