Provide optional and customisable additional consent checkboxes during onboarding.

[phoeinx]

Currently, contributors during onboarding have to consent to a privacy statement / data protection statement. The exact statement they are consenting to, can be configured for each instance as a link in the settings.

Some users would like to ask their contributors for additional consent e.g. for marketing purposes. Ideally, this should be displayed as an extra checkbox during onboarding. Like e.g.:

As different instances will need different types of consent or no additional consent at all, this field should be optional and configurable in the Settings. As I assume that some instances want to ask for additional consent that isn't required to participate (e.g. for marketing purposes) it should be configurable if the consent is required.

In regards to storing the given consent, I would propose adding a field to our contributor model that stores the time of a possibly given additional_consent. The stored timestamp would then have to be matched to the consent that was asked for at that moment. I am not sure if that is enough legally, as it could be possible that someone changes what people have to agree to after people have already given their consent. (But I think that this issue applies to our previous data consent solution, too.)

[tillprochaska]

Thanks, a few more thoughts on this one:

• Making any other additional consent (that isn’t strictly required for technical purposes) mandatory probably would probably violate GDPR anyways, so I think wether the consent is optional or required shouldn’t be configurable, but it should always be optional.

• We’d need to have a way to display or export wether a contributor gave additional consent. I could imagine that we add a new legal/GDPR section to contributor profiles, that we allow editors to export a CSV/Excel file, or that we add an export feature to the admin dashboard.

[phoeinx]

Hi, thanks for the input! Both are good points. In regard to displaying / exporting given consent, displaying it in a GDPR section in the Contributor profile would probably be quicker to implement. I also think that being able to see given consent at a glance in the Contributor profile makes sense even if we add an CSV export feature.

Anyhow, a CSV export feature has been under discussion for a long time (#190) - has it come up as a feature wish in user discussions in your experience ?

[tillprochaska]

I think there is an administrate plugin that would allow to implement an export for any resource without lots of effort.

[tillprochaska]

It's not something that has come up in user research, but my guess would be that if consent is collected, newsrooms would like to be able to import data into newsletter/CRM tools. I think I'd ask users about that. And in general, export for messages and contributors as come up in different situations

[tillprochaska]

We could also implement the checkbox first and implement exports/a GDPR section as a second step, as I think that's less urgent.

[phoeinx]

It's not something that has come up in user research, but my guess would be that if consent is collected, newsrooms would like to be able to import data into newsletter/CRM tools. I think I'd ask users about that. And in general, export for messages and contributors as come up in different situations

I agree that exporting consent data is a very likely use case. My question was more targeted towards the general export feature because I was surprised that we did not implement it yet. To me it appears to be a very useful feature and it has been under discussion for quite a while, so I wanted to know if there perhaps was some reason we did not work on it yet. (Missing interest from users etc) But that's good to know and even more reason to also implement the CSV export with this feature.

And I agree on splitting up this issue into consent checkbox and later on CSV export.

[FrauCsu]

Checkbox needed by the end of this week (due Sunday, 27th). Possible, @phoeinx @tillprochaska? The additional export csv option for newsrooms is a needed feature if additional checkboxes are put into place. So should I prioritize #190 for that?

[phoeinx]

Checkbox needed by the end of this week (due Sunday, 27th). Possible, @phoeinx @tillprochaska?

27th is possible for me for the checkbox, I would try to implement the feature until Friday so that there is enough time to review. Do you need the CSV export until the 27th, too?

The additional export csv option for newsrooms is a needed feature if additional checkboxes are put into place. So should I prioritize #190 for that?

Yes, please. I think it would make most sense to just offer one CSV export functionality exporting all contributor data. Users who only need the consent data can then also work with that.

[FrauCsu]

Do you need the CSV export until the 27th, too? Not necessarily, but asap. Maybe @tillprochaska or @roschaefer can quickly work on #190 ? I think it would make most sense to just offer one CSV export functionality exporting all contributor data. Users who only need the consent data can then also work with that. Yes