View Issue Details

IDProjectCategoryView StatusLast Update
0003591Composrcore_cnspublic2019-07-05 21:51
ReporterChris GrahamAssigned ToChris Graham 
PrioritynormalSeverityfeatureReproducibilityN/A
Status resolvedResolutionfixed 
Product Version 
Target VersionFixed in Version 
Summary0003591: Multiple rules consents
DescriptionUnder GDPR websites that do unexpected processing of personal data should get explicit consent for every instance of that processing.

Currently Composr doesn't do anything like that, but websites that do would need to hand-customise the join form. It would be nice if it were easier.

We'd have a config option that listed all the required consents, and each would present on the join form as a checkbox.
TagsRoadmap: v11, Type: Legal compliance
Attach Tags
Time estimation (hours)6
Sponsorship open0

Relationships

has duplicate 0003774 closedChris Graham Manageable declarations on join page 

Activities

Chris Graham

2018-04-27 15:48

administrator   ~0005677

Last edited: 2018-04-27 17:53

View 4 revisions

It is debatable that StopForumSpam requires consent under GDPR. I'd argue not because it's providing username and e-mail, without any associated data. But you could argue that StopForumSpam could do origin tracing to know an e-mail is using a certain website. Then, anything that was external embedded in a webpage could also do similar tracking on IP, and that's really unavoidable.
So I think it's worth documenting this and our interpretation.

Google Analytics does offer explicit GDPR compliance, because it does do more sophisticated probing. Facebook connect too. But no explicit personal data is being sent to them.

Chris Graham

2018-04-27 17:55

administrator   ~0005682

Consents should also be added to the eCommerce system, under a different set of options. We need to have consents for Shippo, Taxcloud, PayPal, etc - as we really do pass along personal data to these services.

Chris Graham

2018-05-04 16:40

administrator   ~0005692

Also our use of ipstack (formally freegeoip.net) may need considering.

Issue History

Date Modified Username Field Change
2018-04-27 15:33 Chris Graham New Issue
2018-04-27 15:48 Chris Graham Note Added: 0005677
2018-04-27 15:53 Chris Graham Note Edited: 0005677 View Revisions
2018-04-27 16:02 Chris Graham Tag Attached: Type: Legal compliance
2018-04-27 17:44 Chris Graham Note Edited: 0005677 View Revisions
2018-04-27 17:53 Chris Graham Note Edited: 0005677 View Revisions
2018-04-27 17:55 Chris Graham Note Added: 0005682
2018-05-04 16:40 Chris Graham Note Added: 0005692
2019-06-27 01:51 Chris Graham Relationship added has duplicate 0003774
2019-06-27 17:52 Chris Graham Tag Attached: Roadmap: v11
2019-07-05 21:51 Chris Graham Assigned To => Chris Graham
2019-07-05 21:51 Chris Graham Status non-assigned => resolved
2019-07-05 21:51 Chris Graham Resolution open => fixed