Deactivate user access or delete it?

Question

I'm working on a project using Django. After struggling about how delete user from my database, I found this information.

is_active Boolean. Designates whether this user account should be considered active. We recommend that you set this flag to False instead of deleting accounts; that way, if your applications have any foreign keys to users, the foreign keys won’t break.

After reading that, for me, as a developer makes sense, even easier my job. But I was wondering how the user would feel if he/she knows that the data generated by his/hers use wasn't delete in fact, but only, deactivated. So as a developer, can I warn my user that his/her data won't be delete in fact to avoid any kind of law issue ?

Answer 1

From a programming point of view, there are many options:

• You can change all vital details such as email, names etc to anything different (again this depends though on related data, eg if they are family pictures, this won't do any good).
• You can have something like 'anonymous' account or 'deleted user' and hunt down to change all relationships' ids to that account (again there are issues to be worried depending on the specific data).
• You can eventually indeed delete the user as soon as again you look into all your relationships and decide what to do with them if a user gets deleted.

The documentation's recommendation is good for specific cases, but you have to decide on your own based on your specific case and requirements.

From a legal point of view, I am no expert but I believe this is a huge matter that is treated differently across countries, but in the end I believe there is an ethical obligation to let your users know at least about what you do with their data.