#3591 - Multiple rules consents

By Chris Graham
Added 27th Apr 2018, 11:33 AM
7 views

Identifier	#3591
Issue type	Feature request or suggestion
Title	Multiple rules consents
Status	Completed
Tags	Roadmap: v11 (custom) Type: Legal compliance / Privacy (custom)
Handling member	Chris Graham
Addon	core_cns
Description	Under GDPR websites that do unexpected processing of personal data should get explicit consent for every instance of that processing. Currently Composr doesn't do anything like that, but websites that do would need to hand-customise the join form. It would be nice if it were easier. We'd have a config option that listed all the required consents, and each would present on the join form as a checkbox.
Steps to reproduce
Funded?	No

The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".

Rating

Unrated

Comments

By Guest posted 27th Apr 2018, 11:48 AM

It is debatable that StopForumSpam requires consent under GDPR. I'd argue not because it's providing username and e-mail, without any associated data. But you could argue that StopForumSpam could do origin tracing to know an e-mail is using a certain website. Then, anything that was external embedded in a webpage could also do similar tracking on IP, and that's really unavoidable.
So I think it's worth documenting this and our interpretation.

Google Analytics does offer explicit GDPR compliance, because it does do more sophisticated probing. Facebook connect too. But no explicit personal data is being sent to them.

By Guest posted 27th Apr 2018, 1:55 PM

Consents should also be added to the eCommerce system, under a different set of options. We need to have consents for Shippo, Taxcloud, PayPal, etc - as we really do pass along personal data to these services.

By Guest posted 4th May 2018, 12:40 PM

Also our use of ipstack (formally freegeoip.net) may need considering.