Open bmarwell opened 4 years ago
I think there could be a new CustomImpressInterface
or similar.
As there are plugins available for wt1.7.x, this could target wt 2.1.0.
I started this a long time ago.
See https://dev.webtrees.net/demo-dev/privacy-policy
But I don't know what else to include in this page.
Great!
As said, we do have some requirements in Germany. This upcoming section is for Germany, but other countries may have similar but slightly different requirements.
The owner and operator of this website in accordance with Section 5 of the Telemediengesetz (German Telemedia Act) is:
Publishers name
Address
Telephone number or Email
Trade registry number
VAT number (if applicable).
It must be called “Impressum” – imprint, privacy, contact or even Webimpressum are not acceptable. It should be accessible from within 2 links from the homepage
CustomImpressModule
interface.I have created a new footer module PrivacyPolicy
.
It replaces the previous module CookeWarning
.
What else is required on this page?
If the goal is to make the respective webtrees site fully GDPR compliant, further steps have to be taken, see e.g. these links
https://www.hipaajournal.com/make-a-website-gdpr-compliant/ https://www.datenschutz.org/google-analytics-datenschutz/ https://makeawebsitehub.com/gdpr-for-wordpress/
Some things to consider in particular:
Consent must now be explicitly obtained through a clear, decisive action. If your website does not collect any personal data (including IP addresses) and does not use cookies and you do not have contact forms or newsletters, you will not have to do anything to be GDPR compliant. All other sites will need to obtain consent.
The whole issue is rather complex, and additional requirements may differ from country to country. I'm not sure it's at all feasible to support all this via webtrees modules. Ultimately, site owners may have to handle this on their own:
With that in mind, because of how dynamic every website is, no single plugin, solution, or platform can provide 100% GDPR compliance.
(the quote refers to wordpress sites, but likely also applies here)
I don't want to create a "GDPR" module. This is probably impossible.
Instead, I wanted a general-purpose "privacy page" states the facts about the site.
This, I hope, will be "good enough" for the majority of users.
Anyone with specific requirements (e.g. running the site commercially?) will need to create their own page.
My understanding is that personal data that is collected for "genealogical research" does not require the consent of the individuals in the tree (although they still have the right to access it, have it corrected, etc.).
What else is needed to satisfy the German "impressum" requirements? We show the actual email address of the site admin(s) - not just a contact form. Is a postal address also required, or is an email address sufficient?
Users must be able to opt out of analytics tools, a warning is apparently not enough.
webtrees is one of the few sites that obeys the DNT headers, and so users can opt out by selecting this option in their browser.
Hi greg,
In Germany, an impress might be required even if you do not use it commercially. It depends… (as always).
webtrees is one of the few sites that obeys the DNT headers
Even if webtrees obeys the DNT headers, the iframes from the data privacy statements from the Matomo (Piwik) or Google Analytics plugins need to be shown on such a privacy page.
Is a postal address also required
Yes, this is required.
§ 5 TMG: https://www.gesetze-im-internet.de/tmg/__5.html for persons (only citing for non-organizations):
den Namen und die Anschrift (name and postal address)
Angaben, die eine schnelle elektronische Kontaktaufnahme und unmittelbare Kommunikation mit ihnen ermöglichen, einschließlich der Adresse der elektronischen Post, … including email address
Companies, organizations and registred clubs are required to provide more information.
For wt 2.0
Although available as plugin, this should go into the core functionality.
In Germany we are required to have an easy accessible impress (not via sub menu, but header or footer is okay).
In Germany it must include name, address, etc. Especially if ads are shown or data is collected (eg Google analytics).
Therefore, we also need to enhance the plugins for Google Analytics and Piwik/Matomo to add their opt out and data consent etc to the impress page. And that's why I think this should go into the core functionality (as a core plugin).
The cookie consent could go into a separate plugin.