Page MenuHomePhabricator

Web form: add information about management of personal data
Closed, ResolvedPublic

Description

We have a contact form on wikimedia.se - we should add information about management of personal data somewhere close to it. See e-mail from The Generation on July 10.

Additionally we have comment form connected to each blog post.


Contact form:

  • Decide on Privacy Policy update
    • Decide on rephrasing
    • Formally accept the new change
    • Update the on-site version of the privacy policy
    • Point link in checkbox to on-site version of the privacy policy
  • Decide on rensninsrutin update
  • Implement needed changes on webpage
  • Update Rensningsinstruktion document

Comment field:
Comments will be disabled.

  • Decide on Privacy Policy update
  • Decide on rensninsrutin update
  • Implement needed changes on webpage
  • Update Rensningsinstruktion dokument
  • Deactivate comments
  • Clear out personal data from older comments (or delete them entirely)
  • Delete all comments on the old (redirected) blog.

Event Timeline

Lokal_Profil added a comment.EditedJul 15 2019, 9:32 AM

This hooks into T225491: Sign personuppgiftsbiträdesavtal with theGeneration and add them to privacy policy subpages (which contains a checkbox where we state that we've handled this ourselves)

Basic consent:
Our form uses contactform-7. It's fairly easy to add an "acceptance-checkbox" https://contactform7.com/acceptance-checkbox/.
Some more info exists over at https://contactform7.com/2018/04/16/how-to-make-privacy-friendly-contact-forms/

But we need to define the details of how what is entered is stored, processed and for how long.

From a data purge perspective it should be possible to add a prefix to the e-mails and then search for all e-mails with that prefix (older than a certain time) and delete them.

Lokal_Profil added subscribers: Jopparn, Historiker.

But we need to define the details of how what is entered is stored, processed and for how long.

See draft at https://se.wikimedia.org/wiki/%C3%84mne:V3j1mm90z0wwy1p8

Lokal_Profil updated the task description. (Show Details)EditedJul 15 2019, 10:53 AM

Note that the above draft completely misses blog comments *facepalm*. I made a note over there about it.

Per https://www.wpbeginner.com/wp-themes/how-to-add-a-gdpr-comment-privacy-opt-in-checkbox-in-wordpress/ Wordpress automatically adds a checkbox for the comment-related cookie stored in the users browser, looks like that has been disabled in our theme.

Per https://www.wpbeginner.com/wp-themes/how-to-add-a-gdpr-comment-privacy-opt-in-checkbox-in-wordpress/ Wordpress automatically adds a checkbox for the comment-related cookie stored in the users browser, looks like that has been disabled in our theme.

@Evelina-Bang-WMSE I assume this should have been part of the set-up by the website developer (not theGeneration). Could you ping them about it?

I've triggered both a comment and a contact request using my andre.costa@ so that we can see exactly which data is collected.

Any "samtycke" text which we write should also be copied to https://se.wikimedia.org/wiki/Integritetspolicy/Samtycke

Lokal_Profil added a comment.EditedJul 17 2019, 6:47 AM

There is now an updated version of the Privacy policy covering the "contact us"-form waiting for a board confirmation.

@Evelina-Bang-WMSE Can you look at adding an acceptance checkbox (see T227740#5332234) with a text along the lines of "Genom att använda detta kontaktformulär godkänner jag att mina personuppgifter används i enlighet med <Integritetspolicyn>." Finally a prefix should be added to the e-mails so that we know they come from the webpage contact form (probably good to also filter them into a separate inbox to facilitate with the Rensningsrutin).

Lokal_Profil updated the task description. (Show Details)Jul 17 2019, 7:02 AM

@Evelina-Bang-WMSE Can you look at adding an acceptance checkbox (see T227740#5332234) with a text along the lines of "Genom att använda detta kontaktformulär godkänner jag att mina personuppgifter används i enlighet med <Integritetspolicyn>." Finally a prefix should be added to the e-mails so that we know they come from the webpage contact form (probably good to also filter them into a separate inbox to facilitate with the Rensningsrutin).

I've added an acceptance checkbox, and e-mails sent through the contact form now starts with "Wikimedia Sveriges kontaktformulär".

Per https://www.wpbeginner.com/wp-themes/how-to-add-a-gdpr-comment-privacy-opt-in-checkbox-in-wordpress/ Wordpress automatically adds a checkbox for the comment-related cookie stored in the users browser, looks like that has been disabled in our theme.

I found where to activate the checkbox, it should be visible now.

@Evelina-Bang-WMSE Can you look at adding an acceptance checkbox (see T227740#5332234) with a text along the lines of "Genom att använda detta kontaktformulär godkänner jag att mina personuppgifter används i enlighet med <Integritetspolicyn>." Finally a prefix should be added to the e-mails so that we know they come from the webpage contact form (probably good to also filter them into a separate inbox to facilitate with the Rensningsrutin).

I've added an acceptance checkbox, and e-mails sent through the contact form now starts with "Wikimedia Sveriges kontaktformulär".

Thanks. Marking this as done.

Per discussion in https://se.wikimedia.org/wiki/%C3%84mne:V3j1mm90z0wwy1p8 we'll deactivate the comments field

Lokal_Profil updated the task description. (Show Details)Jul 24 2019, 7:25 AM

Comments deactivated for new posts (Settings->Discussion-> ☐ Tillåt kommentarer på nya inlägg) and manually closed for all older posts (Settings->Discussion-> Stäng automatiskt kommentering på inlägg äldre än 0 dagar).

Pingbacks are still allowed (should be ok privacy wise).

I have not deleted older comments. There are 304 of these. There doesn't seem to be an easy way of just e.g. clearing out emails and IP-addresses so full delete may be the only option.

Lokal_Profil updated the task description. (Show Details)Jul 29 2019, 7:16 AM
Lokal_Profil updated the task description. (Show Details)

Per discussion. Delete old comments outright

Lokal_Profil updated the task description. (Show Details)Jul 29 2019, 2:47 PM
Lokal_Profil updated the task description. (Show Details)

All comments moved to the bin. I'll leave them there for two days before nuking in case there is a sudden response from someone who has missed the discussion.

All comments moved to the bin. I'll leave them there for two days before nuking in case there is a sudden response from someone who has missed the discussion.

Bin emptied

Lokal_Profil updated the task description. (Show Details)Aug 27 2019, 7:00 AM

Board contacted with a request to accept the changes to the Privacy Policy using the per capsulam mechanism.

Lokal_Profil updated the task description. (Show Details)Sep 4 2019, 7:03 AM

The board has decided for the changes and The policy has been updated.

@Evelina-Bang-WMSE Would you mind updating the version on Wordpress.

Lokal_Profil moved this task from This week to Done on the User-LokalProfil board.Sep 4 2019, 7:07 AM
Lokal_Profil moved this task from Backlog to In progress on the WMSE (IT) board.

The board has decided for the changes and The policy has been updated.
@Evelina-Bang-WMSE Would you mind updating the version on Wordpress.

Done

Lokal_Profil moved this task from In progress to Done on the WMSE (IT) board.Sep 23 2019, 1:59 PM

@Evelina-Bang-WMSE Would you mind updating the version on Wordpress.

Done

Thanks

Lokal_Profil closed this task as Resolved.Sep 30 2019, 10:43 AM
Lokal_Profil claimed this task.