View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0003591 | Composr | core_cns | public | 2018-04-27 15:33 | 2019-07-05 21:51 |
| Reporter | Chris Graham | Assigned To | Chris Graham | ||
| Severity | Feature-request | ||||
| Status | resolved | Resolution | fixed | ||
| Product Version | |||||
| Fixed in Version | |||||
| Summary | 0003591: Multiple rules consents | ||||
| Description | Under GDPR websites that do unexpected processing of personal data should get explicit consent for every instance of that processing. Currently Composr doesn't do anything like that, but websites that do would need to hand-customise the join form. It would be nice if it were easier. We'd have a config option that listed all the required consents, and each would present on the join form as a checkbox. | ||||
| Tags | Roadmap: v11, Type: Legal compliance / Privacy | ||||
| Time estimation (hours) | 6 | ||||
| Sponsorship open | 0 | ||||
| has duplicate | 0003774 | closed | Chris Graham | Manageable declarations on join page |
|
|
It is debatable that StopForumSpam requires consent under GDPR. I'd argue not because it's providing username and e-mail, without any associated data. But you could argue that StopForumSpam could do origin tracing to know an e-mail is using a certain website. Then, anything that was external embedded in a webpage could also do similar tracking on IP, and that's really unavoidable. So I think it's worth documenting this and our interpretation. Google Analytics does offer explicit GDPR compliance, because it does do more sophisticated probing. Facebook connect too. But no explicit personal data is being sent to them. |
|
|
Consents should also be added to the eCommerce system, under a different set of options. We need to have consents for Shippo, Taxcloud, PayPal, etc - as we really do pass along personal data to these services. |
|
|
Also our use of ipstack (formally freegeoip.net) may need considering. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2018-04-27 15:33 | Chris Graham | New Issue | |
| 2018-04-27 15:48 | Chris Graham | Note Added: 0005677 | |
| 2018-04-27 15:53 | Chris Graham | Note Edited: 0005677 | View Revisions |
| 2018-04-27 16:02 | Chris Graham | Tag Attached: Type: Legal compliance | |
| 2018-04-27 17:44 | Chris Graham | Note Edited: 0005677 | View Revisions |
| 2018-04-27 17:53 | Chris Graham | Note Edited: 0005677 | View Revisions |
| 2018-04-27 17:55 | Chris Graham | Note Added: 0005682 | |
| 2018-05-04 16:40 | Chris Graham | Note Added: 0005692 | |
| 2019-06-27 01:51 | Chris Graham | Relationship added | has duplicate 0003774 |
| 2019-06-27 17:52 | Chris Graham | Tag Attached: Roadmap: v11 | |
| 2019-07-05 21:51 | Chris Graham | Assigned To | => Chris Graham |
| 2019-07-05 21:51 | Chris Graham | Status | non-assigned => resolved |
| 2019-07-05 21:51 | Chris Graham | Resolution | open => fixed |
| 2022-09-01 02:23 | Chris Graham | Tag Renamed | Type: Legal compliance => Type: Legal compliance / Privacy |
