[Bug 20819] New: GDPR: Add a consent field for processing personal data

classic Classic list List threaded Threaded
84 messages Options
123
Reply | Threaded
Open this post in threaded view
|

[Bug 20819] New: GDPR: Add a consent field for processing personal data

bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20819

            Bug ID: 20819
           Summary: GDPR: Add a consent field for processing personal data
 Change sponsored?: ---
           Product: Koha
           Version: master
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5 - low
         Component: Patrons
          Assignee: [hidden email]
          Reporter: [hidden email]
        QA Contact: [hidden email]
                CC: [hidden email], [hidden email]

See 18081

--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 20819] GDPR: Add a consent field for processing personal data

bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20819

Marcel de Rooy <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |18081


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18081
[Bug 18081] [omnibus] GDPR (General Data Protection Regulation)
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 20819] GDPR: Add a consent field for processing personal data

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20819

George Williams (NEKLS) <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |[hidden email]

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 20819] GDPR: Add a consent field for processing personal data in account menu and self-registration

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20819

Marcel de Rooy <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|GDPR: Add a consent field   |GDPR: Add a consent field
                   |for processing personal     |for processing personal
                   |data                        |data in account menu and
                   |                            |self-registration

--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 20819] GDPR: Add a consent field for processing personal data in account menu and self-registration

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20819

--- Comment #1 from Marcel de Rooy <[hidden email]> ---
Created attachment 75765
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75765&action=edit
Bug 20819: Dbrev for new table patron_consent and sysprefs

[1] We add table patron_consent.
It allows for future extension. We could e.g. save consent for newsletter etc.
[2] Add one field to borrower_modifications
Datetime the patron who self-registered, gave consent.
[3] Syspref PrivacyPolicyURL
[4] Syspref GDPR_Policy: enforced, permissive or disabled.

Test plan:
[1] Run the dbrev or do a new install.
[2] Look at the description of the new prefs in Administration.

Signed-off-by: Marcel de Rooy <[hidden email]>

--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 20819] GDPR: Add a consent field for processing personal data in account menu and self-registration

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20819

--- Comment #2 from Marcel de Rooy <[hidden email]> ---
Created attachment 75766
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75766&action=edit
Bug 20819: DBIx schema changes

No test plan.

--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 20819] GDPR: Add a consent field for processing personal data in account menu and self-registration

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20819

--- Comment #3 from Marcel de Rooy <[hidden email]> ---
Created attachment 75767
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75767&action=edit
Bug 20819: Add Koha object classes for patron consents

Introduces Koha::Patron::Consent[s] for new table.
Adds basic CRUD test.

Test plan:
Run t/db_dependent/Koha/Patron/Consents.t

--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 20819] GDPR: Add a consent field for processing personal data in account menu and self-registration

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20819

Marcel de Rooy <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|[hidden email]-commun |[hidden email]
                   |ity.org                     |
             Status|NEW                         |ASSIGNED
   Patch complexity|---                         |Small patch

--- Comment #4 from Marcel de Rooy <[hidden email]> ---
More patches forthcoming tomorrow or so.

--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 20819] GDPR: Add a consent field for processing personal data in account menu and self-registration

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20819

--- Comment #5 from Marcel de Rooy <[hidden email]> ---
Created attachment 75818
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75818&action=edit
Bug 20819: Add your consents tab to opac-user

This patch adds a consents tab to the OPAC user account menu. We now
add a GDPR section here, but it is open for future extensions. Think of
a newsletter checkbox for instance.

Script opac-patron-consent handles the tab. And now only includes some
GDPR code but is also written for more general use too.

Test plan:
[1] Set GDPR_Policy pref to Disabled. Verify that OPAC operates as usual.
[2] Set pref to Permissive. Try to save a consent or a refusal. Note that
    you are not logged out when saving a refusal.
[3] Set pref to Enforced. Save a refusal. You should be logged out.
    Log in again and verify that the consents tab shows a No.
    Note: a follow-up patch will add further enforcements.

Signed-off-by: Marcel de Rooy <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 20819] GDPR: Add a consent field for processing personal data in account menu and self-registration

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20819

--- Comment #6 from Marcel de Rooy <[hidden email]> ---
Created attachment 75819
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75819&action=edit
Bug 20819: Add check in get_template_and_user to enforce GDPR

If you choose to enforce GDPR policy, a user needs to give consent for
data processing before he does something else in the OPAC while being
logged in.

Test plan:
[1] Set GDPR_Policy to Disabled or Permissive. Usual behavior.
[2] Set to Enforced. Save a refusal on your consents. Notice that
    you are logged out when saving. When you login again, all OPAC
    requests are redirected to your consents tab.

Signed-off-by: Marcel de Rooy <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 20819] GDPR: Add a consent field for processing personal data in account menu and self-registration

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20819

--- Comment #7 from Marcel de Rooy <[hidden email]> ---
Created attachment 75820
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=75820&action=edit
Bug 20819: Add consent to self-registration process

We add a section for the GDPR consent in opac-memberentry (only for the
self-registration). Not when editing personal details.

Test plan:
[1] Enable selfregistration (with confirm) and GDPR policy.
[2] Register a new account in OPAC. Verify that the GDPR checkbox is
    required.
[3] After you submit, you should see a date in borrower_modifications
    field gdpr_proc_consent.
[4] When you confirm, verify that the consent is visible on your consents.
[5] Enable selfregistration without confirmation mail. Register again.
[6] Check your consents tab again.

Signed-off-by: Marcel de Rooy <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 20819] GDPR: Add a consent field for processing personal data in account menu and self-registration

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20819

Marcel de Rooy <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |Needs Signoff

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 20819] GDPR: Add a consent field for processing personal data in account menu and self-registration

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20819

Lisette <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |[hidden email]

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 20819] GDPR: Add a consent field for processing personal data in account menu and self-registration

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20819

Marcel de Rooy <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #75766|0                           |1
        is obsolete|                            |

--- Comment #8 from Marcel de Rooy <[hidden email]> ---
Created attachment 76781
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=76781&action=edit
Bug 20819: DBIx schema changes

No test plan.

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 20819] GDPR: Add a consent field for processing personal data in account menu and self-registration

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20819

Marcel de Rooy <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #75767|0                           |1
        is obsolete|                            |

--- Comment #9 from Marcel de Rooy <[hidden email]> ---
Created attachment 76782
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=76782&action=edit
Bug 20819: Add Koha object classes for patron consents

Introduces Koha::Patron::Consent[s] for new table.
Adds basic CRUD test.

Test plan:
Run t/db_dependent/Koha/Patron/Consents.t

Signed-off-by: Marcel de Rooy <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 20819] GDPR: Add a consent field for processing personal data in account menu and self-registration

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20819

Marcel de Rooy <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #75818|0                           |1
        is obsolete|                            |

--- Comment #10 from Marcel de Rooy <[hidden email]> ---
Created attachment 76783
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=76783&action=edit
Bug 20819: Add your consents tab to opac-user

This patch adds a consents tab to the OPAC user account menu. We now
add a GDPR section here, but it is open for future extensions. Think of
a newsletter checkbox for instance.

Script opac-patron-consent handles the tab. And now only includes some
GDPR code but is also written for more general use too.

Test plan:
[1] Set GDPR_Policy pref to Disabled. Verify that OPAC operates as usual.
[2] Set pref to Permissive. Try to save a consent or a refusal. Note that
    you are not logged out when saving a refusal.
[3] Set pref to Enforced. Save a refusal. You should be logged out.
    Log in again and verify that the consents tab shows a No.
    Note: a follow-up patch will add further enforcements.

Signed-off-by: Marcel de Rooy <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 20819] GDPR: Add a consent field for processing personal data in account menu and self-registration

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20819

Marcel de Rooy <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #75819|0                           |1
        is obsolete|                            |

--- Comment #11 from Marcel de Rooy <[hidden email]> ---
Created attachment 76784
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=76784&action=edit
Bug 20819: Add check in get_template_and_user to enforce GDPR

If you choose to enforce GDPR policy, a user needs to give consent for
data processing before he does something else in the OPAC while being
logged in.

Test plan:
[1] Set GDPR_Policy to Disabled or Permissive. Usual behavior.
[2] Set to Enforced. Save a refusal on your consents. Notice that
    you are logged out when saving. When you login again, all OPAC
    requests are redirected to your consents tab.

Signed-off-by: Marcel de Rooy <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 20819] GDPR: Add a consent field for processing personal data in account menu and self-registration

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20819

Marcel de Rooy <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #75820|0                           |1
        is obsolete|                            |

--- Comment #12 from Marcel de Rooy <[hidden email]> ---
Created attachment 76785
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=76785&action=edit
Bug 20819: Add consent to self-registration process

We add a section for the GDPR consent in opac-memberentry (only for the
self-registration). Not when editing personal details.

Test plan:
[1] Enable selfregistration (with confirm) and GDPR policy.
[2] Register a new account in OPAC. Verify that the GDPR checkbox is
    required.
[3] After you submit, you should see a date in borrower_modifications
    field gdpr_proc_consent.
[4] When you confirm, verify that the consent is visible on your consents.
[5] Enable selfregistration without confirmation mail. Register again.
[6] Check your consents tab again.

Signed-off-by: Marcel de Rooy <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 20819] GDPR: Add a consent field for processing personal data in account menu and self-registration

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20819

--- Comment #13 from Marcel de Rooy <[hidden email]> ---
Trivial rebase

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 20819] GDPR: Add a consent field for processing personal data in account menu and self-registration

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20819

Jon Knight <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |[hidden email]

--- Comment #14 from Jon Knight <[hidden email]> ---
Do we need to keep a copy of the template in use during the consent in the
database along with the borrower ID and date?  The UK ICO page on consenting
seems to say we do:

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/consent/how-should-we-obtain-record-and-manage-consent/

(second example).

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 20819] GDPR: Add a consent field for processing personal data in account menu and self-registration

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20819

--- Comment #15 from Marcel de Rooy <[hidden email]> ---
(In reply to Jon Knight from comment #14)
> Do we need to keep a copy of the template in use during the consent in the
> database along with the borrower ID and date?  The UK ICO page on consenting
> seems to say we do:
>
> https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-
> regulation-gdpr/consent/how-should-we-obtain-record-and-manage-consent/
>
> (second example).

Thx for your interest in this patch.

The link says:
===
If consent was given online, your records should include the data submitted as
well as a timestamp to link it to the relevant version of the data capture
form.
You keep records that include an ID and the data submitted online together with
a timestamp. You also keep a copy of the version of the data-capture form and
any other relevant documents in use at that date.
===

This patch registers the borrower ID and the timestamp of consent given. What
each library should keep somehow (not described), is: a version history of the
template, esp. the exact text for the consent and a history of the referenced
privacy page text. In that way you can 'prove' that the user gave consent for a
specific version of template and privacy page.
(Note: the privacy page is only specified in this patch by a preference called
PrivacyPolicyURL. The library itself should create that local page.)

I am no legal expert, but I can't imagine that we need to save these texts at
an individual consent level.
Hope this is clear enough?

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 20819] GDPR: Add a consent field for processing personal data in account menu and self-registration

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20819

--- Comment #16 from Jon Knight <[hidden email]> ---
I was focusing on the example box with the tick (in other words the right,
approved way the ICO expect this to be handled) that says:

"You keep records that include an ID and the data submitted online together
with a timestamp. You also keep a copy of the version of the data-capture form
and any other relevant documents in use at that date."

So to me that does imply the need to save these texts at an individual consent
level, as they all form part of the consent package for that user.

Indeed the "crossed" part (wrong) of that example says,

"You keep the time and date of consent linked to an IP address, with a web link
to your current data-capture form and privacy policy"

so they seem to think that just knowing what the PrivacyPolicyURL was set to at
the time of consent is not enough.

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 20819] GDPR: Add a consent field for processing personal data in account menu and self-registration

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20819

--- Comment #17 from Marcel de Rooy <[hidden email]> ---
I was looking at the same text as you. But I concluded that we need to save the
consent tekst somewhere in a version history not on consent level (that would
be unneeded redundancy).
But not implying that saving a URL would be enough.

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 20819] GDPR: Add a consent field for processing personal data in account menu and self-registration

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20819

Marcel de Rooy <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|Needs Signoff               |Patch doesn't apply

--- Comment #18 from Marcel de Rooy <[hidden email]> ---
Probably changes on Member..

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 20819] GDPR: Add a consent field for processing personal data in account menu and self-registration

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20819

Marcel de Rooy <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #75765|0                           |1
        is obsolete|                            |

--- Comment #19 from Marcel de Rooy <[hidden email]> ---
Created attachment 77264
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=77264&action=edit
Bug 20819: Dbrev for new table patron_consent and sysprefs

[1] We add table patron_consent.
It allows for future extension. We could e.g. save consent for newsletter etc.
[2] Add one field to borrower_modifications
Datetime the patron who self-registered, gave consent.
[3] Syspref PrivacyPolicyURL
[4] Syspref GDPR_Policy: enforced, permissive or disabled.

Test plan:
[1] Run the dbrev or do a new install.
[2] Look at the description of the new prefs in Administration.

Signed-off-by: Marcel de Rooy <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 20819] GDPR: Add a consent field for processing personal data in account menu and self-registration

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20819

Marcel de Rooy <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #76781|0                           |1
        is obsolete|                            |

--- Comment #20 from Marcel de Rooy <[hidden email]> ---
Created attachment 77265
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=77265&action=edit
Bug 20819: DBIx schema changes

No test plan.

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 20819] GDPR: Add a consent field for processing personal data in account menu and self-registration

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20819

Marcel de Rooy <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #76782|0                           |1
        is obsolete|                            |

--- Comment #21 from Marcel de Rooy <[hidden email]> ---
Created attachment 77266
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=77266&action=edit
Bug 20819: Add Koha object classes for patron consents

Introduces Koha::Patron::Consent[s] for new table.
Adds basic CRUD test.

Test plan:
Run t/db_dependent/Koha/Patron/Consents.t

Signed-off-by: Marcel de Rooy <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 20819] GDPR: Add a consent field for processing personal data in account menu and self-registration

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20819

Marcel de Rooy <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #76783|0                           |1
        is obsolete|                            |

--- Comment #22 from Marcel de Rooy <[hidden email]> ---
Created attachment 77267
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=77267&action=edit
Bug 20819: Add your consents tab to opac-user

This patch adds a consents tab to the OPAC user account menu. We now
add a GDPR section here, but it is open for future extensions. Think of
a newsletter checkbox for instance.

Script opac-patron-consent handles the tab. And now only includes some
GDPR code but is also written for more general use too.

Test plan:
[1] Set GDPR_Policy pref to Disabled. Verify that OPAC operates as usual.
[2] Set pref to Permissive. Try to save a consent or a refusal. Note that
    you are not logged out when saving a refusal.
[3] Set pref to Enforced. Save a refusal. You should be logged out.
    Log in again and verify that the consents tab shows a No.
    Note: a follow-up patch will add further enforcements.

Signed-off-by: Marcel de Rooy <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 20819] GDPR: Add a consent field for processing personal data in account menu and self-registration

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20819

Marcel de Rooy <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #76784|0                           |1
        is obsolete|                            |

--- Comment #23 from Marcel de Rooy <[hidden email]> ---
Created attachment 77268
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=77268&action=edit
Bug 20819: Add check in get_template_and_user to enforce GDPR

If you choose to enforce GDPR policy, a user needs to give consent for
data processing before he does something else in the OPAC while being
logged in.

Test plan:
[1] Set GDPR_Policy to Disabled or Permissive. Usual behavior.
[2] Set to Enforced. Save a refusal on your consents. Notice that
    you are logged out when saving. When you login again, all OPAC
    requests are redirected to your consents tab.

Signed-off-by: Marcel de Rooy <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 20819] GDPR: Add a consent field for processing personal data in account menu and self-registration

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20819

Marcel de Rooy <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #76785|0                           |1
        is obsolete|                            |

--- Comment #24 from Marcel de Rooy <[hidden email]> ---
Created attachment 77269
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=77269&action=edit
Bug 20819: Add consent to self-registration process

We add a section for the GDPR consent in opac-memberentry (only for the
self-registration). Not when editing personal details.

Test plan:
[1] Enable selfregistration (with confirm) and GDPR policy.
[2] Register a new account in OPAC. Verify that the GDPR checkbox is
    required.
[3] After you submit, you should see a date in borrower_modifications
    field gdpr_proc_consent.
[4] When you confirm, verify that the consent is visible on your consents.
[5] Enable selfregistration without confirmation mail. Register again.
[6] Check your consents tab again.

Signed-off-by: Marcel de Rooy <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
123