Page MenuHomePhabricator

Web form: add information about management of personal data
Closed, ResolvedPublic

Description

We have a contact form on wikimedia.se - we should add information about management of personal data somewhere close to it. See e-mail from The Generation on July 10.

Additionally we have comment form connected to each blog post.


Contact form:

  • Decide on Privacy Policy update
    • Decide on rephrasing
    • Formally accept the new change
    • Update the on-site version of the privacy policy
    • Point link in checkbox to on-site version of the privacy policy
  • Decide on rensninsrutin update
  • Implement needed changes on webpage
  • Update Rensningsinstruktion document

Comment field:
Comments will be disabled.

  • Decide on Privacy Policy update
  • Decide on rensninsrutin update
  • Implement needed changes on webpage
  • Update Rensningsinstruktion dokument
  • Deactivate comments
  • Clear out personal data from older comments (or delete them entirely)
  • Delete all comments on the old (redirected) blog.

Event Timeline

This hooks into T225491: Sign personuppgiftsbiträdesavtal with theGeneration and add them to privacy policy subpages (which contains a checkbox where we state that we've handled this ourselves)

Basic consent:
Our form uses contactform-7. It's fairly easy to add an "acceptance-checkbox" https://contactform7.com/acceptance-checkbox/.
Some more info exists over at https://contactform7.com/2018/04/16/how-to-make-privacy-friendly-contact-forms/

But we need to define the details of how what is entered is stored, processed and for how long.

From a data purge perspective it should be possible to add a prefix to the e-mails and then search for all e-mails with that prefix (older than a certain time) and delete them.

Lokal_Profil added subscribers: Jopparn, Historiker.

But we need to define the details of how what is entered is stored, processed and for how long.

See draft at https://se.wikimedia.org/wiki/%C3%84mne:V3j1mm90z0wwy1p8

Note that the above draft completely misses blog comments *facepalm*. I made a note over there about it.

Per https://www.wpbeginner.com/wp-themes/how-to-add-a-gdpr-comment-privacy-opt-in-checkbox-in-wordpress/ Wordpress automatically adds a checkbox for the comment-related cookie stored in the users browser, looks like that has been disabled in our theme.

Per https://www.wpbeginner.com/wp-themes/how-to-add-a-gdpr-comment-privacy-opt-in-checkbox-in-wordpress/ Wordpress automatically adds a checkbox for the comment-related cookie stored in the users browser, looks like that has been disabled in our theme.

@Evelina-Bang-WMSE I assume this should have been part of the set-up by the website developer (not theGeneration). Could you ping them about it?

I've triggered both a comment and a contact request using my andre.costa@ so that we can see exactly which data is collected.

There is now an updated version of the Privacy policy covering the "contact us"-form waiting for a board confirmation.

@Evelina-Bang-WMSE Can you look at adding an acceptance checkbox (see T227740#5332234) with a text along the lines of "Genom att använda detta kontaktformulär godkänner jag att mina personuppgifter används i enlighet med <Integritetspolicyn>." Finally a prefix should be added to the e-mails so that we know they come from the webpage contact form (probably good to also filter them into a separate inbox to facilitate with the Rensningsrutin).

@Evelina-Bang-WMSE Can you look at adding an acceptance checkbox (see T227740#5332234) with a text along the lines of "Genom att använda detta kontaktformulär godkänner jag att mina personuppgifter används i enlighet med <Integritetspolicyn>." Finally a prefix should be added to the e-mails so that we know they come from the webpage contact form (probably good to also filter them into a separate inbox to facilitate with the Rensningsrutin).

I've added an acceptance checkbox, and e-mails sent through the contact form now starts with "Wikimedia Sveriges kontaktformulär".

Per https://www.wpbeginner.com/wp-themes/how-to-add-a-gdpr-comment-privacy-opt-in-checkbox-in-wordpress/ Wordpress automatically adds a checkbox for the comment-related cookie stored in the users browser, looks like that has been disabled in our theme.

I found where to activate the checkbox, it should be visible now.

@Evelina-Bang-WMSE Can you look at adding an acceptance checkbox (see T227740#5332234) with a text along the lines of "Genom att använda detta kontaktformulär godkänner jag att mina personuppgifter används i enlighet med <Integritetspolicyn>." Finally a prefix should be added to the e-mails so that we know they come from the webpage contact form (probably good to also filter them into a separate inbox to facilitate with the Rensningsrutin).

I've added an acceptance checkbox, and e-mails sent through the contact form now starts with "Wikimedia Sveriges kontaktformulär".

Thanks. Marking this as done.

Per discussion in https://se.wikimedia.org/wiki/%C3%84mne:V3j1mm90z0wwy1p8 we'll deactivate the comments field

Comments deactivated for new posts (Settings->Discussion-> ☐ Tillåt kommentarer på nya inlägg) and manually closed for all older posts (Settings->Discussion-> Stäng automatiskt kommentering på inlägg äldre än 0 dagar).

Pingbacks are still allowed (should be ok privacy wise).

I have not deleted older comments. There are 304 of these. There doesn't seem to be an easy way of just e.g. clearing out emails and IP-addresses so full delete may be the only option.

Per discussion. Delete old comments outright

All comments moved to the bin. I'll leave them there for two days before nuking in case there is a sudden response from someone who has missed the discussion.

All comments moved to the bin. I'll leave them there for two days before nuking in case there is a sudden response from someone who has missed the discussion.

Bin emptied

Board contacted with a request to accept the changes to the Privacy Policy using the per capsulam mechanism.

Lokal_Profil claimed this task.