Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consent done must be registered including date and time #8

Open
simone80an opened this issue May 30, 2018 · 5 comments
Open

Consent done must be registered including date and time #8

simone80an opened this issue May 30, 2018 · 5 comments
Labels
enhancement New feature or request feedback Suggestions and additional information

Comments

@simone80an
Copy link

For GDPR requirements it isn't enough that an user click accept on registration but the consent must be registered somewhere (eg. in the database) including date and time.
Users should also be able to revoke consent at any time.

I have added a custom field with a checkbox checked to show in the registration form.
@AndreRl
Copy link

AndreRl commented May 30, 2018
edited
Loading

For reference - https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/consent/ 11th bullet point down.

Keep evidence of consent – who, when, how, and what you told people.

@simone80an Note that the custom field with a checkbox shouldn't be checked by default. See 4th bullet point down.

Consent requires a positive opt-in. Don’t use pre-ticked boxes or any other method of default consent.

I'd argue that just clicking "I Accept" may not be enough and that a checkbox may actually be required.

@simone80an
Copy link
Author

Thanks, how can i make the checkbox unchecked by default?
I haven't found in custom profile fields admin settings.

The generated html code is:

<input type="checkbox" class="checkbox" name="profile_fields[fid4][]" value="" checked="checked">

@kawaii kawaii added enhancement New feature or request feedback Suggestions and additional information labels May 30, 2018
@Ben-MyBB
Copy link

As far as my understanding goes the above is certainly correct. A simple check box is no longer sufficient to register consent I believe.

@Ben-MyBB
Copy link

Proof of consent (Article 7(1))
Recording the wording and the act of ticking a box should be recorded because of the requirement for marketers to be able to prove consent:
Where processing is based on consent, the controller shall be able to demonstrate that consent was given by the individual to the processing of their personal data
Wording or processes which are ambiguous or confusing will not satisfy GDPR consent requirements.
Data without recent consent to these standards may need to be re-permissioned or deleted.

We should probably record the time, date and IP address that was used to opt in.

@Eldenroot
Copy link

One of my users just mentioned this... this should be included to comply with GDPR reg.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request feedback Suggestions and additional information
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@Eldenroot @Ben-MyBB @kawaii @simone80an @AndreRl