New option for "data deletion" rubric entry

[ibarakaiev]

Type of pull request: rubric revision

Related issues: list the related issues here (if applicable): Closes #54

---

The linked issue raised an important concern that our rubric doesn't exhaustively cover how data could be deleted. Currently, we only have "automated" and "by contacting someone," but it could be the case (as in the case of Discord) that automated mechanisms delete only some data. I think it makes sense to include an option to specify that only some data will be removed automatically. I do realize that my proposed edit might still not cover all cases, so this PR is open to suggestions.

[privacyspy-bot]

Thanks for submitting this pull request. @milesmcc has been assigned to review these changes, provide feedback, and determine next steps.

If you haven't already, please ensure your changes pass all the automated tests. Look in the "Checks" box below and "Files changed" tab to see test results.

To learn about the PrivacySpy contribution process, check out the contribution guide.

Note to maintainers: if this pull request passes all tests and code reviews, it should be rebased and merged, then the feature branch should be deleted.

[ibarakaiev]

(forgot to pull before branching off and so there are a few unnecessary commits)

[doamatto]

Assuming the documentation should update itself, this looks solid. Time to find out what policies need to be altered :\

[milesmcc]

I wonder if for most data might be better than for some data... after all, if they only let you delete some very small bit of data automatically, then I'm not sure they should get 80%. I feel like this should only apply if the automated deletion mechanism is for as much data as possible.

[doamatto]

I feel like this should only apply if the automated deletion mechanism is for as much data as possible.

So for instance, everything but legally required (for tax audits/complaince, for instance)? I could see that being a better fit in that scenario, but you could also argue that there should be a for some to throw companies a bone, so to speak.

[ibarakaiev]

Adding for most data would require also having for some data, and I think the difference would often be subjective. Perhaps if we were to include different options like these we would add descriptions of the kinds of data being deleted? I.e., for-some would be "for account data only" and for-most would be "for account and user-generated data"? Just throwing ideas around.

[doamatto]

Since it's been a hot minute since we've had this discussion, I figured I'd add my 2¢ of how options might be:

1. All data (bar things you legally have to keep)
2. Most data (user-generated content, things you might have on a profile, et al.; keeps more than legally required after deletion)
3. Some data (account data is all I can think of)
4. No data (flat out can't delete anything)

I'm not sure how I would score it personally, but I think it would cover the basis for most any product. But I do feel like this is something we should integrate, even though we will have to revisit several policies to ensure they have the proper score afterwords.

[doamatto]

Figured I'd bump this PR to make sure that we give it the attention needed to make this important shift for this improvement to scoring.

[milesmcc]

@doamatto is this ready to be merged or would you like to discuss alternative rubric options?

[doamatto]

I think as Igor mentioned, a for-some would need to be complemented by a for-most. I think with that addition, this would be ready to be merged.