Closed nathcast closed 5 months ago
To whom it may concerns:
I know that nobody reads the Privacy and Cookie notices - https://www.rothamsted.ac.uk/privacy-and-cookies - but I did.
At first glance, it looked like a great document, and I pasted it verbatim for our e-RA website. On further reading, I found it had a lot of repeats and some typos. It could do with some reviewing and editing, to simplify the sentences and correct the typos
Meanwhile, we are drafting our own version (which will point to the Rothamsted one) - http://local-info.rothamsted.ac.uk/eRA/era2023/info/privacy
And as are also checking our forms, cookies and processes to ensure that e-RA is compliant to GDPR ( and might contact you on another ticket. )
Dr Nathalie Castells https://www.rothamsted.ac.uk/our-people/nathalie-castells
From Meeting:
During meeting:
We all had the course on GDPR. I am doing a round of looking at potential issues with GDPR, Privacy in the eRA website. see [[GDPR course]]
reading the Rothamsted PP, https://www.rothamsted.ac.uk/privacy-and-cookies page: listing the promises of that document and ensure that we deliver on these
https://www.dbxuk.com/blog-2023/cookies-vs-sessions However, it would be possible (but not recommended) to store personal information within a session cookie. This would not be compliant if it could be used to identify an individual. Sessions are OK, but I need to check that I am not recording anything that can identify a person
TODO:
[x] Correct the Privacy page in eRA and pass on to others for review
[x] make specific privacy notices for eRA that is sent with the UserRequest and also review what is on the modal
[x] Check sessions variables : Do they store private information?
[x] send message to LWarren with light suggestions to their document and my documents for review
[x] make a toast to say that we collect limited information for funding purposes and continuing on this site is considered consent
[x] Need a chat about the IP address: Do we need them for User Request?
[x] For the Downloads, It is nice to be able to identify download per unique person. https://law.stackexchange.com/questions/61076/storing-ips-and-gdpr-compliance that article explains that IP is personal data and as such they need to consent to have it collected.
[ ] Need to make google analytics GA4 GDPR compliant or stop using it. https://www.cookieyes.com/blog/google-analytics-gdpr/