5569: Compliance for new regulatory laws (holder issue) - Composr CMS feature tracker

ID	Project	Category	View Status	Date Submitted	Last Update

5569	Composr	core_cns	public	2024-01-20 22:00	2025-03-16 16:34

Reporter	Chris Graham	Assigned To	PDStig
Priority	normal	Severity	feature
Status	assigned	Resolution	open

Summary	5569: Compliance for new regulatory laws (holder issue)
Description	Utah has an interesting law. It only affects sites with 5mil+ users, so is not something we need to jump at implementing. https://socialmedia.utah.gov/ We would need to: - Verify the age of users - Implement forced timezone input for "COPPA" users - Possibly implement a "jurisdiction" input (e.g. Utah in this case) - Feed through timezone and jurisdiction in any communication/auditing for account approval - Have an implicit usergroup for "COPPA" users, possibly further broken down by jurisdiction - Be able to lock down the timezone field for users, defaulting to do so for ones in the "COPPA" group - Have a configurable feature to block access to a group's users outside certain hours in a user's timezone, defaulting for ones in the "COPPA" group - Link an account to a guardian account, and allow cross-access (i.e. SU, but only to a specific user(s) from a specific user) - Exclude "COPPA" users from search results (just member search, or maybe all search results - I'd have to check) - By default turn off ads for users in the "COPPA" group Some of this could be worth chipping away at regardless of Utah.
Tags	Roadmap: Over the horizon, Roadmap: v11 partial implementation, Type: Legal compliance / Privacy
Attach Tags	(Separate by ",")

Time estimation (hours)
Sponsorship open

Date Added	Member	Amount Sponsored

PDStig 2024-01-21 00:21 administrator ~8219 Last edited: 2024-01-21 00:21	This is starting to get quite complex. I also suggest we pull COPPA and legal-related configuration options out of their respective categories and create a new "Legal Compliance" category, or perhaps a Legal Compliance group under Privacy Options.

Chris Graham 2024-01-31 14:51 administrator ~8282	Some similar things being considered in this: https://en.m.wikipedia.org/wiki/Kids_Online_Safety_Act

PDStig 2025-02-28 02:56 administrator ~9828	I am taking the XML approach to this. What I am doing is stripping out the current COPPA functionality from v11. And I am building a new XML framework for parental controls (which the former COPPA / parental consent will be one of the possible controls). This will allow vast configurability with minimal UI necessity. For example, webmasters could define multiple tiers of age and have things done depending on where a member falls. Additionally, certain controls can be filtered by region. Additional controls can be implemented over time. For now, I plan to just stick with the parental consent one, and maybe a couple other basic ones.

Chris Graham 2025-03-15 22:18 administrator ~9884	There is also now the UK Online Safety Act.

PDStig 2025-03-16 00:04 administrator ~9885	Thank you, I'll check it out. I have some defaults set up for the most well-known like COPPA and GDPR. The framework was implemented in 11 beta7 and has both parental consent and lockout controls (lockout being simply a member cannot log in until they are of age). These controls also tie in to the automatic Privacy Policy, so the PP will auto-populate according to the XML configuration.

View Status	Private (for security issues or disclosing of private information; if you submit as a guest, you will not be able to see your submission)
Note
Upload Files Maximum size: 32,768 KiB	Attach files by dragging & dropping, selecting or pasting them.
You are not logged in	You are not logged in. This means you will not get any e-mail notifications. And if you reply, we will not know for sure you are the original poster of the issue.

Date Modified	Username	Field	Change
2024-01-20 22:00	Chris Graham	New Issue
2024-01-20 22:00	Chris Graham	Tag Attached: Type: Legal compliance / Privacy
2024-01-21 00:21	PDStig	Note Added: 0008219
2024-01-21 00:21	PDStig	Note Edited: 0008219
2024-01-21 00:22	PDStig	Tag Attached: Roadmap: v11 partial implementation
2024-01-21 00:22	PDStig	Tag Attached: Roadmap: v12
2024-01-31 14:51	Chris Graham	Note Added: 0008282
2024-03-26 00:58	PDStig	Tag Renamed	Roadmap: v12 => Roadmap: Over the horizon
2024-07-30 23:00	Chris Graham	Summary	Compliance for Utah's "Social Media Regulation Act" (holder issue) => Compliance for new regulatory laws (holder issue)
2024-07-31 00:44	Guest	Note Added: 0009010
2024-07-31 00:44	Guest	Issue cloned: 5821
2025-02-28 02:56	PDStig	Assigned To	=> user4172
2025-02-28 02:56	PDStig	Status	Not Assigned => Assigned
2025-02-28 02:56	PDStig	Note Added: 0009828
2025-03-15 22:18	Chris Graham	Note Added: 0009884
2025-03-16 00:04	PDStig	Note Added: 0009885
2025-03-16 16:34	PDStig	Relationship added	related to 6176