All we need is an easy explanation of the problem, so here it is.
I have a small social media site. Users can chat each other using my site.
Any user can delete his chat message, but they can’t clear the copy of receiver.
Because of GDPR, should I allow them to delete copy of receiver too?
(Even Facebook don’t have this feature)
How to solve :
I know you bored from this bug, So we are here to help you! Take a deep breath and look at the explanation of your problem. We have many solutions to this problem, But we recommend you to use the first method because it is tested & true method that will 100% work for you.
What is the issue here
GDPR allows you control of your data, but it is not strongly defined who owns chat messages. This will probably be solved once there have been court cases on the matter, which is likely to be soon, as many large tech companies have been sued.
You own all copies of messages you have sent
This has the issue that senders could send abusive / threatening messages, and then delete all the evidence of having done this.
You own all copies of messages you have received
This means that you lose the ability to delete any photos you have sent, which means that any private messages you send cannot later be deleted, causing a risk of blackmail.
You own a single copy of each message you send and receive
This prevents the deletion of evidence, but has the limitation of above. This is a popular interpretation of the rules, but it is questionable if this complies with the GDPR.
As above, and can delete the other partie’s copies for a time window afterwards
This prevents the deletion of evidence after the window, but it does allow for deletion of messages sent by accident. This is the model used by Telegram.
Should I allow them to delete the receiver’s copy
This may also depend on what the purpose of your site is, an auction site may want all messages preserved for receivers, to make reporting fraud easier, a dating site may see this risk as lower than the risk of blackmail.
In the sales case, legal requirements may allow for not deleting messages, but this will not apply to all cases.
GDPR wise, it is still unclear which of the options, if any, are allowed, but hopefully this becomes clear soon.
What does the text say on the matter
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
the personal data have been unlawfully processed;
the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
for exercising the right of freedom of expression and information;
for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
for the establishment, exercise or defence of legal claims.
Interaction between the rights given by the GDPR
This seems to only allow for deletion of data, but the issues above are added to by the right to restrict processing, and the interaction between the right to restrict processing and the right to erasure has not been tested in court yet.
Note: Use and implement method 1 because this method fully tested our system.
Thank you 🙂