Feature Wiki

Information about planned and released features

Tabs

Withdrawl of Consent provokes deleting User Account

Page Overview

[Hide]

1 Initial Problem
2 Conceptual Summary
3 User Interface Modifications
- 3.1 List of Affected Views
- 3.2 User Interface Details
- 3.3 New User Interface Concepts
4 Technical Information
5 Contact
6 Funding
7 Discussion
8 Implementation

1 Initial Problem

The General Data Protection Regulation (GDPR) requires that withdrawing consent is as easy as giving it.

Currently giving consent is done by accepting the Term of Service. ILIAS approaches you quite forcefully with this issue.
Withdrawing consent is not as easily done.

The Legal Notice can be accessed from the footer everywhere: Upon click a new tab is launched displaying the Legal Terms.

2 Conceptual Summary

Simple version would just jump to the ""delete user account" plus showing terms of services.

Very much like the Legal Notice, the Terms of Service are available (if globally enabled and the actor has accepted a document in the past) on every screen in the footer.

Withdrawl of Consent in Modal from Footer

Clicking on Terms of Service link calls a modal presenting the content of the terms.
At the end of the terms' text is a form for Withdrawing Consent.
User checks Withdrawing Consent and saves.
The user account is marked as "to be deleted" in the database (e.g. by a new key/value pair in table "usr_pref").
The user will be logged out.
1. For all authentication types except LIT/ECS: A meaningful message appears: Please Re-authenticate to to finally delete your account.
2. For ECS and LTI we need an alternative info message where the user is asked to go back to her/his home installation and log in again.

After this step the bahavior depend on the way the user account was created in ILIAS:
For all authentication methods except LDAP:

After a successful login, the user is redirected to a screen with the option to delete the account finally (or to cancel) incl. related message.
Further process:
1. If deletion was confirmed: ILIAS deletes the user account, shoves the person on a layouted good-bye page: Your account was deleted, all your personal data was scrubbed from the system.
2. If deletion process was cancelled: The "to be deleted" flag is removed, the user will be redirected to the personal starting page.

For LDAP:

After a successful login, the user is redirected to a screen with the option to send and email to the ILIAS administrators (by clicking an respective button) or to cancel the process.
Further process:
1. If and email was sent to administrators: Administrator stops identity management system from pushing the account to ILIAS and then manually removes account from ILIAS.
2. If deletion process was cancelled: The "to be deleted" flag is removed, the user will be redirected to the personal starting page.

"Delete Account" stays

The "Delete Account"-tab stays in the Settings of the User.

3 User Interface Modifications

3.1 List of Affected Views

Footer > Link to Terms of Service (new)
Modal Terms of Service (new)
- Withdrawl form triggers user deletion

3.2 User Interface Details

1. ToS Modal with Withdrawl of Consent Form is presented after clicking "Terms of Service" in Footer.

3. Account comes from LDAP / Identity Management

3.3 New User Interface Concepts

No.

4 Technical Information

{The maintainer has to provide necessary technical information, e.g. dependencies on other ILIAS components, necessary modifications in general services/architecture, potential security or performance issues.}

5 Contact

Author of the Request: Tödt, Alexandra [atoedt]
Maintainer: Jansen, Michael [mjansen], Meyer, Stefan [smeyer]
Implementation of the feature is done by: Becker, Maximilian [mbecker], Jansen, Michael [mjansen]

6 Funding

If you are interest in funding this feature, please add your name and institution to this list.

7 Discussion

JourFixe, ILIAS [jourfixe], 21 JAN 2019 : We highly appreciate this suggestion and schedule it for 6.0 with the following changes:

To cover all kind of authentication processes we would like to always send the user to the default login screen after having confirmed the deletion of her/his account (step 2). Therefore, step 3 and 3a are removed. We add a flag to the user field in db to identify this user to be deleted.
After a successful login, the user is redirected to a screen with the option to delete the account finally (or to cancel) incl. related message.
For ECS and LTI we need an alternative info message after step 2 (confirmation) where the user is asked to go back to her/his home installation and log in again.
Additionally, we have to offer this way of deleting one's own account for the case a new user agreement is not accepted by an already registered user. The screen for the new user agreement needs to get a radio box for accepting and declining this new agreement. When declining, the deletion process is triggered as outlined above.

We highly appreciate to get the imprint presented as modal in 6.0, too.

Kunkel, Matthias [mkunkel], 15 JUN 2020: I had a look again on mockup #1 and find the use of the checkbox to withdrawl of consent is a problem. I would prefer it would look different from the screen where you accept the Terms of Service. Of course, the text and meaning of the option is different. But users might be irritated or even check the box to make it look like the ToS when they registered. How about using a standard button instead labeled with "Withdrawl of Consent" instead of a "Save" button – and put a "Cancel" button aside?

Klees, Richard [rklees], 22 JUN 2020: Please introduce a setting in the administration of the installation (I think Administration > User Management would be a good location) to de-activate the automatic deletion of user accounts when consent to the terms of service is withdrawn. We cannot assume in general that the TOS contain GDPR relevant passages, so this cannot be an ultimate argument to delete a user account. Also, there are more complicated scenarios for user management that might require deleting an account in a primary system (similar to LDAP). Finally, even if the TOS contain GDPR stuff and ILIAS is the primary system for the user data, there might be a legitimate interest from GDPR perspective to keep the account (e.g. for billing). Setting that flag "to_be_deleted" would help these cases as well, maybe we could even introduce an according domain event "UserWithdrewTOSConsent" and name the flag accordingly.

JourFixe, ILIAS [jourfixe], 22 JUN 2020 : We highly appreciate this suggestion and re-schedule the feature for ILIAS 7 with the requirements of the last JF decision (Jan 2019) and

a modal (screen 1) with a button "Withdrawl of Consent" instead of a checkbox + Save button (suggestion made by Matthias)
an option to de-activate the automatic deletion of user accounts in the user administration
a notice and link in the ToS administration that links to related the setting in the user administration
introducing a flag "UserWithdrewTOSConsent" in the user pref table to store this event.

8 Implementation

Setting in User Administration:

New way to deny terms of service on initial presentation:

New withdrawal option on footer-modal:

Confirmation after relogin to complete the process:

Test Cases

Test cases completed at 09 SEP 2020 by Becker, Maximilian [mbecker]

C36183 : Einstellungen zur Ablehnung von Nutzungsvereinbarungen
C36184 : Anzeige der Widerrufsoption im Nutzungsvereinbarungs-Modal
C36185 : Re-Login Prozedur beim Widerruf der Nutzungsvereinbarungen
C36186 : Finalisierung Widerruf der Nutzungsvereinbarungen
C36187 : Anzeige der Nicht-Akzeptanzoption bei initialer Anzeige der Nutzungsvereinbarungen

Approval

Approved at 13 OCT 2020 by Kunkel, Matthias [mkunkel].

Last edited: 11. Nov 2020, 22:50, Becker, Maximilian [mbecker]