Change terms and conditions infrastructure for GDPR

Bug #1734166 reported by Kristina Hoeppner on 2017-11-23
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
Wishlist
Unassigned

Bug Description

We need to make a series of changes in Mahara to comply with the GDPR. More info is available on the wiki at https://wiki.mahara.org/wiki/Developer_Area/Specifications_in_Development/GDPR_compliance

This report here deals with: "Need to re-think the possibility for institutions to have their own T&C and privacy statements since they are still part of the wider site, site admins can also run reports, and institutions can't decide which reports to make available or not. Rather than allowing institutions to fully overwrite the T&C and privacy statement, allow them to add additional information to an existing statement. That way they can add more institution-specific information without removing site information."

Separate wishlist items are created for the versioning of the T&C and also consent.

The GDPR is about transparency for the user. Thus, it might be most transparent to require consent for the site T&C and separately for the institution T&C. That way it is clear which ones are which and we can save the site text as one and the institution text as one as they will most likely also be updated independently.

Changed in mahara:
importance: High → Wishlist

It might be good to show the individual sections in panels. See bug #1734174 why this might be useful.

When the T&C are displayed on the self-registration screen, the "Register" button needs to come all the way at the end after all the T&C agreement and consent buttons that are necessary for a particular institution.

When T&C are changed, they automatically re-trigger being shown to users. I'll create a separate wishlist item for keeping T&C in draft status to allow making some more adjustments if needed before publication.

However, that is a "nice to have" only and not a GDPR must and thus will not be targeted to 18.04. The wishlist item is at bug #1734183

Currently, when you are on the site level, you can link to an external T&C and privacy page. Since we do need approval from people in Mahara, we should display the link on a Mahara page so they can view the content there but need to come back to Mahara for consenting.

All new features and changes that have been made as part of this are gathered in the blueprint at https://blueprints.launchpad.net/mahara/+spec/gdpr

Changed in mahara:
status: Confirmed → Fix Committed
tags: added: nominatedfeature
Robert Lyon (robertl-9) on 2018-04-05
Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers