Visibility of the usernames in content status info should be configurable (for privacy reasons)

For privacy reasons, users should be able to configure the plugin to hide usernames in Content Status Indicator and Content Status Browser.

Have more questions? Submit a request

31 Comments

  • 0
    Avatar
    Enrico Skottnik

    This would be a really nice feature for this plugin.

  • 7
    Avatar
    Florian Scheer

    In Germany we have strict data protection guidelines.
    Please develop a feature to disable the user and the timestamp for "last viewed". Especially for non system administrators.
    Currently every user can see the the name of the last viewer. That could be a reason for deactivation the addon after a inhouse vertification.

  • 0
    Avatar
    Katharina Alt

    I have to agree with Florian Scheer that is is an issue for German customers. We have strict policies and works council wouldn't accept using the add-on with this functionality. 

  • 0
    Avatar
    Michael Paulus

    Right. The issue is addressed by employment law and company agreements. Would be sad when we are required to discontinue the use of this plugin just because of an unexpected side effect of the core functionality. And this request doesn't touch this core.

  • 0
    Avatar
    Karl Pflästerer

    If you have pages with sensitive content you don't want everyone to be able to see who last viewed these pages.  Other arguments were already written

  • 5
    Avatar
    Aron Gombas

    Just FYI I moved this user story to next sprint, so this should be available in the next app version. (There is no public release date, though.)

  • 0
    Avatar
    Katharina Alt

    @aron, thats great to hear!

  • 0
    Avatar
    Ganna Kucher

    We have the same issue at our firm: because of that we had to switch off the Content Status Indicator Module, but it still would be great to reatin the Status indicator without showing the last viewer of the page.

  • 0
    Avatar
    Niko Henschen

    Dear Aron Gombas,

    It's September 2018, any news on this feature? Is it ncluded in the meantime?
    This feature is vital for us, otherwise we can´t buy/start with your tool

    Looking forward to your response!

    Regards

     Niko

     

  • 0
    Avatar
    Michael Paulus

    Good thought to ask, Niko. I second this request. it's still relevant for us too. And as we start budgeting, for now it is OFF our list. i'd like to bring it back.

  • 0
    Avatar
    Paula Dasch

    We already use Archiving Plugin,

    but this would be an interesting feature for us, too.

     

  • 0
    Avatar
    Aron Gombas

    Dear everyone, thanks for pushing this!

    Last week I looked deeper into this and outlined the simplest approach to implement this. We're now working on the first prototype!

    I really hate making promises about moving parts, but if we are lucky, then it should be out in 1-2 weeks max. I will keep you posted here!

  • 0
    Avatar
    Niko Henschen

    Dear Aron,

    Thanks for your answer, I appreciate that!

    Pls. keep us informed, if there are news regarding release date.

    Regards

     Niko

  • 0
    Avatar
    Aron Gombas

    Hey Everyone,

    Need your quick opinion here.

    We have a working prototype which works like this (simplified!): if the corresponding option is turned on, then "N/A" or some other static text will be displayed instead of the actual username of the last viewer and/or last updater. But, the view and update tracking itself will work like before and will store the usernames in the database. In other words, it is a display-only feature.

    Question is: is this approach compatible with the legal regulation you mentioned?

    1. Is this sufficient not to display the actual usernames?

    2. Or, it is required not even store those?

  • 0
    Avatar
    Michael Paulus

    Dear Aron,
    In my mind this is sufficient. As with web/ip tracking much more is possible (but illegal) the main concern was the pure visibility of this for everybody without any restrictions.
    Unfortunately it is after working hours here in Germany I can‘t ask my lawyer before Monday. Then I get the safe answer.
    Thank you for this update!
    Michael

  • 1
    Avatar
    Ralf Paprotny

    Dear Aron,

    this solution could be accepted by users, it is a good first step. But the problem in the whole European Union (not only Germany) is the fulfillment of the EU GDPR (General Data Protection Regulation) since May 2018.

    The question is: What is the purpose of storing the viewer's usernames? Is it necessary for any function?

    The EU GDPR says in Chapter II, Article 5, 1.(b) and (c):

    - Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; [...]

    - Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);

    So, if there is a specified purpose for storing the names and the users know about it, it is okay and the solution is fine. If not, the principle of data minimisation is violated.

  • 1
    Avatar
    Michael Paulus

    Great summary Ralf.

    My legal Department gave me two answers:
    1. It would be ideal if these data were not stored when there is no clear purpose - just as you explain, Ralf. Is there a purposeful reason to achieve the archiving functionality, then it is fine.

    2. If the effort (to modify the plugin so it does not store the data) is too big (f.ex. doulble the plugin price) then it would be sufficient to anonymize the display (principle of proportionality) - but then it is required that the stored data cannot be extracted by admins to create user-specific reportings. How easy is it to get the Data? Is this visible to every admin or is it deep down in a database and just programmers can see them? 

    Hope this helps, Michael

     

  • 0
    Avatar
    Aron Gombas

    Thanks for your feedback on this.

    So, the data is stored in the database, therefore it is visible only for those who can access the database and run SQL queries. In other words, it is not visible even for your Confluence admins.

    The purpose of storing this data as the "page view tracking" feature is designed to be symmetrical with the "page update tracking" feature. With page updates, it is critical to understand who updated the content. You can argue if this is critical to know the same with page views, but keeping consistent behavior between two "identical twin" features is important for many.

    All in all, we will first implement this with "hide the info from the UI" approach.

    UPDATE: in the meanwhile, we have a working prototype! I am looking into this now, and will share with you soon (hopefully).

  • 0
    Avatar
    Aron Gombas

    Another update: although the prototype is promising, this change has a wider effect on the app that I initially anticipated.

    We need to work a little more on this, thanks for the patience!

  • 0
    Avatar
    Aron Gombas

    Hello, here are some preview screenshots. As you see, we implemented "anonymization" on 4 screens. Right now we are implementing this for notification emails.

    Can you confirm these cover all contexts in which you wanted to hide usernames?

    (Note that "last viewer" and "last updater" can be shown / hidden separately, using two separate switches.)

    Context 1: Content Status Indicator


    Context 2: Content Status Browser


    Context 3: Expired Pages list

    Context 4: Not-viewed Pages list

    Context 4,5,...: Notification emails

    (No screenshot for now.)

  • 0
    Avatar
    Aron Gombas

    Hint: Zendesk is pretty lame with high-resolution images, it seems. If you wanted to see the screenshot in full size, just right-click on them and select "open image in a new tab".

  • 0
    Avatar
    Florian Scheer

    I Like it.
    That would meet our requirements.
    Two Independent switches are very good, because I think "last updater" is not necessary critical.

  • 0
    Avatar
    Niko Henschen

    Dear Aron,

    "(Note that "last viewer" and "last updater" can be shown / hidden separately, using two separate switches.)"

    Perfect, this is what we need!

    Thanks and looking forward to see the results!

    Regards
     NIko

     

  • 0
    Avatar
    Michael Paulus

    cool. want it! Or as we say here habbewill:-)

    Edited by Michael Paulus
  • 0
    Avatar
    Aron Gombas

    Quick heads-up: we're currently running functional and stress tests with 1M anonymized pages. So far, so good.

  • 0
    Avatar
    Aron Gombas

    I have great news to share!

    The fully functional, tested preview of the next Archiving Plugin version can be downloaded here. It comes with the two switches that hide the usernames of the last viewer and last updater persons. The preliminary documentation of this feature is here.

    Like I wrote before it was thoroughly tested and works perfectly.

    We want to include some more changes in this version, so the official release will come a little later. But I thought you may want to use this feature before the official release, so thought this "early access" would create.

    Happy anonymizing!

  • 0
    Avatar
    Katharina Alt

    Perfect, thank you!

  • 0
    Avatar
    Michael Paulus

    deep bow of appreciation, Aron:-)

     

  • 0
    Avatar
    Aron Gombas

    Glad to hear you found it useful, guys.

    If you wanted to express your appreciation, may I ask you to write a short review on the app's page?

    That'd be a tremendous help.

  • 0
    Avatar
    Niko Henschen

    Dear Aron,

    Thanks a lot for your effort.

    Is this version ready for productive use, or should we wait for the final release?

    Thanks again and great job!

     Niko

Please sign in to leave a comment.