search

GibbonEdu / core

Gibbon is a flexible, open source school management platform designed to make life better for teachers, students, parents and leaders.
https://gibbonedu.org
GNU General Public License v3.0
460 stars 299 forks source link

Discussion: Hide Fields in GibbonEdu #1748

Open dom-madrid opened 1 year ago

dom-madrid commented 1 year ago

Problem

GibbonEdu personal data collection may be considered too extensive. In some case for personal organisation purpose, in other cases for legal reasons. My interest is with the latter one. Some data collection fields are not legal in some countries. And even having the field set to non mandatory is not sufficient. The fields should not be present for data collection. For example, it is illegal to collect data about ethnicity, religion, race, country of origin, etc in France. Not only you cannot collect the data, but it is also illegal to ask for it. Having the fields available in the forms put the school wanting to install GibbinEdu at legal risk. This true for all individuals registered in the program (admin, staff, student and parents).

Proposed Solution

In the Admin part of the system, there should be an option to turn on/off data collection for fields - either all of them or more simply fields that a re considered sensible (such as the list I mentioned earlier).

Alternatives

No response

Additional Context

No response

rkr1209 commented 1 year ago

Yes, imo almost all default fields should have an option to be disabled/hidden.

WakMun commented 4 months ago

We, in Germany, are also facing the same problem. We are trying to circumvent it through very extensive Data Privacy statement. Having the possibility to not show some fields will be a more elegant solution.

yookoala commented 4 months ago

@dom-madrid @rkr1209 @WakMun Would you kindly make a list of the information that needs to be optionally collected (i.e. allow admin to disable and hide the fields). Since different country has different legal requirements, it would be more actionable if there is a list of some sort to follow up.

By no means the list need to be complete from the beginning. But it is a good place to start with.

dom-madrid commented 4 months ago

@yookoala This is my first list. Some fields are directly related to the data privacy point (DP), others are simply not relevant (NR) to our environement.

In the user section

In the student section

Ideally, all the fields in the Personal Documents section should be individually hideable as well. If ID Card could eventually be collected, the two others are problematic: Residency/Visa and Birth Certificate.

WakMun commented 4 months ago

The base of the issue is GDPR (this is european-union wide law which mandates that only that Data is to be gathered and stored that is strictly necessary for the provided service). Therefore the comment from @dom-madrid holds for us as well.

In addition I would add the following: USER:

For Students: