I think Etherpad Lite is not GDPR compliant

[devnull4242]

I think Etherpad Lite is not GDPR compliant because of:

Individuals have an absolute right to have their data deleted (right to be forgotten)

Please add the possibility to delete all old entries of an etherpad. Thanks.

[SamTV12345]

You can delete Etherpads via the admin panel for this. There is also the possibility to move a pad to one revision. Is there anything else we could do to improve the GDPR compliance?

[devnull4242]

I think the user must have the possibilty itself. I think that is not possible.

I also don't know why such a basic function is not simply built in. When I have finished working on my Etherpad with a few people, the result and the way there is nobody's business. And if I really need it, I can also export it. And if I don't want to delete it, I don't need to delete it.

[SamTV12345]

I think the user must have the possibilty itself. I think that is not possible.

I also don't know why such a basic function is not simply built in. When I have finished working on my Etherpad with a few people, the result and the way there is nobody's business. And if I really need it, I can also export it. And if I don't want to delete it, I don't need to delete it.

So you'd like to delete the Etherpad yourself. Who should be able to do that? The one that created the pad? If we allow anybody you could have trolls on the public instances that just delete all pads over and over again.

[matthias-mader]

For GDPR-compliance it's not necessary that the user is allowed to delete their own data. Art. 17 provides you the right to demand the deletion of your (personal) data, but doesn't require that you're able to do it yourself.

[SamTV12345]

For GDPR-compliance it's not necessary that the user is allowed to delete their own data. Art. 17 provides you the right to demand the deletion of your (personal) data, but doesn't require that you're able to do it yourself.

So as long as the user hands the pads he worked on to the pad admin they can be safely deleted.

[devnull4242]

So you'd like to delete the Etherpad yourself. Who should be able to do that? The one that created the pad? If we allow anybody you could have trolls on the public instances that just delete all pads over and over again.

I don't think anyone can guess Etherpad names unless you take "test" or "12345".

Conversely, I once created an Etherpad https://etherpad.wikimedia.org/p/6701. Of course, only those who know it write there. However, I think it is completely unrealistic to contact. For Wikimedia you can use https://phabricator.wikimedia.org/maniphest/task/edit/form/75/ but you must register with e-mail first. But what about other etherpads? It is also the case that you usually edit in a group and when you are finished, the content is really nobody's business anymore. Also not for trolls. ;-)

At https://yopad.eu "The authorisation must be clearly proven and justified by the user, for example in the case of violations of human dignity or personal rights." That's not correct. According to the GDPR, everyone has the right to be forgotten.

Individuals have an absolute right to have their data deleted (right to be forgotten)

In the end, of course, the question is how to interpret GDPR and perhaps it will also be fulfilled in theory ... theoretically.

I don't understand why this function can't or won't be built in. Only someone who has access to the pad and can edit it will delete the pad including the history.

I will probably continue to use "Nextcloud Text". Both self-hosted and on a managed Nextcloud. There, the user can delete their data themselves. However, I find Etherpad e.g. Etherpad Lite far better in terms of function.