search

directus / directus

The flexible backend for all your projects 🐰 Turn your DB into a headless CMS, admin panels, or apps with a custom UI, instant APIs, auth & more.
https://directus.io
Other
28.24k stars 3.93k forks source link

Onboarding: GDPR compliance #20050

Closed alexchopin closed 10 months ago

alexchopin commented 1 year ago

Concerns about GDPR compliance with onboarding that need to be discussed:

  1. There is no explicit consent because the onboarding flow makes no mention at all about storing/collecting any of the data filled in.
  2. There is no way to opt-out at all, "skip" will still collect and submit your admin email address (except knowing about this feature and disabling it with environment variable before starting the api, which you cannot do on cloud).
  3. What is the flow for EU citizens to request their PII be removed?
benhaynes commented 10 months ago

I'm curious to hear Rijk's thoughts on this, but a few questions first:

  1. Is this in the CLI or the UI? Does compliance reference any data... or PII?
  2. Can we reference the ENV variable in the flow? Could we not capture the admin email address? Does it matter about cloud? We already have the user data from the parent account for the project.
  3. Seems like we just need a CTA in the dashboard and SoP/automation on our side, right?
    • We may also need an external form in case they already deleted their account, but then we need to build identity verification to know they are authorized to make the request.
br41nslug commented 10 months ago

Is this in the CLI or the UI? Does compliance reference any data... or PII?

The source doesnt matter, it applies to any PII we store independent where it comes from.

Could we not capture the admin email address?

That would be PII so not without consent.

Does it matter about cloud?

Less so, the main concern is self-hosted, so long as the admin account is the same as the registered cloud account then consent was probably already given when registering but there is no guarantee those are the same.

We may also need an external form in case they already deleted their account

We'll need that anyway if we're storing PII intentionally or unintentionally and for self-hosted instance that do not have an account on cloud. It isnt required to be a form tho, this can be handled over email if needed.

benhaynes commented 10 months ago

The source doesnt matter, it applies to any PII we store independent where it comes from.

Correct, I was just curious which one @alexchopin was talking about.

That would be PII so not without consent.

Correct, I was asking if there was any reason not to just remove that data.

Less so, the main concern is self-hosted, so long as the admin account is the same as the registered cloud account then consent was probably already given when registering but there is no guarantee those are the same.

👍

We'll need that anyway if we're storing PII intentionally or unintentionally and for self-hosted instance that do not have an account on cloud. It isnt required to be a form tho, this can be handled over email if needed.

👍

rijkvanzanten commented 10 months ago

This was resolved