[IMAGE] The EU flag with a padlock inside the circle of yellow stars

We’re currently working on a series of Talk features to get newsrooms ready for when the European Union’s General Data Protection Regulation law, known as GDPR, comes into enforcement on May 25th.

We believe that the principles of the law are also good data practices for anyone, in keeping with some of the principles of the Mozilla manifesto – so we’ll be introducing these features as default plugins for all publishers running the latest version of Talk. (For publishers who handle their GDPR compliance in a different way, or manage their user accounts outside of Talk, you can disable them through the plugin management system and implement your own version of these features through our GraphQL API.)

Unlike most other comment platforms, Talk doesn’t grant us any access to the personal data of your community, and we develop our tools to request less data. (We wrote about principled data collection back in 2016.)

However, we want to make compliance easy for everyone using our software, and to do it in a way that minimizes any abuse of the features by harmful actors.

Note: the fact that we are adding these features does not automatically mean that your organization complies with GDPR. You should discuss with your lawyers what GDPR could mean for your organization’s data collection and use.

Accessing & Moving Data
Community members will be able to change their username, with a time limit between changes to prevent abuse. Where applicable, they can also change the email address associated with their account.

Community members will be able to download their data in a zip format via a link sent to the email address associated with their account. This zip will contain all of their comments in a comma-separated values (CSV) format. There will be a restriction on the frequency of this request, to prevent overloading your Talk database.

Deleting Accounts
Community members will be able to submit their account for deletion. Account deletion will result in all user data, including past comments and reactions, being removed from the site and the database. This will be confirmed via email, and will contain an inbuilt delay, in order to allow community members to change their minds – because once the information has been deleted, it cannot be restored.

We’ll have all of these features implemented in the latest version of Talk well in advance of GDPR coming into effect on May 25th.

We care deeply about user privacy and transparency, and are excited to add these features to Talk. If you have any suggestions or feedback related to these or any other features, do please share them below or get in touch.