Turn on "strict privacy" modus on the site level

Bug #1739688 reported by Kristina Hoeppner on 2017-12-21
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
High
Cecilia Vela Gurovic

Bug Description

We need to make a series of changes in Mahara to comply with the GDPR. More info is available on the wiki at https://wiki.mahara.org/wiki/Developer_Area/Specifications_in_Development/GDPR_compliance

The GDPR requires that users consent to the privacy statement of a site explicitely. Mahara can have multiple institutions and in theory it is possible that a user can be in multiple institutions.

We are excluding the case of users being in multiple institutions at the same time from the initial development work as it makes the consent and also removal of accounts much more complicated for the amount of time that we have available until the GDPR takes effect. Furthermore, the majority of Mahara sites is not multi-tenanted and thus people wouldn't be in multiple accounts.

What is to be done:

1. Create a Yes/No switch in Config site -> Site options -> Institutions settings as first option in that panel: Strict privacy.

2. The short grey description should have a sentence along the lines of: Turn on this option when your site needs to adhere to the GDPR (link to it).

3. Info icon for this option (text to be confirmed):
- Link to the GDPR
- Turning on this option will require everyone to accept the T&C and the privacy statement for the site / their institution.
- It will not be possible for people to be in multiple institutions at the same time.
- The option is not available if the current site has people in multiple institutions. If you need to turn on the strict privacy, then these accounts will need to be cleaned up.
- For more information and any text changes you may need to make to your T&C and privacy statement, please consult your lawyer. The Mahara project cannot provide legal advice.

4. When displaying this option, Mahara needs to be checked if there are users in multiple institutions. If so, the option is greyed out. If multiple institutions are allowed but there aren't any users in multiple institutions, the multi institution switch is moved to "No" and greyed out. If multi institutions is not allowed, the switch is greyed out.

5. Turning the "Strict privacy" switch to "Yes" also requires everyone to accept the T&C and privacy statement when they log in for the first time (once changes were made etc. as per the separate Launchpad items on that).

summary: - Turn on "stricter privacy" modus on the site level
+ Turn on "strict privacy" modus on the site level
Changed in mahara:
assignee: nobody → Cecilia Vela Gurovic (ceciliavg)

Number 5 has not been tackled yet. That will be done separately.

Changed in mahara:
status: Confirmed → In Progress

Item # 5 will be implemented in Bug: 1741799

Reviewed: https://reviews.mahara.org/8406
Committed: https://git.mahara.org/mahara/mahara/commit/ae6c3fd9c3a9c0fb8b5322171199847747548fb1
Submitter: Cecilia Vela Gurovic (<email address hidden>)
Branch: master

commit ae6c3fd9c3a9c0fb8b5322171199847747548fb1
Author: Cecilia Vela Gurovic <email address hidden>
Date: Fri Jan 5 09:50:15 2018 +1300

Bug 1739688: 'Strict privacy switch'

Created switch in site options. When set to 'yes',
it disables the multiple institution per user switch.

To do: When set to 'yes', force user to accept T&C
and privacy statement. Will be resolved in another
bug report #1741799

behatnotneeded

Change-Id: Ie62fb34a6c7cbf8e5b9bce93e76dc7c4a05376b9

Changed in mahara:
status: In Progress → Fix Committed
tags: added: nominatedfeature
Robert Lyon (robertl-9) on 2018-04-05
Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers