vBulletin 4.2.5 SQL to export just one user from the user table

[djbaxter]

Yet another GDPR issue.

A user demands a record of his data under the GDPR.

I want to do an export of the data for just that one user from the user table.

What is the SQL to do that?

 

[mysiteguy]

Are you in a GDPR covered country? Do you specifically sell to, or target EU users? If not, I'd tell them you are under no obligation to provide it.

If you are, PM me and I can work out putting together something for you. There are a lot of tables involved in a stock VB install, possibly more if you have add-ons.

 

[djbaxter]

Figured it out.

Just go to phpMyAdmin.

Select the user table.

Execute SELECT * FROM `user` WHERE user.username='usernameinquestion'

That will bring up one record.

Click on Export and choose the format.

Save file.

Done.

 

[BirdOPrey5]

For security reasons you shouldn't send their password or salt. (Password will be hashed, but still.)

 

[djbaxter]

I didn't send it. I made it available for download. And this is a European forum. If the ask for a data dump, you cannot legally refuse..

 

[mysiteguy]

Oh, I misunderstood. You weren't giving him posts, etc.

One thing though, I'd send him usertextfield and userfield as well since those potentially have personal info.

 

[djbaxter]

Perhaps. But those aren't data collected by the forum, technically. Seriously, GDPR is a huge nightmare once you get into it. I really don't think a lot of the pieces of that legislation were thought out very well. I think it's more an emotional reaction to Google and Facebook and the uncertainty of what data they are/were collecting and what they were doing with it.

Meanwhile, a lot of websites and SMBs that fall under the GDPR are having to fork out real time and money for this. My policy for now is give them what they ask for and leave it at that. If they ask for more, then I'll act.


Reminds me of when prisoners in Canada were given the right to request their documents in either official languiage under the Freedom of Information act. For a while, a lot of inmates were requesting having their records translated into French, even though most of them didn't even speak French. Until thankfully someone put a lid on that, it was costing a lot of tax dollars and wasting a lot of other people's time. Prisoners didn't care, of course - they have plenty of time to waste and it wasn't costing them anything.

 

[we_are_borg]

You know that this legislation was never tailored for Facebook or Google the story began in 2008/2009 long before anyone was unhappy with Google or Facebook. What they forgot was that small sites would have strain on them to comply, there is going to be a review of this law it seems after 18 months so next year there going to see if it works. But it will get harder not easier.

 

[djbaxter]

You know that this legislation was never tailored for Facebook or Google the story began in 2008/2009 long before anyone was unhappy with Google or Facebook. What they forgot was that small sites would have strain on them to comply, there is going to be a review of this law it seems after 18 months so next year there going to see if it works. But it will get harder not easier.

Well who WAS it tailored for then?

 

[BirdOPrey5]

I didn't send it. I made it available for download. And this is a European forum. If the ask for a data dump, you cannot legally refuse..

I would argue the salt and hash isn't their data but it is of course your call.

 

[we_are_borg]

Well who WAS it tailored for then?

It was made not specifically for Facebook or Google but also for companies that do big data so Microsoft, Apple and so on including companies that trade in other data to gain more data. Think banks, insurance companies everything that deals in privacy information. The intensions where good and still are but they forgot that small sites would have a heavy burden. The EU wanted that people got control over their own data and could revoke at anytime.

 

[djbaxter]

I would argue the salt and hash isn't their data but it is of course your call.

No not mine at all. In their territory, all the power belongs to the EU and the GDPR.

 

[BirdOPrey5]

No not mine at all. In their territory, all the power belongs to the EU and the GDPR.

I understand the EU requires you to give the user their data but you are already deciding what is their data. The salt is definitely not their data. I'd argue the hash isn't either. That is what is up to you. And if you say it isn't up to you than you should be sending them a lot more data than just one line of the user table, that is a completely arbitrary decision.

 

[djbaxter]

My main intent here is to comply with a request made under the GDPR who is a vexatious troll and who is doing it to be annoying. Whatever gets rid of him is fine with me.

Not saying you're incorrect and not trying to have a debate here, BirdOPrey5. Just trying to do what I need to to get a pest off my back.

 

[mysiteguy]

From what I've read you're also going to need to send them each unique id address VB has logged.

 

[Paul M]

GDPR only covers personal data, which on most forums is pretty much just their e-mail address, and they can already view that in their profile.

 

[we_are_borg]

GDPR only covers personal data, which on most forums is pretty much just their e-mail address, and they can already view that in their profile.

Also if they request you’ll need to give them everything including posts and attachments in readable format.

 

[Paul M]

No, you dont. Thats not personal data, you have no obligation to provide that.

 

[we_are_borg]

No, you dont. Thats not personal data, you have no obligation to provide that.

Yes you are required to do so. Please read https://gizmodo.com/how-to-download-your-data-with-all-the-fancy-new-gdpr-t-1826334079

In order to comply with the law, companies large and small are introducing data download tools. But actually transferring your stuff from one platform to another is still more annoying than it should be—you still have to deal with bulk downloads and conflicting file formats, and most platforms haven’t made really good portability features yet. Although they’ve made it possible for users to download their data, actually porting it over to the service you want to use is pretty much up to you. And for some services, like Facebook, there’s not a meaningful competitor waiting for you to make the switch.

People are in full control of their stuff they post and personal information, XML is at the moment accepted as readable and transferable to another platform. You can not claim exclusivity anymore on posts, copyright claiming that its yours cant be done either.

 

[we_are_borg]

Found the article in the law it self Art. 20 GDPR Right to data portability