Impossible to disable the Privacy Statement / End-user Agreement

[Atmire-github]

Describe the bug On DSpace 7, a new feature has been added to include a privacy statement and a end-user agreement: https://github.com/DSpace/dspace-angular/issues/736

Some institutions do not want to use these (especially as the users are forced to accept the end-user agreement at their first login), but there is no configurable way to disable them.

Note that there is another ongoing issue about privacy statement / end-user agreement, but it is more about providing a better default text: https://github.com/DSpace/dspace-angular/issues/1080

To Reproduce Login for the first time with a user and get to the end-user agreement. OR Click the privacy policy or end-user agreement links in the footer.

Expected behavior 2 new configurations should be added in order to allow repository administrators to :

• Enable / Disable the end-user agreement
• Enable / Disable the privacy statement

Related work https://github.com/DSpace/dspace-angular/issues/736 https://github.com/DSpace/dspace-angular/issues/1080

Estimate 5 hours

[tdonohue]

While I understand the desire to make things configurable, this seems lower priority from a roadmap perspective simply because the original goal expressed from Steering was to ensure DSpace 7 was better aligned with GDPR, and both of these features are required for GDPR alignment.

So, for now, I'm going to flag this as help wanted, and prioritize as medium priority. That said, I'm not against this feature, so if anyone wants to build and donate it earlier, I'd gladly help to ensure it gets reviewed for the next release.

[davidatmire]

Hi @tdonohue ,

I agree that this is lower priority. I would just like to mention that some institutions might have their GDPR / data privacy policies defined in a central place (e.g. a page on their institutional website) and that having a dedicated end user agreement on their DSpace platform might be a duplicate step (especially if they use SSO and their users have signed an institution-specific agreement at the level of their own login platform / institutional website).

Another way to look at it would be to provide a better default text for the end-user statement, which is precisely the goal of the other related GIT issue : https://github.com/DSpace/dspace-angular/issues/1080 I will update the above GIT issue with a proposal received from one of the institution that we work with.

[tdonohue]

@davidatmire : To clarify, I'm completely supportive of this ticket... however, I rated it medium priority as I cannot easily prioritize this over new features at this time. So, I'd welcome a contribution of this sort, but I cannot pay for it out of the DSpace budget at this time, so it'd have to be a donated contribution. That said, if it is donated, I'll work to ensure it gets reviewed & into the next version of DSpace.

[tantz001]

In version 7.6.1, this behavior seems to have regressed. In my config.yml, I have info: enableEndUserAgreement: false enablePrivacyStatement: false

To reproduce, open a browser in private/incognito mode, go to the home page, and the EULA popup appears. I think this used to work, but in 7.6.1 the popup still appears for new/anonymous users.

[tdonohue]

@tantz001 : I've confirmed this still works in 7.6.1. I believe you've misunderstood the feature though. These two flags simply disable the End User Agreement and Privacy statement from appearing in the footer links or when you login to the site.

They do NOT disable the cookie notification popup which looks like this:

That cookie permission notification is not the EULA. The EULA is what appears on your first login and tells you what you must agree to in order to use the site.

It is not currently possible to disable the cookie notification popup, as that is required by GDPR and similar privacy regulations of many countries.

If you have more questions, please use one of our tech support options. We can sometimes overlook comments on old tickets/PRs because they can be very difficult to find later on.