GDPR Compliance Plugin for Elgg?

Hey all,

I am currently looking at what might be needed to make my elgg site compliant with the EU's new GDPR regulations for data/privacy.

I have seen 1 plugin in the elgg repos that relate to GDPR - https://elgg.org/plugins/2764358

However, it does not appear to do anything to uphold the new 'rights' to data processing, such as the right to be forgotten and right to data access etc.
Does anyone have any thoughts / code to share that will help elgg site with this issue?

There are a few wordpress plugins already that provide useful tools for this:
https://wordpress.org/plugins/wp-gdpr-compliance/

cheers

  • I was looking at the requirements and iIdidn't find anything that would require dire changes in Elgg. Elgg doesn't "collect" anything in the background, and users can already see all their data - profile or content, they can delete that content. With self-delete plugin you can ensure the right to be forgotten.
    There are things that can be done to help sites that use third party plugins present all user data in one place and give more control over this data.

  • One of the issues that many sites are responding to, is that specific consent must be given to receive email notifications, beyond just agreeing to a TOS and privact document. Some sites are defaulting all notifications to 'disabled', so that users explicitly 'opt in' to receive them.

    I think it is a good idea to have acceptance of the the privacy policy and TOS a requirement for being able to sign up and login too.

  • Sorry. But my opinion Elgg is not fully ready for GDPR at all. To some extend it can't be anyway, because some requirements are site-specific and can't be solved by a general solution. But there are other parts where Elgg could do more out-of-the-box for GDPR.

    Site-specific parts arise from the requirement that there must be documented what personal data are collected in the first place, how they are saved, what is done with them and which 3rd parties have access to this data. By default, the profile data and server logs (IP logs) would be data "collected" by Elgg (but not shared with 3rd parties by default). It would be necessary to inform about what is done with this data at least AND provide the option for the users to get (i.e. download) this data in a machine readable form for them to be able transfer them to another site if they want to (sidenote: while this seems at least a possibility for an Elgg site I find it rather ridiculous to imagine users trying to move their data from FB to where? Another FB!?).

    But "personal data" seems also to include EVERY kind of uploaded content that need to be made available to users if they ask for it. I think this also includes comments, blogs etc. AND uploaded files. Some core devs at least might remember a discussion at github at the end of last year about where user uploads are saved in the data directory - spread in object GUID subfolders instead of altogether instead of one single user account assigned subfolder - which outcome left me very angry and frustrated... Well, a plugin that creates a downloadable package of all user data seems to be a requirement to gain GDPR compatibility. At least data created by core functionality (and bundled plugins) would be a starting point. Site-specific extensions (due to 3rd party plugins used) would be necessary in most cases (plugin hooks to extend the plugin). I don't know if it would be necessary for the user to create such a bundle of packages on his own or if it would be enough for the site admin to be able to create it and then offer it to the user for download somewhere.

    Sharing data with 3rd parties: this also includes affiliate programs and ads! Specifically, it also includes sharing IP addresses as a personal data. So, I think this would also include for example queries to StopForumSpam. But partly again: this kind of sharing is site-specific stuff. Nevertheless, it might help to come up with some text snippets for general use cases which allow creating a document (to be used also for external pages terms/privacy) that allows to inform the users about how personal data is handled. The collection of the data as such is not forbidden. It's just necessary to inform why they are collected, why it's necessary to do so etc. The sharing with 3rd parties is something that bothers me though. It might be that you need to make a contract with 3rd parties about the terms of the business relationship. I wonder, if someone would have more legit info and maybe already some results from use-cases (sites they maintain and have been made GDPR-ready) they could share in terms of their updated terms and privacy texts for example.

    User-deletion: I don't know if user must be provided with a self-delete option. If yes, adding a self-delete plugin to core might be useful. I think the main point is anonymization of data and not necessarily total deletion. So, it might be cool to have a plugin that does not simply delete an account but maybe assigns the content to some kind of anonymous dummy account (without profile data) or at least keeps some parts of the data (comments?) under an anonymous identifier.

    Wordpress seems to have some plugin to check for GDPR compatibility. They also seem to have investigated core code of Wordpress to identify functionality that is affected by GDPR rules. Not sure if this is necessary for Elgg. I think it would be useful at least for everyone to share their knowledge about what steps they have done to make their sites GDPR compatible.

  • Why don't we start by documenting all of these in Elgg docs. At the very least site owners can incorporate that info in their privacy statement. While at it, we can create a checklist for site owners as well as a to-do list for the core team. If you could undertake this, I could help with implementing the to-dos in core.
    Perhaps a good approach would be to create some generic templates for the plugins to add to e.g. exposing collected data, or listing third party sharing etc. It might be really hard for a site owner with 100 plugins to inspect and properly document all of the GDPR requirements.
    As for file directory ownership, sorry, but I insist that usability gain outweighs any inconvenience caused to you. The fact that plugins no longer have to copy paste 100 lines of code to store a bloody icon is a big win, IMO. Also don't cry over spilled milk, participate in the development process and voice your objections early on, not after someone has spent 2 weeks writing and testing code, and countless follow ups done by others. Peace.

  • First, I think this issue has been tried before but in a different form for Elgg based sites using a plugin called File Takeout. https://elgg.org/plugins/1602047

    The only difference is that the above plugin does not allow user to download Elgg user log. Also, the zip file downloaded by File Takeout does not include an HTML Index file that a user can read on their browsers after unzipping the downloaded user data file like Facebook does give a user a CSS file and HTML index.html file that can be used by a user to see all of the downloaded files in any browser after download and decide what to do with their own downloaded files.

    Second, according to iionly , creating a privacy and terms page is not hard to genarate like the way i did on this page. e.g http://myadventhome.org/privacy

    Due to time I will be back on this issue when time allows.

  • Thanks for the input, everyone. Did you write that blog @RvR - it's quite comprehensive. thanks.

  • I am going through the items listed in the 'Practical Guide for Developers' here and have some comments/notes on relevant points for core Elgg:

    Notify 3rd Parties for Erasure - This implies that the Elgg API must be extended to include some kind of push/automatic notification for API consumers that have received API data from specific users when that user's data has been deleted.

    Restrict Processing - The user's data becomes invisible publicly and also to all backend users - except maybe superadmin. This means that all listings of users have to exclude users listed as 'restricted'. There also needs to be a mechanism in place for admins to mark users as restricted.

    Export Data - There is a requirement for users to be able to request and receive a package of all of the data that the elgg site holds. The best solution would be to do as Facebook does, which is to allow users to request an automated export and to be notified via Email when it is completed. The export should include all data that would be deleted if the account were deleted.

    Consent Checkboxes - A UI system is needed to allow admins to build a list of data processes that users are required to specifically agree to, before they can use the site. If a user deactivates agreement to one of the features/processes - then that feature/process should be deactivated for them. I imagine that the alternative is to require that certain features are agreed to before the user can use the service, so that deactivating the features would result in the account being deleted. The user would need to be notified of all of this and the steps handled accordingly by Elgg.

    Re-request consent - It would be ideal to have a mass mailing function built in to core elgg to facilitate mass notifications of the need to provide consent to the new options. The existing mass mail plugin would suffice though for practical purposes.

    See All My Data / Age Checks - Not relevant to all sites, I think - but would be valuable to have built in to elgg.

    Cookies - Default text that lists the specific cookies that Elgg uses and their purposes, would be useful for Elgg admins when creating cookie policy documents.

    Register all API consumers - Any public access to APIs that make personal data available must be disabled.

     

     

  • Thanks to you guys talking about this very important matter involving not only european companies/sites but al companies dealing with european citizens. I think Ismayil's Database Explorer is a pretty good starting point, isn't it?

    It makes already search/delete data linked to a user very easy admin side (which is enough for those 2 GDPR requirements) and could be made accessible directly by users (only for their own data of course) to view and add an option to download in csv format.

    Cheers