Thank you for your feedback.
We would like to take this opportunity to share our considerations, as crossposted from the original discussion →
Our primary focus here is on GDPR compliance. On Epicollect5, public projects do not require user authentication when using mobile apps. This design is intentional, and typically public projects are structured in a way that avoids including sensitive user details, ensuring that this information is not exposed to the general public, which reflects your concerns.
However, introducing a feature that allows users to submit personal data which remains hidden from the public does present certain challenges. The most significant concern arises if a user decides to delete their Epicollect5 account. In accordance with GDPR, we are required to delete all personal data associated with that account. If users are not required to authenticate, it becomes impossible to trace which entries belong to a specific individual, making it difficult (or impossible) to ensure that sensitive data linked to the user is deleted.
One potential solution we’ve considered is enforcing authentication for public projects as well. This would allow us to maintain a clearer record of which users are associated with specific entries, ensuring that we can delete sensitive data if a user exercises their right to have it removed. However, we recognize that this approach could affect projects that rely on anonymous data collection, and we are wary of making changes that could limit the flexibility Epicollect5 currently offers.
It is worth noting that authentication is already required to submit entries to a public project via the web. This is primarily in place as a safeguard against spam bots, malicious scripts, and web crawlers, ensuring that submissions are genuine and minimizing abuse of the system.
Another consideration is the risk of human error. Even if sensitive responses are hidden from the public, there remains the possibility that a project member could accidentally or intentionally expose these details. In such cases, determining accountability becomes complicated. Who would be held responsible if such a mistake occurred? We believe this is another important aspect to consider as part of the decision-making process.
We hope this provides clarity on the potential challenges and considerations surrounding the request for hidden question responses in public projects. We are open to further discussions on how we can balance user needs while maintaining compliance with legal requirements.