Hello Alan, thanks for the input, you are right it is a broad topic not only GDPR but Data Protection and Privacy in general. We've created a discussion page on JIRA, as it gets quite voluminous for the JIRA Ticket: https://wiki.duraspace.org/display/DSPACE/Data+Protection+and+Privacy
cu Claudia Am 23.05.2018 um 23:29 schrieb Alan Orth:
Hello, I'm surprised nobody has written to the list about compliance with the European Union's General Data Protection Regulation (GDPR) legislation that comes into effect on May 25th[0]. It's a broad topic* and you should definitely be consulting with your organization about it, but one area that you'll definitely need to think about sooner than later if you're running is Google Analytics. Most people are using this, it seems! Basically, you can't send data about your users' browsing of your repository to third parties like Google without getting the users' *affirmative consent* first. Even then, you'll likely need to enable IP address anonymization. We've just finished integrating these two modifications into our repository[1] using the popular cookieconsent library[2]. This library is a few years old (designed for a previous, less-serious EU legislation), but works pretty well because it is published on NPM and bower, can be easily themed with Bootstrap color schemes, and allows the opt-in mode we now require. You can see our implementation of the IP address anonymization[3] and the GDPR popup[4] for the XMLUI in DSpace 5 on our GitHub repository. This works pretty well, though there seems to be some issue with Mirage 2's theme.js bundle that conflicts with some callback or event handler that causes the "agree" and "disagree" buttons to not dismiss the popup after the user chooses one, but the cookies are set properly and the popup disappears on the next page load. The standalone cookieinsight works fine in this regard. Maybe someone can figure it out when they do their integration! Thanks! I hope that helps someone out there. Regards, * in addition you should probably tell your users that you have their names, phone numbers, and email addresses if they have registered on the site, all of which are considered personally identifiable information. There are obligations here! You need a privacy policy, a data officer, etc. [0] https://gdpr-info.eu/ [1] https://cgspace.cgiar.org [2] https://github.com/insites/cookieconsent [3] https://github.com/ilri/DSpace/pull/375 [4] https://github.com/ilri/DSpace/pull/377
-- Claudia Juergen Eldorado Technische Universität Dortmund Universitätsbibliothek Vogelpothsweg 76 44227 Dortmund Tel.: +49 231-755 40 43 Fax: +49 231-755 40 32 claudia.juer...@tu-dortmund.de www.ub.tu-dortmund.de Wichtiger Hinweis: Die Information in dieser E-Mail ist vertraulich. Sie ist ausschließlich für den Adressaten bestimmt. Sollten Sie nicht der für diese E-Mail bestimmte Adressat sein, unterrichten Sie bitte den Absender und vernichten Sie diese Mail. Vielen Dank. Unbeschadet der Korrespondenz per E-Mail, sind unsere Erklärungen ausschließlich final rechtsverbindlich, wenn sie in herkömmlicher Schriftform (mit eigenhändiger Unterschrift) oder durch Übermittlung eines solchen Schriftstücks per Telefax erfolgen. Important note: The information included in this e-mail is confidential. It is solely intended for the recipient. If you are not the intended recipient of this e-mail please contact the sender and delete this message. Thank you. Without prejudice of e-mail correspondence, our statements are only legally binding when they are made in the conventional written form (with personal signature) or when such documents are sent by fax. -- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com. To post to this group, send email to dspace-tech@googlegroups.com. Visit this group at https://groups.google.com/group/dspace-tech. For more options, visit https://groups.google.com/d/optout.