SID-02517: Registration without personal data (like e-mail adress)

Status:	Answered	TWiki version:	6.1.0	Perl version:
Category:	CategoryRegistration	Server OS:		Last update:	1 year ago

On registration, a new TWikiUser needs to register with his or hers e-mail adress. I'm using separate webs for different collaboration groups, and members of one group are not allowed to see personal data of another group, like the e-mail adress. In fact, this is forbidden in Europe by the General Data Protection Regulation. In SID-01688 is described that in raw view (?raw=on) the personal data of any TWikiUser in Main.Web or Main can be revealed.

Is there a way to prevent this? Does this need a new registration procedure? Or a new structure of Main.Web registration at all?

-- Emiel Van Riel - 2024-06-12

Discussion and Answer

In older TWiki releases the email was listed in the user profile page. This is no longer the case in newer releases. The email is stored internally, and only accessible to admins.

Example, your profile page on TWiki.org in raw view: https://twiki.org/cgi-bin/view/Main/EmielVanRiel?raw=on

-- Peter Thoeny - 2024-06-13

You can customize the registration page and user form to capture only the fields you want. The WikiName and email are required for registration, only the WikiName is visible by other users. See TWiki06x01.TWikiInstallationGuide#Tailor_New_User_Profile_Topic

-- Peter Thoeny - 2024-06-13

It is a good thing email adresses are not visible. But consider a small business with employees and customers. Or an organisation like AA. Customers are not allowed to see the (Wiki)names of other customers or employees. And maybe not all employees are allowed to see all customers names. I was thinking of the possibility to register with an anonymous TwikiUserNumber, 'hatched' to TwikiUsers in subwebs (of %USERWEB%?) (e.g. employees, customers), each subweb holding the personal data (WikiName, email, et cetera) of WikiUsers. But I cannot oversee the consequences of this idea.

-- Emiel Van Riel - 2024-06-21

In the case of anonymous users how about using randomized WikiNames at time of registration?

-- Peter Thoeny - 2024-06-23

Yes, that is one thing. That's comparabel with "an anonymous TwikiUserNumber ". But then there is still the issue of sensible personal data, like names or e-mailadresses.Just organizing these randomized WikiNames in Groups with AccessControl is not enough, in my opinion. If you store the data in the RandomizedWikiName topic, the persons name can be read by ?raw=on . When in my example this is an employee, customers could track down the name of the employee (which in some cases we don't want). And when customers don't have access to an EmployeeGroup, we cannot assign a question of a customer to an specific employee. So my idea was: register anonymous (randomized) WikiUsers in the Main Web (%USERSWEB%) and include a field where the WikiUserProfile can be found, for example in the Employee (sub)Web or the Customer (sub)Web.

-- Emiel Van Riel - 2024-06-24

If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.