The text in this article may include ControlShift's interpretation of the GDPR and/or interpretations we've heard from other organizations. This article should not be considered legal advice. Please seek independent legal counsel to ensure your compliance with all regulations.
ControlShift's anonymization features allow organizations to limit the storage and processing of Personally Identifiable Information (PII) within the platform. These features are often considered in conjunction with ControlShift's deletion features, with anonymization allowing PII to be removed while retaining basic information about the petition or signature.
Org admins with the appropriate permission can anonymize a petition by going to the petition's Admin page, scrolling to the bottom of the Details page, and clicking to Anonymize Petition Data.
When a petition is anonymized, a few things will happen:
- The petition's signatures will be deleted. If that signature is the only action the user took, their user record will be deleted as well. If the user has other actions on the platform, only their signature on the anonymized petition will be removed.
Pease note: unlike with member anonymization (described below), petition anonymization does not keep a limited record of the signatures. Petition delivery documents for anonymized petitions will not include any information about signatures added before the anonymization.
- While the petition's signatures are deleted, the petition's public signature count is maintained (e.g. if your petition had 150 signatures when it was anonymized, the public page and delivery documents will still say 150 signatures, even though there's no signature data in the petition anymore).
- Reasons for signing will be deleted (because their related signatures have been deleted).
- The petition will be automatically ended and the signature form will be hidden. The petition page will update to say "This campaign has ended" and " This petition is no longer accepting new signatures."
The page itself will, however, remain visible.
- The petition creator will be removed the petition (and their account deleted if creating this petition is their only action). The petition will be automatically reassigned to your organization's admin in charge of orphaned assets.
- The petition creator and recent signers sections of the petition will be hidden in the petition's Admin > Settings. This means that if you reactivate the petition and want those sections to show, you'll need to update the petition's settings accordingly.
- Contact messages sent from members of the public to the petition's now-anonymized creator/admins will be deleted.
- Blast emails, events, and flags associated with the petition will still be visible in the admin tools.
For admins, it's also possible to anonymize petitions in bulk from the admin all petitions page. To get started go to the org admin homepage > Petitions, and click the checkbox next to all petitions that you want to anonymize. In the bulk actions menu, click the dropdown and choose the Anonymize option.
Pease keep in mind: petition anonymization CANNOT be undone. Once you've clicked to anonymize a petition, signature information is immediately deleted and cannot be restored.
Org admins with the appropriate permissions can also choose to anonymize individual members. This allows for the anonymization of Personally Identifiable Information (PII) without removing all signatures from a petition.
To anonymize a single member, go to the admin homepage and enter the user's email address into the search bar at the top of the page. At the bottom of the details page, admins can click Anonymize Member.
When a user is anonymized, their personal information is removed from the platform:
- If they have a full user account, that account will be removed (they'll need to recreate their account if they want to create petitions/events in the future).
- Any contact messages sent from the user to a petition creator or event host will be deleted.
- Attendee records will be deleted from any events the user RSVPed to.
- Partnership subscriptions will be deleted.
- For signatures, the record will be stripped of PII, but it will still be counted toward the petition signature total. In delivery documents, the anonymized signature will be represented using the Anonymized Action Taker Display to Public setting that your organization has configured in Settings > Privacy > Name Privacy. For most organizations, these signatures will be shown with initials only.
The anonymized records will also be included in the admin CSV export of signatures using the organization's name privacy settings and including the created and updated at dates.
Anonymizing via API
In addition to the anonymization buttons included in the admin UI, it's also possible for organizations to anonymize users via our REST API. Using the API for anonymization may make it easier for your organization to regularly and automatically anonymize older user accounts. For more information please see the user anonymization section of our developer docs.
The GDPR has numerous requirements and hefty fines for non-compliance. The information included here is not legal advice, and we strongly recommend that all organizations using ControlShift seek legal counsel to ensure that they comply with the GDPR and all relevant laws.