Add guidance on blocked accounts for deletion requests (!120946) · Merge requests · GitLab.com / www-gitlab-com

Cynthia "Arty" Ng requested to merge arty-blocked-requests into master Mar 06, 2023

It came up in Slack that we don't have any guidance on what to do if the GitLab user account is blocked when working on deletion requests.

Summary: Assignee should submit a Trust and Safety issue as per our usual workflow. If unblocked, we proceed. If not, we deny the request.

Most important bits:

Eugene McCrann

on the privacy side the right to accept/reject a deletion request is based on our lawful basis, which is variable in a banned account situation. If the account is banned for a legitimate reason, then suddenly the user's right to deletion is gone because our basis for holding information is to keep the ban in place for legal obligation/protection against fraud/abuse, performance of our terms, etc.

If it's a false positive or the ban is for something very nominal, then I think our lawful basis disappears and we need to delete provided we can validate the user [as usual]

Wording for rejection is also copied from Slack discussion.

Edited Mar 06, 2023 by Cynthia "Arty" Ng

Add guidance on blocked accounts for deletion requests

Merge request reports