Open sleupold opened 6 years ago
Good idea, but I see two possible problems.
The site may not be using https, in which case that statement would be false. So when implementing this, it should only show if submitted by https.
Not all sites are covered by GDPR, (countries, intranets, etc.) so I think we need some setting in the platform to indicate if the site is covered by GDPR (or enhanced privacy, whatever wording is decided) so that modules can render appropriately depending on that setting.
I think what we need is a checkbox with a text saying "I have read, understood and accepted the [LINK]Privacy Statement[/LINK]." It should be possible to add the checkbox by a module setting when it's needed, but when it's there it has to be required (checked before the form can be submitted). I wrote a checkbox validator a while ago, no problem to use it (let me know if you want the code). Then the text (coming from the localization resource file most propably) should have a token (like in the example above), and the link (Url) should be chosen from a list of the pages in the module settings as well (or be the default value as in the privacy skin object). The text Sebastian suggested can be injected without any problems, but I think this is not enough in meanings of the GDPR. The user has to accept the privacy statement actively, and this can be done by such a checkbox. Please don't answer me: Why don't you do it and make a pull request? I tried to, but I couldn't get this module work in my dev environment yet...
please add a resource key to be displayed above the submit button "Your submission will be transmitted securely. It will be stored and processed according to our privacy statement (link)."