Mibew / mibew

Mibew Messenger - open-source live support application
https://mibew.org
Other
471 stars 204 forks source link

GDPR Compliance #227

Closed josemi-ca closed 6 years ago

josemi-ca commented 6 years ago

The General Data Protection Regulation (GDPR) came into effect on 25 May 2018, affecting all busineses handling europeans data (even if based outside EU).

I've noticed Mibew seems to be lacking some basic features for GDPR:

faf commented 6 years ago

Well... I'm neither a lawyer, nor an EU-citizen, so I can be wrong. But I don't believe that this is really a big deal.

Mibew Messenger doesn't store any 'personal data' by default. It can ask a visitor to enter email at the pre-chat stage, but it's an option. So, one could just inform a visitor that by clicking on button 'start chat' he confirms the submission of his email for further usage. And, btw, there are no validation of the email.

Bulk erasement and export of logs by visitor's name is indeed missed. But that name is optional and non-unique. And that matters, because it is impossible to identify a person with it. Multiple visitors could make use of the same name. Maybe one could identify a person with a combination of email, ip and a name, but it's hard to tell.

Moreover, it is possible to make use of the appropriate plugin to not store logs at all (erase it immediately). As a kind of a temporary solution for people who scared of this initiative of the EU.

Maybe someday I'll create a plugin of two that will implement export / erasement of logs, but at the moment it's definitely not a primary goal for me. Though, one could send a pull request. ;)

josemi-ca commented 6 years ago

Mibew Messenger doesn't store any 'personal data' by default. It can ask a visitor to enter email at the pre-chat stage, but it's an option. So, one could just inform a visitor that by clicking on button 'start chat' he confirms the submission of his email for further usage.

Even if is not a checkbox, a setting should be added so that a custom text/link to privacy policy can be included in the survey page. So that it's not necessary to edit the code, which would lose the changes on updates.

Thanks

faf commented 6 years ago

But at the moment there is no need to edit the code to inform a visitor. One just have to alter the localization constant "Thank you for contacting us. Please fill out the form below and click the Start Chat button.". It can be done using standard localization management interface. (Actually, any string constant in Mibew can be changed that way.)

And if one want to change the look and feel of the pre-chat survey (i.e. use a link there), it can be done by creation of a custom theme. Without any code changes too.

Don't get me wrong, I realize a potential legal risk related to possible misinterpretation of GDPR. But I believe that Mibew Messenger is just a tool for a site, not a stand alone product. So it should not have its own policy that is somehow different from the policy of the site which a visitor of the site should explicitly accept...

faf commented 6 years ago

I've created the plugin for bulk export and deletion of chats. It will be officially released along with the next release of Mibew Messenger itself in the near future.

josemi-ca commented 6 years ago

Thank you very much. Really appreciated 👍