#5569 - Compliance for new regulatory laws (holder issue)

By Chris Graham
Added 20th Jan 2024, 5:00 PM
2 views

Identifier	#5569
Issue type	Feature request or suggestion
Title	Compliance for new regulatory laws (holder issue)
Status	Open
Tags	Roadmap: Over the horizon (custom) Roadmap: v11 partial implementation (custom) Type: Legal compliance / Privacy (custom)
Handling member	Deleted
Addon	core_cns
Description	Utah has an interesting law. It only affects sites with 5mil+ users, so is not something we need to jump at implementing. https://socialmedia.utah.gov/ We would need to: - Verify the age of users - Implement forced timezone input for "COPPA" users - Possibly implement a "jurisdiction" input (e.g. Utah in this case) - Feed through timezone and jurisdiction in any communication/auditing for account approval - Have an implicit usergroup for "COPPA" users, possibly further broken down by jurisdiction - Be able to lock down the timezone field for users, defaulting to do so for ones in the "COPPA" group - Have a configurable feature to block access to a group's users outside certain hours in a user's timezone, defaulting for ones in the "COPPA" group - Link an account to a guardian account, and allow cross-access (i.e. SU, but only to a specific user(s) from a specific user) - Exclude "COPPA" users from search results (just member search, or maybe all search results - I'd have to check) - By default turn off ads for users in the "COPPA" group Some of this could be worth chipping away at regardless of Utah.
Steps to reproduce
Funded?	No

The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".

Rating

Unrated

Comments

By Guest posted 20th Jan 2024, 7:21 PM

This is starting to get quite complex. I also suggest we pull COPPA and legal-related configuration options out of their respective categories and create a new "Legal Compliance" category, or perhaps a Legal Compliance group under Privacy Options.

By Guest posted 31st Jan 2024, 9:51 AM

Some similar things being considered in this:
https://en.m.wikipedia.org/wiki/Kids_Online_Safety_Act

By Guest posted 27th Feb 2025, 9:56 PM

I am taking the XML approach to this.

What I am doing is stripping out the current COPPA functionality from v11. And I am building a new XML framework for parental controls (which the former COPPA / parental consent will be one of the possible controls).

This will allow vast configurability with minimal UI necessity. For example, webmasters could define multiple tiers of age and have things done depending on where a member falls. Additionally, certain controls can be filtered by region.

Additional controls can be implemented over time. For now, I plan to just stick with the parental consent one, and maybe a couple other basic ones.

By Guest posted 15th Mar 2025, 6:18 PM

There is also now the UK Online Safety Act.

By Guest posted 15th Mar 2025, 8:04 PM

Thank you, I'll check it out. I have some defaults set up for the most well-known like COPPA and GDPR.

The framework was implemented in 11 beta7 and has both parental consent and lockout controls (lockout being simply a member cannot log in until they are of age).

These controls also tie in to the automatic Privacy Policy, so the PP will auto-populate according to the XML configuration.