[Feature Request] Modern Ui Login Page. Accept terms and conditions and privacy policy

[Track-traces]

GDPR The General Data Protection Regulation (GDPR) is an important and globally-influential data and privacy law from the European Union. The GDPR applies to mobile apps that collect and process personal data of EU citizens. It doesn't matter if your app is operated from outside of the EU.

On Login page would be nice to have checkboxes with clickable links for; -accept terms and conditions -accept privacy policy

This way users need to confirm and accept these terms.

[tananaev]

You mean on the registration page?

[Track-traces]

Hi Anton, both on the login page and registration page.

Since after registration (registering with email address is indeed already GDPR). Users will / can for instance add devices with username, phone numbers etc etc.. Which is also GDPR since all these details are stored in Traccar database.

So only able to register / login after accepting the terms and conditions and privacy policy by ticking the checkboxes and remember its checked.

As an example for registration and login page.

[tananaev]

I've never seen a website that requires to confirm terms and conditions on every login. Why is it needed if you already confirm it during registration?

[Track-traces]

Actually in Europe i cant hardly find any services which do not have that on the login page. I think its also done to be able to read the terms and conditions and privacy policy again before using the service after registering. Some more examples.

But that said. If you find it a better Idea to only add it to the registration page i would also be happy :).

[tananaev]

Looks like all of them have a single checkbox, not two. What about some big global websites/apps? Like Apple, Google, Amazon etc. Do they also show it on their login page if you login from Europe? I'm sure they are GDPR compliant.

[Track-traces]

From what i see in Europe, Yes.

[tananaev]

That is not the same thing as a checkbox. This seems more reasonable to have links.

[Track-traces]

Yes, it just an example where you can see that on the login page they refer to the terms and conditions and privacy policy. As we can see its not uncommon for big global websites/apps in Europe regardless of checkboxes.

[Track-traces]

Apple hast the same policy on their login pages here (bottom page, it translated but the same)

[Track-traces]

While reading up on GPDR law we can read that the users needs to give their consent.. So i would guess when the user registers.

https://gdpr.eu/gdpr-consent-requirements/

We can read..

Consent must be unambiguous That is, there should be no question about whether the data subject has consented. “Silence, pre-ticked boxes or inactivity should not therefore constitute consent,” according to GDPR Recital 32.

Unambiguous consent “could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject’s acceptance of the proposed processing of his or her personal data.”

From which we can conclude that "just" adding links would not be enough when registering.

[Track-traces]

Some more info. Amazon.de actually mentions it twice on the login page.

[Track-traces]

So to conclude, adding links to the terms and conditions and privacy policy on the Login page. And a checkbox and links to the terms and conditions and privacy policy on the registration page would actually comply with GDPR.

[Track-traces]

Now that i slept over it :) this GDPR law also means that any tracking server running in Europe would need to ask for consent for data processing when registering an account on that tracking server.. Because of data processing like, email, phone numbers, names and locations etc.

Countries Covered by GDPR The following countries are covered by the GDPR: Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the United Kingdom. Because the United Kingdom was still a part of the European Union when the GDPR was enforced, the regulation will be absorbed into the U.K.’s law.

So i guess the demo servers in the UK and Germany are also the ones to think about.

[TecSeguridad]

I think the links are more appropriate

[Track-traces]

You should not think about what is appropiate without considering the Law.

The EDPD Has Spoken: Pre-ticked Boxes Are No Longer Valid In May 2020, the European Data Protection Board (EDPB) published updated guidance on the use of consent under the GDPR. The guidance is clear on the fact that pre-ticked boxes are not a valid way to obtain consent from individuals.

The EDPB states that consent must be given through a “positive action”, such as ticking a box or clicking a button. This means that consent cannot be bundled with other terms and conditions, and must be separate from them. In addition, the EDPB guidance says that consent must be “unambiguous”, which means that it should be clear to individuals what they are consenting to.

[tananaev]

Can you provide some reference where it says it must be applied to every login? I understand that you need to explicitly consent when you sign up for an account, but that's not what we're talking about here.

[Track-traces]

I did not mean to say that it must be applied to every login. What i understand from the law is that if you create an account and / or make use of the service. Then you have to accept the terms and conditions and privacy policy once. This can be done thrue a tickbox or slider as stated. Once the box is ticked or the slider is moved then it can stay in that postion for all logins after that.

Actually thats exactly what happens with all the apps shown in the top of this page.

[Track-traces]

At the end of the day it clearly states that you need the users consent if you offer a service where personal data is used.

https://commission.europa.eu/law/law-topic/data-protection/reform/rights-citizens/how-my-personal-data-protected/how-should-my-consent-be-requested_en

And as the example shows its not allowed to use a pre ticked box. So it can only be an unticked box or a slider. So as i read it, it is only valid as described above with links to the terms and conditions and privacy policy and a tickbox or slider to confirm it.

Currently we do not have any of those for registration or the use of the tracking service.

[Track-traces]

Well Done Anton the Accept button is Perfect !