Changes between Version 4 and Version 5 of GdprCompliance


Ignore:
Timestamp:
Oct 2, 2018, 1:46:59 PM (6 years ago)
Author:
Kevin Reed
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • GdprCompliance

    v4 v5  
    11= GDPR Compliance =
    2 
    32**This document is WORK IN PROGRESS (WIP).**
    43
     
    65
    76== GDPR Introduction ==
    8 
    97[https://tinyurl.com/yad2m7uv A Presentation] on GDPR and BOINC.
    108
    119Brief Summary
    1210
    13 1. Projects should have a TermsOfUse.
    14 1. Users need to consent to a projects terms-of-use. And consent to other policies.
    15 1. Users have a 'right-of-access' in obtaining their own user's data.
    16 1. Users have a 'right-of-erasure', being able to delete their own accounts.
    17 1. Data protection by design and default. The initial settings for user accounts maximize their privacy.
     11 1. Projects should have a TermsOfUse.
     12 1. Users need to consent to a projects terms-of-use. And consent to other policies.
     13 1. Users have a 'right-of-access' in obtaining their own user's data.
     14 1. Users have a 'right-of-erasure', being able to delete their own accounts.
     15 1. Data protection by design and default. The initial settings for user accounts maximize their privacy.
    1816
    1917This document discusses
    20 * Consent to policies,
    21 * User deletion,
    22 * Data protection by design and default.
    2318
    24 = Consent to policies =
     19 * How to enable GDPR related features
     20 * Consent to policies,
     21 * User deletion,
     22 * Data protection by design and default.
    2523
    26 [http://boinc.berkeley.edu/trac/wiki/UserOptInConsent#Usage Usage information]
     24=  =
     25= TLDR: Enable GDPR Related Features =
     26These are the short and quick instructions to enable GDPR related features.  Read the explanation below for more details about these features.
    2727
    28 There are two types of consent that come with all BOINC projects: `ENROLL` and `STATSEXPORT`: corresponding to a consent to the project's terms-of-use during enrollment and consent to statistics exports.  By default, these consent types are disabled. To enable these policies, use the **Manage consent types** page accessible from the main OPS page.
     28== Terms of Use ==
     29 * See [wiki:TermsOfUse this page] for details.
    2930
    30 == Account creation ==
     31== Enable Consent Policies ==
     32 * On the ops page, select "Manage consent types" and enable "Enroll and Stats Export"
     33 * In the project config file `config.xml`, set **disable_account_creation_rpc** to true (1): `<disable_account_creation_rpc>1</disable_account_creation_rpc>`
    3134
    32 When `ENROLL` consent type is enabled, users must agree to the project's terms-of-use before creating an account. This must be an 'active' measure: clicking a checkbox. In order to by fully-compliant with GDPR, **only allow users to create accounts through the Web site**.
    33 
    34 How may a user create an account?
    35 * A BOINC client. The GUI BOINC Manager is a client.
    36 * The BOINC CLI `boinccmd` is a client.
    37 * Project's Web site allows for account creation.
    38   * The `config.xml` option **disable_web_account_creation** must be set to false (0).
    39 * An account manager (AM) may create an account for a user.
    40 
    41 Of these, only the Web site is guaranteed to have the user see and consent to the project's terms-of-use. To configure this:
    42 
    43 1. In `config.xml`, set **disable_account_creation_rpc** to true (1): `<disable_account_creation_rpc>1</disable_account_creation_rpc>`
    44   * If this is configured, **account managers will not be able to create accounts for users**. They are able to configure existing users' accounts.
    45 
    46 BOINC Client GUI: Versions after v6.10.0 show the project's terms-of-use to the user, who must click-through in order to continue and create an account. Thus the create_account RPC has been modified to detect BOINC clients greater than or equal to this version. If the client is greater than or equal to, we assume consent has been given and the database is updated accordingly.
    47 
    48 == Statistics Exports==
    49 
    50 `STATSEXPORT`, if enabled will only export statistics for users who have consented to having their statistics exported. This consent is disabled by default for each user.
    51   * The user must go to their **project preferences page** and then enable the corresponding checkbox.
    52 
    53 = Data Deletion =
    54 
    55 GDPR provides a right to users to have their data deleted from the system.  See [https://gdpr-info.eu/art-17-gdpr Article 17 of the GDPR].  This capability was implemented within BOINC in the design outlined [http://boinc.berkeley.edu/trac/wiki/RightToErasure here] in Server Release 1.0. 
    56 
    57 BOINC projects can enable this feature by setting the field <enable_delete_account/> with the [https://boinc.berkeley.edu/trac/wiki/ProjectOptions project config] file to one of the following options:
    58 
    59 * 0 = Users are not given the option to delete their account (Default value)
    60 * 1 = User data is anonymized.  This means that user records and host records are left in the database but personal information is replaced with nonsense data.  Other user related records not required for processing are deleted.
    61 * 2 = All user data is deleted.  This means that all user releated records are deleted from the database. 
    62 * 3 = Project defined implementation.  Projects can implement a function in project.inc: project_delete_account($user) and this function will then be used when a user delete's their account.
    63 
    64 Projects should also enable the following [ tasks in their [https://boinc.berkeley.edu/trac/wiki/ProjectTasks project tasks] in their project config file in order to ensure proper processing:
     35== Enable User Account Deletion ==
     36 * In project config file `config.xml`, set **enable_delete_account** to either 1 or 2 (see below for explanation of settings): `<enable_delete_account>1</enable_delete_account>`
     37 * In project config file `config.xml`, add the following project tasks:
    6538
    6639{{{
     
    7851    </task>
    7952}}}
     53=  =
     54= Explanation of GDPR Related Features =
     55The following describes the GDPR features and what they do.
    8056
     57== Consent to policies ==
     58[http://boinc.berkeley.edu/trac/wiki/UserOptInConsent#Usage Usage information]
     59
     60There are two types of consent that come with all BOINC projects: `ENROLL` and `STATSEXPORT`: corresponding to a consent to the project's terms-of-use during enrollment and consent to statistics exports.  By default, these consent types are disabled. To enable these policies, use the **Manage consent types** page accessible from the main OPS page.
     61
     62=== Account creation ===
     63When `ENROLL` consent type is enabled, users must agree to the project's terms-of-use before creating an account. This must be an 'active' measure: clicking a checkbox. In order to by fully-compliant with GDPR, **only allow users to create accounts through the Web site**.
     64
     65How may a user create an account?
     66
     67 * A BOINC client. The GUI BOINC Manager is a client.
     68 * The BOINC CLI `boinccmd` is a client.
     69 * Project's Web site allows for account creation.
     70   * The `config.xml` option **disable_web_account_creation** must be set to false (0).
     71 * An account manager (AM) may create an account for a user.
     72
     73Of these, only the Web site is guaranteed to have the user see and consent to the project's terms-of-use. To configure this:
     74
     75 1. In `config.xml`, set **disable_account_creation_rpc** to true (1): `<disable_account_creation_rpc>1</disable_account_creation_rpc>`
     76   * If this is configured, **account managers will not be able to create accounts for users**. They are able to configure existing users' accounts.
     77
     78BOINC Client GUI: Versions after v6.10.0 show the project's terms-of-use to the user, who must click-through in order to continue and create an account. Thus the create_account RPC has been modified to detect BOINC clients greater than or equal to this version. If the client is greater than or equal to, we assume consent has been given and the database is updated accordingly.
     79
     80=== Statistics Exports ===
     81`STATSEXPORT`, if enabled will only export statistics for users who have consented to having their statistics exported. This consent is disabled by default for each user.
     82
     83 * The user must go to their **project preferences page** and then enable the corresponding checkbox.
     84
     85== Data Deletion ==
     86GDPR provides a right to users to have their data deleted from the system.  See [https://gdpr-info.eu/art-17-gdpr Article 17 of the GDPR].  This capability was implemented within BOINC in the design outlined [http://boinc.berkeley.edu/trac/wiki/RightToErasure here] in Server Release 1.0.
     87
     88BOINC projects can enable this feature by setting the field <enable_delete_account/> with the [https://boinc.berkeley.edu/trac/wiki/ProjectOptions project config] file to one of the following options:
     89
     90 * 0 = Users are not given the option to delete their account (Default value)
     91 * 1 = User data is anonymized.  This means that user records and host records are left in the database but personal information is replaced with nonsense data.  Other user related records not required for processing are deleted.
     92 * 2 = All user data is deleted.  This means that all user related records are deleted from the database.
     93 * 3 = Project defined implementation.  Projects can implement a function in project.inc: project_delete_account($user) and this function will then be used when a user delete's their account.
     94
     95Projects should also enable the following tasks in their [https://boinc.berkeley.edu/trac/wiki/ProjectTasks project tasks] in their project config file in order to ensure proper processing:
     96
     97{{{
     98    <task>
     99        <cmd>run_in_ops ./delete_expired_tokens.php</cmd>
     100        <period>24 hours</period>
     101        <disabled>0</disabled>
     102        <output>delete_expired_tokens.out</output>
     103    </task>
     104    <task>
     105        <cmd>run_in_ops ./delete_expired_users_and_hosts.php</cmd>
     106        <period>24 hours</period>
     107        <disabled>0</disabled>
     108        <output>delete_expired_users_and_hosts.out</output>
     109    </task>
     110}}}