Acceptance criteria
- when organisers are enabling event registration
- then clickwrap agreement should appear on the enable registration form
- When an organiser tries to access the response statistics tab
- and the organiser did not accept the clickwrap agreement
- then clickwrap agreement should appear
- Whatever the DB schema used, it should be kept out of the usual data replication flow — wiki replicas, Wikimedia Dumps
- The table should not contain any identifying information, other than the usual organizer ID
- Clickwrap text for event creator:
To view the aggregated responses of participants, you must accept the following:
I agree to handle the participant information collected during event registration with care and in accordance with the Terms of Use.
- Clickwrap text for additional organizers:
To view participant personal identifiable information, you must accept the following:
I agree to handle the participant information collected during event registration with care and in accordance with the Terms of Use.
TDB
- Don't forget to have a generic version of the terms and conditions as a default
Design
Clickwrap appears when the event creator is enabling registration. Design specs | Clickwrap appears here for additional organizers or if the event creator didn't accept when enabling registration. Design specs |
External dependencies
- Legal review (done)
- Trust & Safety review (done)
- Security/privacy engineering review (done)
Other dependencies
- db tasks?
More context
Background:
The campaigns registration system is designed to enable people to register for events while optionally providing a number of identifying details. As more groups of users are expected to access the information collected about event participants, there are increasing concerns about the privacy and security of participants' personally identifiable information (PII).
We want to inform organizers how they should handle such data, and what they can and not do with it and also hold them accountable.
To do this we have we would show them a “Clickwrap” agreement to confirm they'll treat the information with appropriate care as described in the agreement or in a linked document rather than requiring them to go through the traditional NDA for users (Access to nonpublic data policy "ANPDP"),
Target Audience for the Clickwrap Agreement
- Event creator
- Additional organizers
Challenges:
- How might we determine the appropriate moment to show the clickwrap agreement to organizers?
- - How might other organizers(apart from the event creator) access the clickwrap and how might we limit access to PII to only those organizers who have agreed to the clickwrap agreement?
- How might we store and provide easy access to the clickwrap agreement for organizers in case they want to revoke their access to PII?