View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0005103 | Composr | core | public | 2022-11-30 23:30 | 2022-12-01 01:47 |
| Reporter | Patrick Schmalstig | Assigned To | |||
| Severity | Feature-request | ||||
| Status | non-assigned | Resolution | open | ||
| Product Version | |||||
| Fixed in Version | |||||
| Summary | 0005103: Make rules acceptance page a step in all forms of log-in | ||||
| Description | According to the Facebook docs: "Be aware that this is a trade-off: allowing quick log in, but limiting your ability to control sign-ups. Facebook login differs from normal Composr joining in the following ways: - Rule acceptance will not happen (so make sure you link to your rules somewhere); Facebook login is generally designed as one-click, so extra steps are the antithesis of this" "Rules" for some sites could be a legally-binding Terms of Service. Physically requiring the user to read and agree to them before proceeding will strengthen the legality of the ToS contract between the website and the member (opposed to simply linking to them but still allowing the member to join without reading / accepting them). A stronger argument: Now that we are trying to be GDPR-compliant, it is critical that we require users accept the Privacy Policy for GDPR compliance; a site can say "we made sure all our members are aware of what happens with their data". Therefore, I think the rules / privacy page *must* be read/accepted by *all* new members regardless how they sign up. | ||||
| Tags | Type: Legal compliance / Privacy | ||||
| Time estimation (hours) | 3 | ||||
| Sponsorship open | |||||
| related to | 0000478 | non-assigned | Forced profile completion | |
| related to | 0003590 | resolved | Patrick Schmalstig | Legals re-agreement |
|
|
If this is implemented, it probably would make sense to do so with the "forced profile completion" system (0000478) that is currently used for httpauth logins and others, and in coordination with a new system of tracking when users have accepted rules (0003590). i.e. The user logs in, the system sees they haven't agreed to the rules yet, so forces them to agree as a part of the forced profile completion screen. |
|
|
I think that's reasonable. It is also a good way to have a digital record of their agreement. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2022-11-30 23:30 | Patrick Schmalstig | New Issue | |
| 2022-11-30 23:31 | Patrick Schmalstig | Description Updated | View Revisions |
| 2022-11-30 23:32 | Patrick Schmalstig | Description Updated | View Revisions |
| 2022-12-01 00:23 | Chris Graham | Time estimation (hours) | => 3 |
| 2022-12-01 00:25 | Chris Graham | Relationship added | related to 0000478 |
| 2022-12-01 00:26 | Chris Graham | Relationship added | related to 0003590 |
| 2022-12-01 00:27 | Chris Graham | Category | General => core |
| 2022-12-01 00:28 | Chris Graham | Note Added: 0007763 | |
| 2022-12-01 00:28 | Chris Graham | Tag Attached: Type: Legal compliance / Privacy | |
| 2022-12-01 01:47 | Patrick Schmalstig | Note Added: 0007766 |
