GDPR Compliance

[kohsah]

We need to make the Portal support GDPR Compliance.

Current areas of concern in terms of the current portal implementation:

• Cookies - we don't use them, but we could use them to track logged in behavior
• External Plugins - e.g. facebook comments plugin is a third party loaded thing, how does that impact our GDPR compliance.
• Consent Interaction - there is no functionality in portal ui to support consent interaction
• User Sign up - users can sign up to the portal as users - does signing up imply a different kind of consent ?

This issue is intended as a catch-all for all GDPR related stuff once we have more clarity on the issue.

[ccsmart]

• Cookies - we don't use them, but we could use them to track logged in behavior

I'd recommend to avoid them. IMO goal should be that on anonymous access (without login) we do not track anything personal / only data of statistical nature.

• External Plugins - e.g. facebook comments plugin is a third party loaded thing, how does that impact our GDPR compliance.

The website provider is responsible for complying and that includes making sure that 3rd parties also do. This responsibility is in all aspects including informing, agreement, making the data accessible, maintaining, deleting etc.

• Consent Interaction - there is no functionality in portal ui to support consent interaction

I'd recommend for personal data involvement to start only after sign up / log in. The signup process can include the information and consent step. Only after consent an account shall become activated.

• User Sign up - users can sign up to the portal as users - does signing up imply a different kind of consent ?

If we'd have two phases with data collection, then technically it would be, if that was not covered by the intial / anonymous one.

[ccsmart]

To verify our exposure, we would also have to know about the libraries and other external resources we use that may trigger access to third party sites (ie webfonts or node modules potentially containing features that call home). Wherever possible we should avoid such.

[ccsmart]

For the installer on the side of platform configuration, apache log files shall be configured such that IP addresses are truncated. Possible tool: https://www.privacyfoundation.ch/de/service/anonip.html

[kohsah]

@ccsmart see this thread: https://github.com/google/fonts/issues/1495 incredible amount of confusion there ! not helped by the google representative giving boilerplate replies 👎

[ccsmart]

Maximus80, one of the early commenters pretty much nails it. When you use google webfonts as a service from google servers you make your users IP address (at least) go to google. IP address is explicitly mentionned in gdpr as private information. The responsibility to comply with gdpr is by the website owner. Apart from complying yourself, one of the responsibilities is (after you comply yourself) you also make sure that 3rd parties you use (ie google) dont break your compliance which is where the service contract comes in. In webfonts case regarding IP though, upfront there is nothing that google could do to make themselves "more" compliant. Its solely a story for the website owner who if he uses webfonts as a service, has to ask user for their consent before making them go to google. No more, no less, pretty simple from a technical and legal perspective.

[ccsmart]

As an addition though lets get into some less clear area.

WIth the creation of gdpr, the providers behaviour to predefine your choices and let you "confirm" an agreement to everything and that way let everything go unchanged by conditioning user behaviour or otherwise just reject by default, making all the "dont agree to that one" tedious work whcih you have to redo each time theres a feature update, was / is well known. So for the idea of gdpr to even just ahve a chance to get through theres two more items in there.

First there is the requirement that your defaults have to be the privacy friendly variant, and you have to enable provision of additional data explicitly.

Second, items that are non essential / not required for your service must be optional. Ie, if you simply provide a forum that lets users exchange and discuss cooking recipes, then geolocation is not required for that service. So if you want to use that for targeted ads. then that must be disabled as default and you may not lock out users that do not accept gelocation to be enabled. Its clear, these two are amongst those that will lead to a lot of back and forth in actual cases what is and what isnt required. Ie, if your whole basis of said recipe exchange is advertising that can define geolocation as somewhat required...

Back to Google Fonts though, it likely means if you intend to use them as a service from Google, and for compliance before going to your actual page you present a simple compliance and consent page, if somebody would reject consent, you probably have to let them in using default fonts. If such a case would be brought up, it would probably be harder to explain why a page cannot be rendered with system fonts and reject users if you are not a service with the intention to compare fonts.

No doubt, a lot of fun in this topic.

[ccsmart]

I would like to add Wikipedia as a resource for a good summary:

https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

[kohsah]

Furthermore for things like fonts which are processed before the page is loaded it would be extremely complicated to prompt a user with a choice before the page is loaded. So would say that for the main portal we keep all fonts local... Of course people wanting to use the portal in their own way are free to load whatever they want....

[kohsah]

Also this page from CDN provider cloudflare https://www.cloudflare.com/gdpr/introduction/

On Wed, 20 Jun 2018, 23:16 Ashok Hariharan, ashok@hariharan.org.in wrote:

Furthermore for things like fonts which are processed before the page is loaded it would be extremely complicated to prompt a user with a choice before the page is loaded. So would say that for the main portal we keep all fonts local... Of course people wanting to use the portal in their own way are free to load whatever they want....