New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implementation of the privacy API doesn't provide ways to users to access their data or to be forgotten #25

Open

owngr opened this issue Nov 15, 2022 · 0 comments

owngr commented Nov 15, 2022 •

edited

Loading

Hi,
I'm doing a security analysis of your plugin for a customer in Europe that wants to install your plugin.

When I look at the requirements from the privacy API I see that each users as the right to:

request information on the types of personal data held, the instances of that data, and the deletion policy for each;
access all of their data; and
be forgotten.

When I look at your implementation of the privacy API I see that the functions to access their data or to be forgotten hasn't be implemented.

https://github.com/open-lms-open-source/moodle-mod_collaborate/blob/d35287cf11555f94ff55fa0a4772a56347893742/classes/privacy/provider.php#L62-79

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment