← Back to team overview

mahara-contributors team mailing list archive

  1. mahara-contributors team
  2. Mailing list archive
  3. Message #45978

[Bug 1734169] Re: Explicit consent switches for the GDPR

  Thread PreviousDate PreviousThread Next 
** Description changed:

  We need to make a series of changes in Mahara to comply with the GDPR.
  More info is available on the wiki at
  https://wiki.mahara.org/wiki/Developer_Area/Specifications_in_Development/GDPR_compliance
  
  We need to be able to add explicit consent boxes / Yes/No switches to
- the T&C. These should come at the end of the site agreement and the
- institution agreement if needed to make it clear in which section
- consent is given.
+ the privacy statement. These should come at the end of the site privacy
+ statement and the institution privacy statement if needed to make it
+ clear in which section consent is given.
  
  The consent should be configurable by site and institution admins as
  that may change. It also needs to be versioned and the consent date and
  time recorded as well as the wording to which a user consented to. This
  could become a report in the administration area. In future it would
  also be good for the user to see reports that show the data that was
  collected for them, but that is not the focus here.
  
  For the MVP, users would need to consent to all items for an account to
  be created. If they leave out any items, they will receive a modal
  letting them know that their account won't be able to be created and
  that they have two choices:
  
  1. Revise their selection / double-check that they didn't miss anything by accident
  2. Send a message to their institution administrator(s) letting them know why they don't want to consent to a particular item so that the institution can then deal with that. The easiest might be a message field directly on that screen so a message can be dispatched to all institution admins for the institution in which the user is a member / wanting to be a member or if there are no institutions or there is no institution admin, contact the site admin. This behavior should be similar to what we currently see when we have pending registrations: All institution admins receive a message and if there is none, the site admin receives it.
  
  It would be good to create a new admin menu item "Privacy" in which all
  privacy related items that require configuration and text changes can be
  collected. Then we could switch between site and specific institution
  information like we do on the "Institutions" screen.

** Summary changed:

- Explicit consent switches for the GDPR
+ Explicit consent switches on the privacy statement for the GDPR

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1734169

Title:
  Explicit consent switches on the privacy statement for the GDPR

Status in Mahara:
  Confirmed

Bug description:
  We need to make a series of changes in Mahara to comply with the GDPR.
  More info is available on the wiki at
  https://wiki.mahara.org/wiki/Developer_Area/Specifications_in_Development/GDPR_compliance

  We need to be able to add explicit consent boxes / Yes/No switches to
  the privacy statement. These should come at the end of the site
  privacy statement and the institution privacy statement if needed to
  make it clear in which section consent is given.

  The consent should be configurable by site and institution admins as
  that may change. It also needs to be versioned and the consent date
  and time recorded as well as the wording to which a user consented to.
  This could become a report in the administration area. In future it
  would also be good for the user to see reports that show the data that
  was collected for them, but that is not the focus here.

  For the MVP, users would need to consent to all items for an account
  to be created. If they leave out any items, they will receive a modal
  letting them know that their account won't be able to be created and
  that they have two choices:

  1. Revise their selection / double-check that they didn't miss anything by accident
  2. Send a message to their institution administrator(s) letting them know why they don't want to consent to a particular item so that the institution can then deal with that. The easiest might be a message field directly on that screen so a message can be dispatched to all institution admins for the institution in which the user is a member / wanting to be a member or if there are no institutions or there is no institution admin, contact the site admin. This behavior should be similar to what we currently see when we have pending registrations: All institution admins receive a message and if there is none, the site admin receives it.

  It would be good to create a new admin menu item "Privacy" in which
  all privacy related items that require configuration and text changes
  can be collected. Then we could switch between site and specific
  institution information like we do on the "Institutions" screen.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1734169/+subscriptions

References

  Thread PreviousDate PreviousThread Next