Crowd: Right to erasure
Introduction
Under Article 17 of the GDPR, individuals have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances. Whether or not you are required to honor an individual's request to have personal data deleted will vary on a case-by-case basis, and is determination you should always make with the assistance of legal counsel. Once you have determined you have an obligation to delete personal data, we have provided the following instructions on how to do so within certain Atlassian products.
Personal data stored within the product can be divided into one of two areas: 1) account-level personal data; and 2) free-form text. Account-level personal data are data fields that exist within the product for the sole purpose of identifying an individual throughout the product. Examples of account-level personal data include the user's display name, profile picture or avatar and email address. These data elements are generally visible from the user's profile and are used throughout the product to point back to the user's profile when the user is @mentioned or tagged on in certain spaces or content. Deleting account-level personal data elements will automatically remove those data elements throughout the product where the relevant account-level data elements appear and in the database (subject to some limitations discussed below).
If you have included personal data in free-form text, either typed into content spaces or as a custom field label, you will need to use the product's global search feature to surface this personal data and delete it on a case-by-case basis.
Description
Crowd stores and processes a user's personal data, as part of its primary function as a user management product. Personal data is stored in the external database, in the following places:
| Location | Data type |
|---|---|
| cwd_user table | username, first, last name, displayname, email address |
| cwd_application_alias table | username and application alias assigned to the user, if any |
| cwd_token table | username of users with active SSO sessions |
cwd_audit_log_changeset cwd_audit_log,entity cwd_audit_log_entry | username, first, last name, displayname, email address as a part of the Crowd audit log |
Version compatibility
All workarounds are compatible with Crowd 3.2 and later.
Workaround
To remove a specific user's personal data from Crowd, do the following:
- Remove the user alias on the user screen, by following the steps at Specifying a User's Aliases.
Note that aliases are currently not removed automatically when the user is removed. If you are going to remove the user in Crowd, you should remove the aliases first. - Expire the user's sessions in the Current Sessions screen (in the administration menu), by following the steps at Managing a User's Session.
- Delete the user's personal data in cwd_user by removing the user from the directory.
Depending on the directory type, and how the directory is configured in Crowd, the steps will differ.- For Internal directories you need to remove the user in Crowd's UI, by following the steps at Deleting or Deactivating a User.
- For Delegated authentication directories, you need to remove the user in both the LDAP directory and then in Crowd, by following the steps at Deleting or Deactivating a User.
- For Connector directories (both cached and uncached), and for Azure AD directories, you need to remove the user in the source LDAP or Azure directory.
- If the directory is configured as a cached directory, you need to perform a synchronization to remove the user from Crowd.
- For Remote Crowd directories, you'll need to first remove the user from the directory in the remote Crowd instance (follow the steps for one of the directory types above), and then perform a synchronization to remove the user from Crowd, by selecting Synchronize Now at the directory screen.
Limitations
The audit log holds the history of configuration and user personal data changes, for auditing and compliance purposes. Currently, there is no way to delete a specific user's personal data from the audit log.
Audit log entries are automatically removed after a specified time (by default 6 months). When old audit log entries are removed, related user personal data will no longer be stored in Crowd's audit log tables. If you determine that a user's personal data stored within audit logs is within the scope of personal data you need to erase, you could change the audit log's retention period so that it automatically removes the offending entries. Learn more about changing the audit log retention period for Crowd.
Additional notes
There may be limitations based on your product version.
Note, the above-related GDPR workaround has been optimized for the latest version of this product. If you are running on a legacy version of the product, the efficacy of the workaround may be limited. Please consider upgrading to the latest product version to optimize the workarounds available under this article.
Third-party add-ons may store personal data in their own database tables or on the filesystem.
The above article in support of your GDPR compliance efforts applies only to personal data stored within the Atlassian server and data center products. To the extent you have installed third-party add-ons within your server or data center environment, you will need to contact that third-party add-on provider to understand what personal data from your server or data center environment they may access, transfer or otherwise process and how they will support your GDPR compliance efforts.
If you are a server or data center customer, Atlassian does not access, store, or otherwise process the personal data you choose to store within the products. For information about personal data Atlassian processes, see our Privacy Policy.