search

plone / volto

React-based frontend for the Plone Content Management System
https://demo.plone.org/
MIT License
460 stars 624 forks source link

Provide a canonical way of checking for GDPR/Cookie consent #4010

Open ericof opened 1 year ago

ericof commented 1 year ago

As an addon developer, I would like to have a canonical way to check if consent was given to GDPR/LGPD/Cookies and then decide if a block/feature should be available,

Nowadays, some add-ons implement GDPR/Cookie consent:

(And probably every other project has its implementation)

Although there is value in a "custom" consent form that adheres to each customer's need, I propose Volto implement a default API to store/retrieve the consent information from Redux (or cookie), and then the listed add-ons would focus only on UX features.

In doing so, add-on developers would benefit from having one way to check if they should make a feature available or not.

One clear example is @plonegovbr/volto-twitter-block. To implement a GDPR-friendly version of the block, we need to either implement another consent form or check for volto-gdpr-privacy or @kitconcept/volto-dsgvo-banner installations.

JeffersonBledsoe commented 1 year ago

@ericof Just wanted to clarify, is this is solely focused on providing a way to read & write whether a consent (or different categories of consent) has been given rather than providing any UI for the consent?

erral commented 1 year ago

In classic ui Plone sites this has been an issue, because if the end user pastes a YouTube video or any other iframe from any third-party service the website (and not the third-party service) is the responsible of asking the user consent.

That's why we have been using comercial services like cookiebot to block such kind of cookies, because the end-user, you know, can do very strange things with external services. These days we have been working on cookiebot integration for Volto, but I know that that's another story.

What I wanted to say is that, it's good to have a common way to manage the consents, but then all addon developers should use it to handle the consent, and all blocks should be aware of that consent management tool, otherwise it is not worth the effort.

EEA already has volto-embed that provides a way to wrap the video or maps block to ask the end-user consent before loading the underlying video or map. That could be a place to start looking at.

ericof commented 1 year ago

@ericof Just wanted to clarify, is this is solely focused on providing a way to read & write whether a consent (or different categories of consent) has been given rather than providing any UI for the consent?

Exactly. the UI could be implemented anyway you want, but at least there will be a single source of truth

ericof commented 1 year ago

@erral This would be my goal: "all addon developers should use it to handle the consent". (Instead of having 10 distinct implementations)