Feature Wiki
Tabs
User: Introducing »Data Privacy Statement« documents
Page Overview
[Hide]1 Initial Problem
Currently administrators with file system access are able to deposit static HTML files (per language) as 'Terms of Service' (see: Terms of Services) documents which one must agree to abide in order to use ILIAS. The acceptance has to be done during registration or after login (if globally enabled).
Within these static HTML files authors are able to provide terms and conditions, disclaimers, privacy/policy notices etc..
Some institutions using ILIAS need the possiblity to provide separate/explicit documents regarding 'Data Privacy Notice', e.g. imposed by a Data-protection Supervisor.
2 Conceptual Summary
To solve this issue, the 'Terms of Service' component should be enhanced. First of all there should be some renaming of texts (labels/bylines) and code for the abstraction purpose. We need some kind of abstract term like 'Signable Documents' or 'Fine-print', not 'Terms of Service' or/and 'Data Privacy Notice'.
'Terms of Service' and 'Data Privacy Notice' should become two (simple) types of these 'Signable Documents'.
At the time being 'Terms o Service' documents can be globally defined in HTML files:
./Custimizing/global/agreement/agreement_<lang_code>.html
Furthermore the can be defined for specific clients only:
./Custimizing/clients/<client_id>/agreement/agreement_<lang_code>.html
Because we (as already discussed with Klees, Richard [rklees] as the interested party) do not want to reinvent the wheel with this feature request, 'Data Privacy Notice' HTML files should adapt this mechanism.
'Data Privacy Notice' documents could be globally defined in HTML files:
./Custimizing/global/privacy/data_privacy_statement_<lang_code>.html
Furthermore they can be defined for specific clients only:
./Custimizing/clients/<client_id>/privacy/data_privacy_statement_<lang_code>.html
Similar to the 'Terms of Service', 'Data Privacy Notice' documents should be added to the 'New Account Registration' process and be linked on the login page.
If a 'Data Privacy Notice' document could be determined (by the user's language setting) and has to be accepted, the user will forced to fulfill this task after login.
The accepted 'Data Privacy Notice' should be presented in a 'Modal' UI element, triggered by a click on a link located in the ILIAS footer (similar to Withdrawl of Consent provokes deleting User Account). The withdrawl is not part of this feature request.
For administrators, the accepted 'Data Privacy Notice' should be visible in the respective user profile in the global user management.
3 User Interface Modifications
3.1 List of Affected Views
- ILIAS footer
- Login Page
- New Account Registration
- Administration / Terms of Service (inkl. adm. main menu drop-down menu item)
- Administration / User Management / User <XYZ> (Screen ID: usr/properties/)
3.2 User Interface Details
3.3 New User Interface Concepts
None
4 Technical Information
None
5 Contact
- Author of the Request: Jansen, Michael [mjansen]
- Maintainer: Jansen, Michael [mjansen]
- Implementation of the feature is done by: {The maintainer must add the name of the implementing developer.}
6 Funding
If you are interest in funding this feature, please add your name and institution to this list.
7 Discussion
AT 2018-05-07: What happen if one document is accepted and the other is not? What happens if only one document is updated and requires re-acceptance but the other is not?
Jansen, Michael [mjansen] 7 May, 2018: The determination of documents to be accepted will be always performend on login. You will be forced to accept a document if one could be determined for your current language. If there is only a regular 'ToS' document, but no 'Data Privacy Notice' document, then you just have to accept the first one.
Resetting the 'Data Privacy Notice' documents will be implemented similar to the 'ToS' documents.
JourFixe, ILIAS [jourfixe], 07 May 2018 : We highly appreciate this feature request and schedule it for 5.4 with the following changes:
- Main administration node should not be 'Fine-print' but 'Agreements' (open to more agreements).
- The new type of agreement should be called 'Data Privacy Statement'.
- On the screen 'System Information', the name of the accepted document should be shown instead of a lens glyph. Clicking on file name opens a modal.
- In case Withdrawl of Consent provokes deleting User Account is implemented for 5.4, this option should be effective to the 'Data Privacy Statement', too.
8 Implementation
{The maintainer has to give a description of the final implementation and add screenshots if possible.}
Test Cases
Test cases completed at {date} by {user}
- {Test case number linked to Testrail} : {test case title}
Approval
Approved at {date} by {user}.
Last edited: 7. May 2018, 16:30, Kunkel, Matthias [mkunkel]