- when organisers are enabling event registration
- then clickwrap agreement should appear on the enable registration form
- When an organiser tries to access the response statistics tab
- and the organiser did not accept the clickwrap agreement
- then clickwrap agreement should appear
- Whatever the DB schema used, it should be kept out of the usual data replication flow — wiki replicas, Wikimedia Dumps
- The table should not contain any identifying information, other than the usual organizer ID
- Clickwrap text for event creator:
To view the aggregated responses of participants, you must accept the following:
- Clickwrap text for additional organizers:
To view participant personal identifiable information, you must accept the following:
- Don't forget to have a generic version of the terms and conditions as a default
|Clickwrap appears when the event creator is enabling registration. Design specs||Clickwrap appears here for additional organizers or if the event creator didn't accept when enabling registration. Design specs|
- Legal review (done)
- Trust & Safety review (done)
- Security/privacy engineering review (done)
- db tasks?
The campaigns registration system is designed to enable people to register for events while optionally providing a number of identifying details. As more groups of users are expected to access the information collected about event participants, there are increasing concerns about the privacy and security of participants' personally identifiable information (PII).
We want to inform organizers how they should handle such data, and what they can and not do with it and also hold them accountable.
To do this we have we would show them a “Clickwrap” agreement to confirm they'll treat the information with appropriate care as described in the agreement or in a linked document rather than requiring them to go through the traditional NDA for users (Access to nonpublic data policy "ANPDP"),
Target Audience for the Clickwrap Agreement
- Event creator
- Additional organizers
- How might we determine the appropriate moment to show the clickwrap agreement to organizers?
- - How might other organizers(apart from the event creator) access the clickwrap and how might we limit access to PII to only those organizers who have agreed to the clickwrap agreement?
- How might we store and provide easy access to the clickwrap agreement for organizers in case they want to revoke their access to PII?