Privacy policy, user tracking and opt-in/out

[MortenHofft]

Currently there is no tracking and hence no consent popup. But several people mentioned the intention to use Google Analytics in the pilot applications.

I suggest adding an option to add a tracking GA ID to _config.yml that will then insert the tracking scripts/iframe and add a consent banner (with translatable text controlled by the editors).

And then have an option to overwrite the includes if someone has the need to replace the standard GA scripts with a different config or another provider.

[MattBlissett]

For Google Analytics, I think it's appropriate for us to use Consent mode:

Consent mode (beta) allows you to adjust how your Google tags behave based on the consent status of your users. You can indicate whether consent has been granted for Analytics and Ads cookies. Google's tags will dynamically adapt, only utilizing measurement tools for the specified purposes when consent has been given by the user.

If we deny "ad storage" access, then Google Analytics/Google Ads musn't use a hosted portal to add to a user's browsing profile. I expect we can always leave this as denied.

If we also deny "analytics storage" then Google Analytics is only sent "cookieless pings ... for basic measurement and modelling purposes".

It's worth testing, but https://www.simoahava.com/analytics/consent-mode-google-tags/ (and the comments) suggest the "cookieless ping" data isn't shown in Google Analytics, but eventually will be shown somehow.

There is some debate on whether the "cookieless pings" require consent at all. Presumably Google thinks so, otherwise I don't see a purpose to this, but this article ("Can these technologies actually be used without user consent") says the German data regulator says this is not possible:

According to the Orientation Help for Providers of Telemedia from the DSK, reach measurement can indeed represent legitimate interest for the website operator – but is only then necessary in the context of weighing up interests if no personal data is forwarded to third parties (e.g. Google), and the data is not to be used for the operator’s own purposes.

I assume browser privacy extensions, ad blockers etc will continue to block all this anyway. The only way around that would be to self-host basic analytics (i.e. send "cookieless pings" to a server we control, or process the webserver logs), but we should know what we're trying to measure before starting on something like that.

CC @thomasstjerne for similar issues for COL.

[MortenHofft]

Before proceeding with this issue we should clarify what legal responsibilities GBIF as a host have for how this is done.

Terms:

• link to gbif.org?
• provide legal text that should be used, but hosted on site?
• each site owners provide their own?

I tend towards just offering Google analytics as a predefined solution. Not GTM, adds etc as introduced above. But I'm far from being an expert user in user tracking and analytics. If anyone has specific needs or expertise they can bring, then that would be great

[timrobertson100]

I believe this will need the following:

1. A privacy policy markdown file that is in each HP. GBIF will provide a simple template, which will need a few minor edits from each installation to e.g. put in contact email addresses. A draft is now with the legal advisors.
2. A link to the privacy policy in the footer
3. A user acceptance highlighting the privacy policy, and allowing users to opt-in to the tracking. If they choose to opt out, then no GA should be used.
4. There should be a means of triggering opt-in again, should the privacy policy change.

An example of this approach is https://datacite.org/

Is this easily feasible, please?

[MortenHofft]

Standard Privacy policy

In the interest of making it easy to get a privacy page: I will add a privacy page to all portals. It will use a new layout type called standardPrivacy. The privacy page can be configured with 4 variables available in _config.yml. The privacy template is not ready for usage yet, but when the theme is updated with the correct version, then so will all the portals privacy page. As a portal owner it is already possible to fill the variables in _config.yml under privacy.

If the portal owners would rather write their own privacy policy, then they can simply delete the file and config again.

See also https://hp-theme.gbif-staging.org/privacy-policy-template

Google analytics

It has always been possible to add google analytics to the portals, but we have now made it easy to do so while getting the users consent. See https://hp-theme.gbif-staging.org/measurements

[MortenHofft]

@timrobertson100 https://github.com/gbif/jekyll-hp-base-theme/blob/master/_includes/privacyTemplate.md

Updating above will update the privacy policy on all pages that use the template. Currently it is just a stub showing how to use the variables and with a button to reset user preferences.

[jenningsdt]

Thank you for making this process easier. Will there be any translations available for the standard template?