The case of a reported member, who deleted their profile and created a new one later, made us think about how GDPR Data Removal Requests could interfere with safety on Trustroots.
As @guaka summed up, our duty to remember should override the right to be forgotten in these cases.
- to read the messages in case of a report
- to keep the user’s data in case of abuse/harassment (even with an interfering GDPR request)
- as well as to share this data with other hospex networks in case of abuse/harassment