Feature Wiki

Information about planned and released features

Tabs

User: Introducing »Data Privacy Statement« documents

Page Overview

1 Initial Problem
2 Conceptual Summary
3 User Interface Modifications
- 3.1 List of Affected Views
- 3.2 User Interface Details
- 3.3 New User Interface Concepts
4 Technical Information
5 Contact
6 Funding
7 Discussion
8 Implementation

1 Initial Problem

Currently administrators with file system access are able to deposit static HTML files (per language) as 'Terms of Service' (see: Terms of Services) documents which one must agree to abide in order to use ILIAS. The acceptance has to be done during registration or after login (if globally enabled).
Within these static HTML files authors are able to provide terms and conditions, disclaimers, privacy/policy notices etc..

Some institutions using ILIAS need the possiblity to provide separate/explicit documents regarding 'Data Privacy Notice', e.g. imposed by a Data-protection Supervisor.

2 Conceptual Summary

To solve this issue, the 'Terms of Service' component should be enhanced. First of all there should be some renaming of texts (labels/bylines) and code for the abstraction purpose. We need some kind of abstract term like 'Signable Documents' or 'Fine-print', not 'Terms of Service' or/and 'Data Privacy Notice'.
'Terms of Service' and 'Data Privacy Notice' should become two (simple) types of these 'Signable Documents'.

At the time being 'Terms o Service' documents can be globally defined in HTML files:
./Custimizing/global/agreement/agreement_<lang_code>.html

Furthermore the can be defined for specific clients only:
./Custimizing/clients/<client_id>/agreement/agreement_<lang_code>.html

Because we (as already discussed with Klees, Richard [rklees] as the interested party) do not want to reinvent the wheel with this feature request, 'Data Privacy Notice' HTML files should adapt this mechanism.

'Data Privacy Notice' documents could be globally defined in HTML files:
./Custimizing/global/privacy/data_privacy_statement_<lang_code>.html

Furthermore they can be defined for specific clients only:
./Custimizing/clients/<client_id>/privacy/data_privacy_statement_<lang_code>.html

Similar to the 'Terms of Service', 'Data Privacy Notice' documents should be added to the 'New Account Registration' process and be linked on the login page.
If a 'Data Privacy Notice' document could be determined (by the user's language setting) and has to be accepted, the user will forced to fulfill this task after login.

The accepted 'Data Privacy Notice' should be presented in a 'Modal' UI element, triggered by a click on a link located in the ILIAS footer (similar to Withdrawl of Consent provokes deleting User Account). The withdrawl is not part of this feature request.

For administrators, the accepted 'Data Privacy Notice' should be visible in the respective user profile in the global user management.

3 User Interface Modifications

3.1 List of Affected Views

ILIAS footer
Login Page
New Account Registration
Administration / Terms of Service (inkl. adm. main menu drop-down menu item)
Administration / User Management / User <XYZ> (Screen ID: usr/properties/)

3.2 User Interface Details

3.3 New User Interface Concepts

None

4 Technical Information

None

5 Contact

Author of the Request: Jansen, Michael [mjansen]
Maintainer: Jansen, Michael [mjansen]
Implementation of the feature is done by: {The maintainer must add the name of the implementing developer.}

6 Funding

If you are interest in funding this feature, please add your name and institution to this list.

CaT Concepts and Training GmbH

7 Discussion

AT 2018-05-07: What happen if one document is accepted and the other is not? What happens if only one document is updated and requires re-acceptance but the other is not?

Jansen, Michael [mjansen] 7 May, 2018: The determination of documents to be accepted will be always performend on login. You will be forced to accept a document if one could be determined for your current language. If there is only a regular 'ToS' document, but no 'Data Privacy Notice' document, then you just have to accept the first one.

Resetting the 'Data Privacy Notice' documents will be implemented similar to the 'ToS' documents.

JourFixe, ILIAS [jourfixe], 07 May 2018 : We highly appreciate this feature request and schedule it for 5.4 with the following changes:

Main administration node should not be 'Fine-print' but 'Agreements' (open to more agreements).
The new type of agreement should be called 'Data Privacy Statement'.
On the screen 'System Information', the name of the accepted document should be shown instead of a lens glyph. Clicking on file name opens a modal.
In case Withdrawl of Consent provokes deleting User Account is implemented for 5.4, this option should be effective to the 'Data Privacy Statement', too.

8 Implementation

{The maintainer has to give a description of the final implementation and add screenshots if possible.}

Test Cases

Test cases completed at {date} by {user}

{Test case number linked to Testrail} : {test case title}

Approval

Approved at {date} by {user}.

Last edited: 7. May 2018, 16:30, Kunkel, Matthias [mkunkel]