Hi Alan, Thanks for your input. There is a ticket to track DSpace GDPR compliance: https://jira.duraspace.org/browse/DS-3653 Could you add your remarks and suggestions there too?
I think there are some good ideas here that should be integrated upstream. Best regards, Tom [image: logo] Tom Desair 250-B Suite 3A, Lucius Gordon Drive, West Henrietta, NY 14586 Gaston Geenslaan 14, Leuven 3001, Belgium www.atmire.com <http://atmire.com/website/?q=services&utm_source=emailfooter&utm_medium=email&utm_campaign=tomdesair> Op wo 23 mei 2018 om 23:29 schreef Alan Orth <alan.o...@gmail.com>: > Hello, > > I'm surprised nobody has written to the list about compliance with the > European Union's General Data Protection Regulation (GDPR) legislation that > comes into effect on May 25th[0]. It's a broad topic* and you should > definitely be consulting with your organization about it, but one area that > you'll definitely need to think about sooner than later if you're running > is Google Analytics. Most people are using this, it seems! > > Basically, you can't send data about your users' browsing of your > repository to third parties like Google without getting the users' > *affirmative > consent* first. Even then, you'll likely need to enable IP address > anonymization. We've just finished integrating these two modifications into > our repository[1] using the popular cookieconsent library[2]. This library > is a few years old (designed for a previous, less-serious EU legislation), > but works pretty well because it is published on NPM and bower, can be > easily themed with Bootstrap color schemes, and allows the opt-in mode we > now require. > > You can see our implementation of the IP address anonymization[3] and the > GDPR popup[4] for the XMLUI in DSpace 5 on our GitHub repository. This > works pretty well, though there seems to be some issue with Mirage 2's > theme.js bundle that conflicts with some callback or event handler that > causes the "agree" and "disagree" buttons to not dismiss the popup after > the user chooses one, but the cookies are set properly and the popup > disappears on the next page load. The standalone cookieinsight works fine > in this regard. Maybe someone can figure it out when they do their > integration! > > Thanks! I hope that helps someone out there. Regards, > > * in addition you should probably tell your users that you have their > names, phone numbers, and email addresses if they have registered on the > site, all of which are considered personally identifiable information. > There are obligations here! You need a privacy policy, a data officer, etc. > > [0] https://gdpr-info.eu/ > [1] https://cgspace.cgiar.org > [2] https://github.com/insites/cookieconsent > [3] https://github.com/ilri/DSpace/pull/375 > [4] https://github.com/ilri/DSpace/pull/377 > > -- > > Alan Orth > alan.o...@gmail.com > https://picturingjordan.com > https://englishbulgaria.net > https://mjanja.ch > > -- > You received this message because you are subscribed to the Google Groups > "DSpace Technical Support" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to dspace-tech+unsubscr...@googlegroups.com. > To post to this group, send email to dspace-tech@googlegroups.com. > Visit this group at https://groups.google.com/group/dspace-tech. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com. To post to this group, send email to dspace-tech@googlegroups.com. Visit this group at https://groups.google.com/group/dspace-tech. For more options, visit https://groups.google.com/d/optout.
