mircobabini
commented
2 years ago Maybe we should allow admins to kick this off.
Yes.
Maybe we should just check for changes to the TOS page
No. Because TOS page can be an embed of an external TOS content by 3rd party generators like Iubenda. Also, If I spot a typo or I want to rephrase a paragraph, doesn't always require to reaccept the TOS.
RE Consent API, some more history:
https://wpconsentapi.org/ This is an interesting demo of the Consent API framework from the WP Privacy Team.
At the time of writing it's integrated with:
- Cookiebot
- Compliantz.io
- An example plugin: https://github.com/rlankhorst/consent-api-example-plugin
The official feature proposal https://make.wordpress.org/core/2020/04/01/feature-plugin-proposal-wp-consent-api/
Compliantz has an article about how they are using the Consent API to avoid issues with CF7 integration: https://complianz.io/why-the-wp-consent-api-is-important-a-case-study-with-cf7-and-recaptcha/
We need a mechanism to ask existing users to consent to the TOS if we don't have data that they've done so at checkout. This could be because they were added manually or joined the site before the recent TOS updates went out.
We also want to ask users to consent again if the TOS has been updated. Maybe we should just check for changes to the TOS page or maybe we should allow admins to kick this off.
WordPress core has been working on similar features. Here is one related ticket: https://core.trac.wordpress.org/ticket/44043
If we can, we should piggy back on the systems and style/UI/etc that core is using for this.