Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add information relating to GDPR #4

Open
schrej opened this issue May 25, 2018 · 5 comments
Open

Add information relating to GDPR #4

schrej opened this issue May 25, 2018 · 5 comments

Comments

@schrej
Copy link
Member

schrej commented May 25, 2018
edited

We should have a section in the documentation with GDPR related information for people hosting the panel.
The panel is using ReCAPTCHA by default for example, and that requires to be mentioned in the Privacy Policy. We can then also include information on what kind of information the panel collects (cookies, ips?, email) so people know what they have to mention in their Privacy Policy.

This should not be a full privacy policy, just information on what to include/mention in it.

  • Cookies
  • IP logging
  • LocalStorage?
  • ReCAPTCHA
  • Gravatar (E-Mail Address!!)
@lancepioch
Copy link
Contributor

I agree and think it's important to help our panel users support and follow EU's GDPR and related privacy laws. I have some questions hopefully that are helpful:

  • If the cookies only contain the encrypted session data, then does it count as personally identifiable information (PII)? Same for the localstorage.
  • Are we storing IP addresses? Can this be toggleable if so?
  • Don't the ReCaptcha and Gravatar services have their own policies? Do we just have to link to them or do we also have to include a copy of them? Can we just make the services toggleable?

PII to be included (and deletable/removable):

  • Names
  • Emails
  • IP Addresses

@schrej
Copy link
Member Author

schrej commented Jul 30, 2018
edited

Good point regarding the services: ReCaptcha is toggleable already, Gravatar should be easy enough. And yes we should link to their Policies of course.
I had them on the list because it's easy to forget that they're there.

@DaneEveritt
Copy link
Member

I'm thinking of removing the gravatar stuff as well as first last name anyways, but we should still document that since we're using it on prior versions.

@lancepioch I think the cookies being encrypted doesn't change anything. They're encrypted to the user, but still readable by the server. But they also don't contain any PII as far as I can remember.

@lancepioch
Copy link
Contributor

Do we actually need to do anything extra besides updating the privacy policy @schrej ?

@schrej
Copy link
Member Author

schrej commented Jun 20, 2019

Hmm, not really sure about that. I'm not an expert on GDPR either.
Also, we certainly shouldn't write up a privacy policy for the panel. I was talking about providing information that helps to write a privacy policy: What data does the panel collect and for what reason.
Additionally we could consider the amount of data the panel is collecting and whether we can reduce it, but I guess it's pretty minimal as it is.
We should also maybe add a "This website uses cookies" banner, that can be enabled. The text should also be editable.

@tinyoverflow tinyoverflow mentioned this issue Dec 6, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@DaneEveritt @lancepioch @schrej