Changes between Version 8 and Version 9 of RightToErasure


Ignore:
Timestamp:
Apr 9, 2018, 2:38:37 PM (6 years ago)
Author:
Kevin Reed
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • RightToErasure

    v8 v9  
    22The [https://en.wikipedia.org/wiki/General_Data_Protection_Regulation European GDPR law] provides for a "Right to Erasure".  An interpretation of this law is that it gives users the right to have all of their data stored in an electronic system deleted from that system if they request it.  This proposal exists as an attempt to satisfy that requirement of the GDPR law.
    33
    4 There will be a feature flag that must be enabled in order for this feature to be available on a project website.  The feature flag will control the display of the link to the /request_delete_account.php page and it will prevent the use of /request_delete_account.php unless the flag as been enabled.
     4There will be a feature flag that must be enabled in order for this feature to be available on a project website.  The feature flag will control the display of the link to the /delete_account_request.php page and it will prevent the use of /delete_account_request.php unless the flag as been enabled.
    55
    66== User Experience ==
    7 The BOINC website will provide a new page that allows a user to start the process of deleting their account.  The link to this page will be found on home.php under Your account -> Account information -> Change -> delete account.  The page will be <base_url>/request_delete_account.php.
     7The BOINC website will provide a new page that allows a user to start the process of deleting their account.  The link to this page will be found on home.php under Your account -> Account information -> Change -> delete account.  The page will be <base_url>/delete_account_request.php.
    88
    99If the user has changed their email address within the past 7 days they will be prevented from deleting their account until the 7 days has elapsed.  This is to prevent someone gaining access to an account, changing the email address and then deleting it without the notification going to the old email address.  See [https://boinc.berkeley.edu/trac/wiki/EmailChangeNotification Email Change Notification ] for more details about how we are safeguarding email address changes.
     
    2323
    2424{{{
    25 <base_url>/confirm_delete_account.php?userid=<userid>&token=<token>
     25<base_url>/delete_account_confirm.php?userid=<userid>&token=<token>
    2626}}}
    2727When they click on the link they will be taken to a page that asks them if they are sure that they want to delete their account.  They must re-enter their password and click the button that says "delete account" in order to have there account deleted.  The account will be immediately deleted at this point and the user will be redirected to the project's home page.
    2828
    29 If the user returns to the request_delete_account.php while they have an active token, the page will ask them to check their email for the email that was sent and then provide them with an option to generate a new email if they cannot find the first one.  This will again require the user to enter their password to generate the email.
     29If the user returns to the delete_account_request.php while they have an active token, the page will ask them to check their email for the email that was sent and then provide them with an option to generate a new email if they cannot find the first one.  This will again require the user to enter their password to generate the email.
    3030
    3131== Technical Implementation ==
     
    6767The token generated by random_string() and included in the email will be stored on the token table and will be set to expire after 24 hours.  The token type for this will be "D" for delete.
    6868
    69 If the user clicks on the link in the email and the token is invalid or expired, they will be presented with a page that states that the link was invalid and that they need to return to the request_delete_account.php and request a new link.
     69If the user clicks on the link in the email and the token is invalid or expired, they will be presented with a page that states that the link was invalid and that they need to return to the delete_account_request.php and request a new link.
    7070
    7171=== Data Exports ===
     
    135135This portion of db_dump would pull from host and then from host_deleted to create the files.
    136136
    137 === confirm_delete_account_action.php ===
    138 On the confirm_delete_account.php page, then token should be included as a hidden field. The confirm_delete_account_action.php page that receives the request should validate both the users password and the users token before processing. Only if both are valid should this occur.  If they are both valid, then the user account will be deleted based on the logic below.
     137=== delete_account_confirm_action.php ===
     138On the delete_account_confirm.php page, then token should be included as a hidden field. The delete_account_confirm_action.php page that receives the request should validate both the users password and the users token before processing. Only if both are valid should this occur.  If they are both valid, then the user account will be deleted based on the logic below.
    139139
    140140