Greetings,
I host a variety of lists for social, community, and software projects, and updated my infrastructure from Mailman 2 to Mailman 3 last year. As part of this, I enabled Django allauth modules to simplify login and management for subscribers.
Recently, Facebook notified me that they would be disabling the "application" because it failed to provide a sufficient Privacy Policy. Previously I had linked the app to [ https://www.gnu.org/software/mailman/privacy.html, | https://www.gnu.org/software/mailman/privacy.html, ] but they have said:
Platform Terms 4.b: Your privacy policy must comply with applicable law and regulations and must accurately and clearly explain what data you are Processing, how you are Processing it, the purposes for which you are Processing it, and how Users may request deletion of that data.
During testing, we found that your privacy policy doesn’t explain how users can request data deletion. Update your privacy policy to include this information before you submit an appeal.
This is a bit of a headache. Do we have a draft of a community Privacy Policy for a vanilla Mailman 3 install that meets Facebook's requirements? Is this going to be a constantly unraveling thread of future GDPR and Right to Be Forgotten troubles, since there doesn't seem to be an easy way to scrub a subscriber from Hyperkitty archives if they request so? How have others addressed this situation?
Regards, --Jered