GDPR Compliance
In order to facilitate compliance with the EU General Data Protection Regulation (GDPR), you can enable the following plugins:
- talk-plugin-auth - to facilitate username and password changes
- talk-plugin-local-auth - to facilitate email changes and email association
- talk-plugin-profile-data - to facilitate account download and deletion
Even if GDPR will not apply to you, it is recommended to enable these features as a best practice to provide your users with control over their own data.
GDPR Feature Overview
Integrating our GDPR tools will give your users and organizations the following benefits:
- Download my comment data: Users can request a download of their comments. An email with a link is emailed to them to download a CSV with each comment they’ve made, what story it was made on, and the comment’s ID and timestamp.
- Delete my account: Users can request deletion of their account. Deleted account requests are pending for 24 hours to allow the user to download their comments, or to change their mind and reactivate their account before the expiry. Account deletions remove all of their comments from the site, all their comments and actions from the database, and their account info from our system.
- Add an email to an Oauth/external account: Users are prompted to add an email to their non-Talk account (Facebook, Google, external, etc) so that they can take part in GDPR and other features requiring email communication.
- Change my username: Users can update their username. This is capped at once every 2 weeks.
- Change my email: Users can change their email.
- Change my password: Users can change their password.
Custom Authentication Solutions
As many of the newsrooms who have integrated Talk have followed our guides on Integrating Authentication, we have also provided tools for those newsrooms to integrate GDPR features into their existing workflows.
Account Data
Through the talk-plugin-profile-data plugin we allow users to download and delete their account data easily. For custom integrations, this isn’t always possible, so we instead provide some GraphQL mutations designed to allow you to integrate it into your existing user interfaces or exports.
downloadUser(id: ID!)
- lets you grab the direct link to download a users account in a zip format. From there, you can integrate it into your existing data export or simply proxy it to the user to allow them to download it elsewhere in your UI.delUser(id: ID!)
- lets you delete the specified user
Note: These mutations require an administrative token
If you would prefer to write your own user interfaces or integrate it into your own, you can disable the client plugin for talk-plugin-profile-data but keep the server side plugin active (See Server and Client Plugins for more information).