Feature Scope of flarum/gdpr

davetodave178

The GDPR extension offering data exports and erasure requests is a great addition to the ecosystem. I'm now wondering what the feature scope of this extension should be going forward. Community managers might install this extension and get the false sense of security that their Forum is now GDPR-compliant, which is not the case.

What I'm specifically eluding here is that with flarum/markdown or flarum/bbcode it's possible for users to embed images from external sources, which leaks the IP address of all users viewing those posts and therefore is technically not fully GDPR-compliant.

My question here is; what is the scope/roadmap of flarum/gdpr? Are changes which continue to make Flarum more GDPR-compliant generally something welcome in flarum/gdpr, or should third parties continue to make adjustments to that effect on their own to fulfill requirements?

GreXXL

davetodave178 I think the extension name might not be ideal for what the current extension is capable of doing. But an important part of deleting users is already part of it. I think the idea of the extension is to build it up following 2.X to encorperate all aspects necessarry - so I think every contributions to it are welcome.

For the scope there are even more things to consider like managing cookies and cookie notices (like with fof/cookie banner) could also be scope of the extension at a future point.