Simple photo app for GDPR compliance (consent & expiration)

augke · August 15, 2022, 12:17pm

Dear Nextcloud Community,

I am writing on behalf of a client in the public sector that has a wish for managing photos on their Nextcloud installation.

Their usecase is quite simple:

They use Nextcloud to store, share and manage internal photos. Each photo that contains a recognizable person must have at least two attributes/properties. One that externally links to the consent(s) of the person(s) present in the photo and one that dictates the expiration date for when the photo is not to be used anymore (and automatically deleted). It would also be great if the owner of the photo is notified sometime before the expiration date.

Currently, I have set up the Retention app that along with Files automated tagging to automatically delete files that are more than 30 days old. This, however, does not solve the issue of linking a persons consent to a specific photo or folder. It does not solve the issue of a specific deletion date either.

The closest I have come to finding a suitable app is the Custom Properties app. This app allows a user to apply custom properties, defined by an administrator, on specific files. Such properties can be e.g. links or dates. Unfortunately, Custom Properties still doesn’t solve the issue of having an expiration date where files are to be automatically deleted. Furthermore the app hasn’t been updated to Nextcloud v. 23.x and seems somewhat abandoned.

I do not have experience with developing Nextcloud apps, but to me, the app complexity seems fairly simple and at the same time would be of great value to EU organizations that are handling photos in regards to GDPR.

As projects rarely are evolving without any unexpected obstacles, here is a guess on what design considerations may occur. I don’t know if it would make most sense to include the link to consent and the expiration date at a folder level, per individual photo or maybe the possibility of both. Some people may occur in several photos and expiration dates of entire albums may also be shared/individual.

In case you have thoughts on this, are a Nextcloud apps-developer, an EU organization with the same need or from the Nextcloud team, please reach out. I can only imagine several organizations or entities could use this functionality.

just · August 15, 2022, 4:58pm

Seems all you need to do is manually enable it. For better or worse, this is the standard practice in the Nextcloud ecosystem. Not updating an app for a few months does not mean it is abandoned, especially when the only change is a version number. You’ll need to test it to confirm.

This is a classic miscalculation. Everything seems fairly simple when we are not coding and testing and maintaining it ourselves. It is a nice idea, but keep in mind “simple” and “easy” have no relationship to the actual development work needed.

You can have your client switch over to a paid enterprise subscription with Nextcloud. This is the only way to submit development requests directly to that team.

Have you tried the Flow app as well? Perhaps you could write something custom. Not sure.