My few cents, which contain some mutually alternative ideas (e.g. physical deletion vs anonymisation)…
I think it’s good that any deletion doesn’t get physically actioned for a month, however it can be flagged and for that month acts exactly as if deleted. This gives a month to undo it whilst not causing a problem to those who need that deletion. It solves the very real problem of someone deleting in a mood and then a few days later regretting it, and also solves a hypothetical problem of some angry person with physical access to a device revenge-deleting another person’s account and contributions.
As well as suitable popup guidance to the person when they initially embark upon deletion that could offer them other courses such as time-out or to persuade them otherwise, or something selective like journal posts, this month reprieve would give time to reach out to people who have contributed a lot to persuade them to leave their contribution (perhaps a final-delete-block flag could allow the month to extend). Part of the contract on joining iNat could be that major contributors who delete are reached out to to hear their issues and encourage them to leave their contributions intact or mostly intact.
I don’t personally see an issue with anonymising an account in the sense of replacing a person’s username by a random number, perhaps a field could store their gone username for reversal.
I would like to stress that in the real world if you post a letter then you can’t recall it, and if it’s delivered to the recipient then you can’t expect it back from them except by persuasion. Most things in the world operate this way as default, with discretion used for allowing removal. The idea of 100% owning what you’ve submitted is a somewhat new concept. Everything in life is give and take - iNaturalist is a free service that costs money and in using and submitting to it at no cost, since there has been an actual cost there has to be something that iNaturalist ‘receives’ in return for their money and effort, and I don’t see why that can’t be that submissions by default are retained anonymised per above, but the person can contact if they have some reason for genuine bulk removal that’s not been thought of before.
Scale quickly becomes an issue when contacting/reviewing account deletions (~13 staff members and millions of users). This means an automated approach with a clear policy that users can easily locate would be ideal.
Because observational data is in the form of images and audio files, these are protected by copyright laws. Perhaps an option to release observations to the public domain via a CC0 license could be presented during account deletion process.
Other things to consider are laws concerning privacy and data (i.e. GDPR, CCPA, PIPL, etc.), which may determine what information is allowed to be stored on the site after a user requests account deletion.
This point needs to be made more. Those who want IDs preserved when a user leaves the site need to understand that, legally, iNaturalist doesn’t have many options. The “right to be forgotten” provision in GDPR is taken very seriously in Europe. (No great surprise, some of those countries had secret police in living memory.) I doubt California is quite as zealous enforcing CCPA, but it doesn’t have to be. If iNaturalist wants to save IDs from deleted accounts it would have to anonymize them to the point where there is not only no chance of the original user’s identity being recovered, but also no chance of being sued by an irate ex-user. The only realistic choice would be a single “AnonymousUser” which would quickly have more IDs, and a greater variety of IDs, than anyone else. Since the quality of AnonymousUser’s IDs would be impossible to verify (since it’s an aggregate of any number of people of any range of abilities) they would be completely worthless. Cleaning up that can of worms is a job no one wants.
How often does account deletion occur? More importantly, how often does the deletion of a significant account (large number of obs or IDs or hard to replace specialist) occur? To read some of these forums you’d think it’s a weekly occurrence, but I find that a little hard to believe. Hard data would be useful here.
Somebody has to ask the next question; it might as well be me. Even if a user deletes their account, removing thousands of obs and/or IDs, so what? INaturalist is not (and this is by conscious choice) a scientific database. If it were, expecting a certain level of permanence to the data would be reasonable. (It might even be allowed under GDPR.) But it’s not, so it isn’t. As long as iNaturalist remains a social media site first it has to accept that data comes and goes.
I don’t think this is really a tenable outlook anymore. Regardless of what the official ‘site ethos’ is (and I disagree with you that the site even proclaims to not be a scientific database), the reality is that iNat is a scientific database by virtue of how it is used. iNat data are exported to scientific databases like GBIF and the ALA. They’re used by hundreds of thousands of scientists around the world, in thousands of scientific papers, for many different uses.
From the last year or so, I know of at least 7-8 accounts with minimum 10,000 IDs that have deleted. Given the strongly left-tailed distribution of IDers on iNat [proportion-wise], each of these deletions has a disproportionately high impact
They would be worth one thing, and a very valuable thing: a visible record of past IDs on an observation. I agree (as has already been suggested) that they ought not count toward Community ID, Research Grade, etc. Their only function would be a record for the observer, the remaining identifiers, and any subsequent users of the observation data to consider when evaluating the observation going forward.
Yes. I want to know who IDed that. Is it a local spider fundi, or an enthusiastic newbie (who could turn out be the New Spider Fundi)
Perhaps the most neutral way would be an iNat comment - but not an active ID.
‘There was an ID for This taxon’
The info would be there for future identifiers to consider.
It’s never been tenable. Trying to be all things to all people, which has been the iNaturalist strategy to date, never is. At some point they’ll have to pick a lane, science or social media. Not both. Since social media is massive, irredeemable, hot, stinking pile of something you don’t want to step on in the woods on a summer day I hope they pick science.
I can’t find it anymore, but the old about page was very explicit about science being a secondary consideration. The primary purpose of the site was to facilitate something like “engagement with nature.” The current about page is pretty good at not saying much of anything (perhaps indicative of the fact that iNaturalist still doesn’t know what it wants to be) but certainly doesn’t read like the mission statement of a would-be global research database.
I am well aware that iNaturalist is cited in thousands of papers. Whether that is good practice given how the site currently operates is, I think, an open question.
Or some kid brimming with overconfidence. (Which brings us to the problem that every votes counts the same on this site.) Or worse, some punk kid who put in a bunch of bad IDs and then deleted their account knowing that the IDs would remain and screw everyone up. (Punk kids can be very inventive when they want to be.) Deleting everything when an account is deleted is a safeguard against that sort of bad behavior.
If. We kept the IDs, as a Does Not Count comment. When the departing identifier says - yes please, keep my IDs as neutral comments. A moderator would have to check if the IDs are valid and in good faith, or yippee I can TROLLing.
I can’t quite put my finger on why, but I can’t help thinking that’s a solution that will end up satisfying no-one. It probably, but check with the legal department, satisfies GDPR but I have a feeling it won’t really help much. Especially if the Does Not Count ID comments are difficult to search for. To be useful, there will at least need to be a way to query for the deleted ID comments.
It’s true that having IDs from deleted accounts not count will probably not satisfy everyone. Nevertheless, having a record that an ID had once been entered on a particular observation and what that ID was would be a vast improvement over the “vanishes without a trace” type of deletion that exists currently.
A big part of the problem right now is that it isn’t even possible to tell whether anything was ever there in the first place. ID processes and discussions become incoherent and it is often extremely difficult to reconstruct what might have happened. The confusion and chaos that currently accompanies account deletions by prolific IDers would be substantially reduced if there were a record of the deleted content.
I don’t really see the necessity for this? If the intention is to deal with what happens to one’s account after one’s death – an account does not “expire” with the user’s death; it continues to exist in perpetuity (or at least as long as iNat does). iNat does not verify the identity of users and is thus also not able to verify whether a user has died. If one is providing instructions in one’s will about what happens to one’s iNat account after one’s death, it would be just as easy to instruct the executor to change one’s account details as to donate one’s contributions.
The possibility I proposed upthread for an option to lock/inactivate/freeze an account would be a solution for people who don’t want to remove their contributions after their death but also want some sort of closure for their account. It would have the advantage of also providing some alternatives to deletion for users who want or need to temporarily take a break from iNat.
I thought this too. However, I also know that these laws have conditions under which they actually apply. For example, I work for an insurance company. CCPA says if a consumer asks for their personal information to be removed from our systems, we have to comply to the extent it does not impair our ability to transact necessary business in connection with that person. Or some such thing.
Long story short, you basically can’t and don’t have to delete information about people in insurance and still operate. Otherwise, what’s to prevent a claimant from making a claim, getting paid, getting themselves deleted, making the same claim again and getting paid again, ad infinitum.
I’m not a lawyer so I’m a little fuzzy on the details and maybe my explanation isn’t the best, but that’s the gist of it. I wonder if the potentially applicable consumer privacy laws actually make an exception for use cases like iNaturalist’s…
Re option of anonymising to a specific aggregate ID making judgement a little hard, another option would be a couple of grades of anonymous ID, and a deleted account gets anonymised to one of them by some algorithmic calculation. It would need to do so by calculating where the area of expertise was (so the expert area would get anonymised to an anonymous-experienced, an area where expertise was judged to be novice would be anonymised to anonymous-novice, etc).
d
In the case of iNaturalist the minimum about of any user’s data needed to function is zero. if your insurance company analogy applied (and I don’t think it does) then total deletion would be iNaturalist’s only option.
GDPR explicitly doesn’t. The relevant page is surprisingly readable. The only plausible out I see is paragraph 3 (d) where it references scientific research. But that only applies if iNaturalist explicitly commits to being a scientific database and even then some anonymization scheme would have to be applied. (See Art 89.) A smart lawyer would have no difficulty in arguing that account deletion is an implicit request to delete the user’s data which means the “right to be forgotten” provision kicks in automatically.
There’s another factor to consider. Facebook, Google, Twitter, and the rest of that rotten mob have the resources to stare down an EU lawsuit. They even have the resources to pay up when they inevitably lose. So does an insurance company. I don’t think iNaturalist has a big enough bank account to even risk it. Not only do they have to comply with GDPR, CCPA, etc they have to make sure they don’t cross the line accidentally.
That just adds an extra layer of complexity and controversy to an already delicate matter. How do we decide who’s an expert, who’s a novice, and who’s just a regular old pleb (plus whatever other categories you might have in mind.) It would have to be some algorithm, but what rules would apply. Number of observations and/or number of IDs alone wouldn’t cut it. Expertise is very much a matter of quality over quantity. You’re looking at a whole separate discussion just to hash out that set of rules. (Plus another one arguing whether expert is even a legitimate category.)
