GDPR: Anonymizing users
You can anonymize users in Jira to hide or delete any data that can identify them as a real person. Anonymization helps you stay compliant with General Data Protection Regulation (GDPR) and the “right to be forgotten”, and is most often needed when somebody is leaving your organization and requests to have their personal data erased.
When anonymizing users, we’ll change or erase their personal data in all of these applications: Jira Core, Jira Software, Jira Service Desk, and Portfolio for Jira.
What does the anonymization involve?
Every user in Jira is associated with some items — they might have an issue assigned, be referenced in permission schemes, or mentioned in comments by their teammates. There are many occurrences of user’s data that will be anonymized, and some that will be completely erased. We’ll list all of them below, as well as directly in Jira when you start anonymizing a user.
However, to quickly and fully grasp what the anonymized user will look like, it’s best to focus on just these two things:
Username: Changed into an anonymous, unrecognizable alias, like jirauser80900.
User profile: Completely anonymized, looks like a brand new user profile. One of the important things here is full name, which is often displayed around Jira. It will also get an anonymous alias — for example, user-ca31a.
Let’s have a closer look at the effect of anonymizing these two on some before and after examples. Here, our user Friendly Robot (username: friendlyrobot) has been anonymized and is now user-ca31a (username: jirauser80900)
As you can see, anonymizing just the username and user profile essentially makes the user anonymous, as it’s mostly them that get referenced in issue fields and on project pages.
This should give you a general understanding of what the anonymization looks like. Let’s get into actions and details.
Anonymizing a user
You need to be a Jira administrator to complete all of these tasks.
You can anonymize users in two ways — the choice here depends on whether the user is still active, or has been deleted.
Go to Administration > User management > Users.
Find the user you want to anonymize, and select … > Anonymize user.
Go to Administration > User management > Anonymization.
Enter the username, and select Anonymize.
Whichever option you choose, you will be redirected to a separate Anonymize user page that shows details about the chosen user, and lists all associated items that will be transferred, anonymized, or deleted. Your user won’t be anonymized yet, so feel free to try it.
Understanding the scope of anonymization
When you select a user to anonymize, you’ll be redirected to a page with details that looks like this:
Identify changes: You can click this button to search Jira for any items associated with a user and have them displayed here. This is optional, we will anonymize all of these items even if you don’t view them. You can see the complete list of items below.
Transferring ownership: Some items owned by a user, like Project Lead or Component Lead, might break things if left without the owner. You’ll need to select a new owner here, and we’ll transfer the items for you. If you don’t see this section, it means there’s nothing to transfer.
What’s about to change
If you choose to display items associated with a user, they will typically be displayed in four sections — Transferred items, Anonymized items, Deleted items, and Actions required on your side.
If we haven’t found the user’s data in any of the sections, we won’t display it at all, so what you’re seeing in your Jira might slightly differ from these examples.
1. Transferred items
Some items won’t work properly with inactive users, so you’ll need to choose a new owner of these items. For example, an inactive Component Lead might break the Default assignee option. You can choose any user with proper permissions, but it’s probably best to transfer them to a project admin or somebody who has taken over the tasks of the anonymized user.
- Project Lead
- Component Lead
- Filters subscriptions
2. Anonymized items
Anonymized data includes items with any occurrences of the user’s name, username, or user key. As mentioned earlier, we’ll change these occurrences into an anonymous alias generated specifically for this user. The items themselves need to remain in Jira as they affect other areas or users — these are usually comments, work logs, workflows, and so on.
- User profile (anonymizing user data, such as email, name, display name, removing avatars, “remember me” tokens, user settings, and browsing history)
- Draft workflows
- User key entries in the database
- Work logs
- Audit log
- Board owners
- Board admins
- Card colors
- Notifications (recipients)
- Notifications (events)
- Jira invitation emails
- Atlassian Notifications messages
- Atlassian Troubleshooting and Support Tools app
- Jira activity stream
- Hipchat app
- Service Desk project language configuration
- Service Desk approval decision
- Service Desk notification subscription
- Service Desk customer organization membership
- Service Desk automation rules (revisions)
- Service Desk automation rules (revision contexts)
- Service Desk automation (execution history)
- Service Desk automation (project context)
- Service Desk canned responses (history)
- Service Desk canned responses (linked templates)
- Service Desk emails (created)
- Service Desk emails (modified)
3. Deleted items
These items are specific to a user and don’t affect anybody else, so there’s no point in keeping them in Jira. These can be associations in various schemes (don’t worry, we won’t delete the schemes), personal filter subscriptions, or personal roles — the ones used only by this user. Once you anonymize the user, these will be gone forever.
- Personal project roles
- Personal filter subscriptions
- Occurrences in notification schemes
- Occurrences in permission schemes
- Permissions in shared filters and dashboards
- Atlassian Notifications user properties
4. Actions required on your side
Finally, there are items which we can’t anonymize, and you’ll need to change them manually. This section can include JQL queries from Jira Service Desk.
Personal data might still appear in the issue history, which shows all past activity on an issue.
Personal data that appears in JQL queries won’t be anonymized. Queries that are specific to Jira Service Desk will be shown on the Actions required on your side list, so it should be easy to edit them, but all the remaining ones won’t be included.
Because of these limitations, some personal data will not be anonymized. You can already anonymize your users, and then complete anonymizing the missing data once we release the fixes. To complete anonymizing these items later, you’ll need to retry the anonymization, which will anonymize only items that haven’t been anonymized before.
3rd party apps
Personal data stored in 3rd party apps won't be anonymized by default. However, we've created extension points that can be used by app vendors to be notified whenever a user is being anonymized in Jira, and anonymize the related items. To check if an app supports the anonymization, contact the vendor directly or check their documentation.
The anonymization of a user might fail and this brings additional complications. Since the process is irreversible, you can’t just go back and do it all again — even in the case of failure, the user will be partially anonymized. If you encountered this problem, we can help you identify errors and logs, find the partially anonymized user, and retry their anonymization.
For more info, see Retrying anonymization.
For app developers
If you’re an app developer, we have created extension points that will inform your app when an admin anonymizes a user in their Jira instance. This allows you to take proper actions and anonymize any data about this user that you store in the app.
For more info, see Developer docs: Anonymizing users.