User consent before validation

Labs64 / PluginPass

PluginPass - WordPress PRO Plugin/Theme Licensing

https://wordpress.org/plugins/pluginpass-pro-plugintheme-licensing/

13 stars 1 forks source link

User consent before validation #13

Closed r-brown closed 5 years ago

r-brown commented 5 years ago

Show popup to ask an explicit confirmation from the user before executing NetLicensing validation request.

Consent popup form Text:

By choosing "Agree" validation request will be sent to the Labs64 NetLicensing to verify valid use of the plugin or theme.
Personal data transferred with this request such as Unique Identifiers, Plugin and Theme Details, WordPress Instance Name, Domain Name, System Details of the data subject.

For more details on Labs64 NetLicensing data protection provisions visit Privacy Policy ( https://www.labs64.com/legal/privacy-policy/ ) and Privacy Center ( https://www.labs64.de/confluence/x/vQEKAQ )

Buttons: Agree / Cancel

r-brown commented 5 years ago

Possibly even needed on first validation (in background) while calling PluginPass_Guard.validate(). User consent request can be enabled/disable by adding new parameter to the validate() function.

Once user accepted this, concent timestamp should be stored in the database - concent_ts and not requested again until user revokes this (new issue needed here) or plugin is deregistered #15

kkorotkov commented 5 years ago

Discussion notes from 16.07.19: As consent dialog is related to the UI, it is impossible to show it from within vendor's plugin - UI in the vendor's plugin is undefined and may even not exist. Instead, we agreed to describe mechanisms for the vendor how to redirect to the PluginPass admin area where the dialog is implemented and consent can be collected. In all other cases of PluginPass_Guard use, if consent is not yet collected, calls to the NetLicensing to be silently skipped, and unsuccessful validation to be returned (i.e. valid == false). Appropriate sentence is required in the PluginPass ToS, that puts the responsibility for consent collection on the vendor.

r-brown commented 5 years ago

Two events in the PluginPass plugin can be still considered:

PluginPass plugins table and click on the Validate link => ask for consent before sed request to NetLicensing
PluginPass_Guard.validate() method => show banner in the admin area and ask a user to provide consent; fail validation without consent

r-brown commented 5 years ago

TODO / @r-brown - add to the docs

r-brown commented 5 years ago

FAQ updated with the consent information - https://github.com/Labs64/PluginPass/wiki/FAQ#gdpr-how-to-update-user-consent

v-rudkovskiy commented 5 years ago

I updated the Wiki and FAQ with consent information.