Consent for cookies

[matmsa27]

Hi @norkans7

Recently, a customer disabled their u-report for privacy reasons, the lack of that popup/notification regarding permission and cookies would have been the reason. The customer commented "So the UReport website does not meet the requirements for consent for cookies. That's why we have temporarily deactivated the live page until we know how to deal with it."

Can we implement a warning about this for users who access UReport?

Thanks a lot.

[norkans7]

@matmsa27 Can you clarify more on the issue and the exact solution you are proposing?

[nathalliasalvador17]

Hi, @norkans7

I'm here to clarify the issue above.

We noticed that the U-Report Dashboard does not have any notification related to cookies consent. check the examples attached here.

Basically, we want to know if its possible to deploy this type of feature on the u-report dashboard. How long this would take and what type of information we need to provide to start this work.

Please, let me know if its clear now.

Thank you in advance.

[ericnewcomer]

@matmsa27 I think a simple cookie policy toast that pops up on the bottom for those without the cookie having been accepted yet makes sense. The policy itself can be a static file added by the hosting vendor. This is something that seems pretty straight-forward enough that we'd be open to taking a PR for so long as there are mockups to discuss ahead of time.

[matmsa27]

Hi @ericnewcomer ,

Initially, we thought of something like this so that when the user opens a UReport page, the consent to cookies is carried out this way, what do you think?

How could the static file be configured through the UReport host?

[ericnewcomer]

This aligns with what I was saying. I'm just saying that the link to the actual policy there should just go to a url that is perhaps configured in the settings file.

[matmsa27]

Hmmm, I see. What do you think about the link to the policy could be? A link to redirect the user to a new webpage or to download a file with policy for example?

[ericnewcomer]

I'm saying the url itself can be in the settings, so COOKIE_POLICY_URL = "...". This would allow anybody to host the policy document however they like.

[matmsa27]

Nice, perfect. We will open the PR for this, it's okay? Any other comments about the prototype?

[ericnewcomer]

Sounds good. I think it's probably fine to store consent in a cookie and have non-consenters get prompted forever.