Version 2 (modified by 7 years ago) (diff) | ,
---|
User Opt-in Consent
The European GDPR law requires users to opt-in to a terms of service. "Users who want to sign-up to a (BOINC) project need to give their informed explicit consent to how the project processes their data, before any personally identifiable information about that new user gets processed/stored by the project. This opt-in statement of consent then needs to tracked by the project as proof."
Additionally, existing users will need to opt-in to the same terms of service, with their consent date saved.
User Experience
Existing code
As of April 2018, BOINC already contains a 'terms of use' mechanism for the BOINC client when creating a new account. If the file 'terms_of_use.txt' (filename is hardcoded) is in the root of the project directory, the contents of the file will be presented to the user when s/he creates an account. However, there is no persistent 'storing' of the datetime the user consented to the terms of use.
The BOINC Web code does not have the ability to sign up directly (this statement has not yet been confirmed). If not, it would have to also use this terms-of-use mechanism.
Additionally, it is not known whether account managers, such as BAM!, use this terms-of-use mechanism.
Technical Implementation
User
table will need an additional field:
privacy_consent_dt
, an additionaldate
type attribute
It's purpose is to store the datetime of the user's consent to the terms of use. If zero, user has not consented (yet).
RPC
The main RPC that needs to be changed is create_account.php
, which needs to fill this field when the user creates his/her account.
Web site
(to be written)