this post was submitted on 12 Aug 2024
1019 points (99.5% liked)

Programmer Humor

19503 readers
339 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 2 months ago* (last edited 2 months ago) (1 children)

This field needs to be checked everywhere the account is used.

Usually something like this would be enforced once in a centralized location (in the data layer / domain model), rather than at every call site.

for the automatic removal after x amount of days

This gets tricky because in many jurisdictions, you need to ensure that you don't just delete the user, but also any data associated with the user (data they created, data collected about them, data provided by third-parties, etc). The fan-out logic can get pretty complex :)

[–] [email protected] 2 points 2 months ago

Usually something like this would be enforced once in a centralized location (in the data layer / domain model), rather than at every call site.

True. Although not every endpoint is the same, nor is every website or service.

This gets tricky because in many jurisdictions, you need to ensure that you don’t just delete the user, but also any data associated with the user

GDPR specifically mentions user identifiable data. I don't know about others.