v2 app legal compliance

[josh-chamberlain]

blocker for #248

Context/comments

Things we protect

• their login info

We won't associate user info with

• their search / viewing history

We'll only associate their user info via opt-in per action

• making a data request
• submitting a data source

Rights we waive

• probably a bunch of stuff

Requirements

• [ ] EU cookie compliance
• [ ] GDPR compliance
• [ ] https://github.com/Police-Data-Accessibility-Project/data-sources-app/issues/423

[maxachis]

@josh-chamberlain I have questions regarding this:

1. Would this entail adding a new web page to the application which users must click through?
2. I assume accepting it means the user can progress. If they reject it, are they unable to register as a user?
3. Do we have an idea of what the content would be for this ToS?
4. Related to 3, do we want to consult with someone with legal experience regarding it?

[josh-chamberlain]

@maxachis this issue was intended to cover point 3, content. Mostly, I want to make sure everyone's clear that their privacy is protected. I would like very much to avoid a ToS that is longer than a few sentences so people aren't agreeing to something they haven't read.

[maxachis]

@josh-chamberlain When we're talking about people's privacy, which domains of privacy are we guaranteeing? Their login information, any requests they make, any data they may add?

[josh-chamberlain]

@maxachis unknown, I'll edit the issue to include a list

[maxachis]

@josh-chamberlain Do we have any legal contacts or other individuals we could utilize for reference, or the terms of service of other similar organizations whose ToS we could emulate?