Updates to the registration process

[kitenetter]

We need to make some changes to the registration process, which are linked to a revision of the FIT Count Privacy Notice, which in turn is required in order to enable data sharing with the various countries that are using FIT Counts. This will definitely affect the registration process on the FIT Count app; I'm not sure if we also need to make equivalent updates on the FIT Count website, as I believe that most if not all registrations come from the app not direct on the website? However, we will need to update the UK PoMS website to keep it in line with the app. So we may need to break this down into a number of smaller issues, but the timing of the changes needs to be coordinated so I wanted to start with an overview here.

Privacy Notice The updated text is drafted, awaiting approval within UKCEH and JNCC

• action: @kitenetter @CCarvell

Change to registration process - new users We are required to gain an explicit consent from our users to say that they agree to the new Privacy Notice. The proposal is that when a new user registers, instead of asking them if they are "Happy to be contacted", we replace that question with a mandatory tick box for "I accept the Terms of Use". If the user does not tick that box the registration cannot be accepted. To be implemented on the app; not sure if it is needed on the FIT Count website; it will be needed on the UK PoMS website.

We also want to ask new users to specify which country they are linked to for FIT Counts, see below.

• action @kazlauskis @andrewvanbreda

Change to registration process - existing users We need to ensure that all existing app users opt in to the new Terms once they are ready. Is there a mechanism where we can ensure that all users provide a consent next time they use the app/website? On the website I imagine that there could be a pop-up so that an existing user has to tick a box before visiting the site. Is there a similar approach we can use for the app?

To be implemented on the app; not sure if it is needed on the FIT Count website; it will be needed on the UK PoMS website.

• action @kazlauskis @andrewvanbreda

We also want to ask existing users to specify which country they are linked to for FIT Counts, see below.

Addition to registration process to specify a country for the user In order to enable country coordinators to be given access to the data and contact details for users in their country, we need to ask users to specify which country they are linked to when contributing FIT Counts. This will need to be a tick box against the list of participating countries (currently we have 10 countries but the list may grow).

I assume we will need to have a termlist for the participating countries in the warehouse, which will feed through to the app and website if new countries get added.

To be implemented on the app; not sure if it is needed on the FIT Count website; on the UK PoMS website the ideal would be for it to default to a UK link for each new user (although we may need to treat Channel Islands separately?).

I'm not sure if the users' country needs to be stored in the Drupal website or in the warehouse or both. I believe we are providing downloads of the FIT Count data based on location, so the country link is not needed to enable that. But it is needed to enable country coordinators to have access to the user emails for their country, and therefore I think it makes sense to store this in the Drupal website.

This seems reasonably straightforward to implement for new users, but will it also be possible to request that existing users specify a country, e.g. via the same pop-up as we need for the consent to the new Terms?

(It might be argued that some users will wish to link to more than one country, e.g. a user who lives near the border between Ireland and Northern Ireland. However, I think we only need to support a single country choice, and leave it to adjoining countries to publicise each other's activities if they wish.)

• action @kazlauskis @andrewvanbreda

Sorry for length of this issue! Happy to discuss and break down into individual actions (but after today I'm on leave until the new year).

[andrewvanbreda]

Hi @kitenetter ,

My thoughts are...

1. Does the privacy selection need to cover both website/app with a single selection? i.e. If a user selects to accept the privacy notice on the FIT Count app, will it need to show as selected on their UKPoMS website account page.

2. I would say if the answer to 2 is yes, then that is a problem that needs a solution. However, does the existing "Happy To Be Contacted" do that?, if so then perhaps the solution is there already.

3. The country specifying bit you mention there,. I guess the difficulty of specifying the country might depend on what you want to do with it? Does the selection effect anything else?

For instance, didn't you implement something to do with countries earlier in the year? I think we discussed it, but you implemented it yourselves, so I am not sure what was done. Does this relate to this?

My feeling with this is that because the selection is linked to what coordinators who need to download FIT Count data (see https://github.com/NERC-CEH/fit-count-app/issues/187), that would need to be a SQL report (not Drupal View), you will need a country field on the app that then is linked to a Drupal field, which then syncs to the warehouse. I think we might already do that for NPMS, I would need to check with Karolis. Or failing that you could get the app to sync it to an attribute in the warehouse directly. Either way, I think it will need to be linked to a person_attribute in the warehouse for including as a SQL report parameter.

I don't think the termlist necessarily needs to be in the warehouse, but the result needs to ended up in an person attribute value.

4. In terms of forcing existing users to select data privacy agreement. On NPMS we did something similar to this. We displayed a block on the page warning them that they haven't selected the agreement. It had a link to their account page on this block. I think it would also hide functionality from the site until this was selected. I can't remember the exact details, I am not sure if it still does this. It is certainly something that can be done. Can't speak for the app though.

5. As for forcing users to select country, we could use similar technique as in point 5 with a separate reminder notice.

I can't give you a price until we agree something, but I think this work would need extra budget for me outside of my usual timesheet.

[kitenetter]

1. The choice within the app does need to be reflected in the choice shown in the FIT Count website. The UK PoMS website registration is a completely separate process isn't it? So in fact the choice in the app does not need to be reflected in the UK PoMS website - the same opt-in question is needed for registrations on UK PoMS, but it doesn't have to be linked to the app.

2. I believe that the existing "Happy to be contacted" question in the app does get reflected into the FIT Count website, but the UK PoMS website is independent - that is fine, and aligns with point 1.

3. As far as I'm aware, the choice of country when registering is only needed so that we can allocate users to the correct mailing lists for the different country projects. So this doesn't need to be linked to the counts they submit (which are allocated based on their geolocation). Based on #187 I agree that the choice of country in the app will need to be synced to the warehouse.

Agree with your comments in 4 and 5.

[andrewvanbreda]

@kitenetter

So it sounds like it will be something similar to this.

Privacy Notice shown on UKPoMS, not linked to FIT Count. User is reminded similar way to NPMS.

FIT Count country app country selection to be synced to warehouse and FIT Count website. New SQL coordinator report(s) to use country selection are needed by querying Warehouse.

FIT Count website can also use reminders for country selection and/or data access selection as needed.

App reminders for data access agreement/country selection are to be determined by what Karolis says.

Where the country list is stored is to be determined by what Karolis says, this can be a static value stored in Warehouse, does have to be a warehouse termlists unless we decide that is best.

[kazlauskis]

Sure, we can do these requirements for the app. Drupal user accounts can have custom fields that we can use to sync the user's choices in the app to the website. We already use the field_happy_to_be_contacted website field that we set to "true" if the user permits the contact during the app's registration process. We can use this approach to add both the T&Cs and the country's choices.

For accepting the T&Cs: We can add another option like field_accept_terms_and_conditions and during the registration process present it as a toggle. New users couldn't process the registration without first checking this option, so it would always be "true" to new registrations through the app. For existing users, the app can first check if this user field from the website is "false", and if so, then present a popup prompting the user to agree to the new T&Cs. If they accept it, then we update the field_accept_terms_and_conditions on the website, if reject it, then we say how very sorry we are for losing them and close the app 🙂

For linking users to countries This is the same as this: https://github.com/NERC-CEH/fit-count-app/issues/144 @kitenetter do we need to sync the country choices from the website to the app?

[CCarvell]

Hi all - thank you for liaising on this before Christmas - where has the time gone! Coming back to this issue and just updating the message I wrote 10 minutes ago as I have now re-traced all the notes and docs I needed to access to get back to where we left off. I will check in with Martin and hope that we can come back to @andrewvanbreda and @kazlauskis with our approved version of the Privacy Notice, and proceed with the necessary registration updates. thanks.

[kitenetter]

Regarding @kazlauskis final question to me just above, I don't see a need to sync from the website to the app.