Page 2 of 49

Re: [3.2][RC] Privacy Policy

Posted: Tue Mar 20, 2018 8:43 pm
by tojag
David, I did a registration scenario several times and I do not know how to do it differently.
1. The new user accepts the forum rules.
2. A form for entering the required registration data appears - name, e-mail address, password, etc.
3. The account is created. DATA WILL BE GRABBED IN THE DATABASE. The account is waiting for activation. So there is no user GDPR approval yet. This can be checked in ACP for this user but the data is already collected.
4. The user activates the account.
5. The user logs in for the first time and must accept GDPR. Now the acceptance time of the privacy policy compliant with GDPR is registered. If the user accept privacy policy, everything is ok.
6. If the user has not activated the account or does not consented to the acceptance of GDPR, then his data is still in the forum database.

Have I missed any setting for new users?

In my opinion for new users it should be as follow:
1. The new user accepts the forum rules.
2. Next, new user should accept privacy policy compliant with GDPR and time of this accept should be registered.
3. Now forum can grab required registration data - name, e-mail, password, etc.
4. Creating account and waiting for activation.
So in the databese will always time of acceptation regulations and privacy policy.
If the user abandons the registration at any step, no data will be remembered without the acceptance of the regulations and consent to the privacy policy.

Where do I make a mistake?

Re: [3.2][RC] Privacy Policy

Posted: Tue Mar 20, 2018 9:50 pm
by david63
tojag wrote:
Tue Mar 20, 2018 8:43 pm
1. The new user accepts the forum rules.
There is no acceptance of forum rules in a vanilla phpBB install (and in any case it would be board rules)
tojag wrote:
Tue Mar 20, 2018 8:43 pm
2. Next, new user should accept privacy policy compliant with GDPR and time of this accept should be registered.
It is
tojag wrote:
Tue Mar 20, 2018 8:43 pm
3. The account is created. DATA WILL BE GRABBED IN THE DATABASE. The account is waiting for activation. So there is no user GDPR approval yet. This can be checked in ACP for this user but the data is already collected.
It makes no difference on how an an account is activated the user data has to be in the database at this stage otherwise how will you know about the user? By this stage the user has already accepted the GDPR
tojag wrote:
Tue Mar 20, 2018 8:43 pm
5. The user logs in for the first time and must accept GDPR. Now the acceptance time of the privacy policy compliant with GDPR is registered. If the user accept privacy policy, everything is ok.
They have already accepted the GDPR
tojag wrote:
Tue Mar 20, 2018 8:43 pm
6. If the user has not activated the account or does not consented to the acceptance of GDPR, then his data is still in the forum database.
If the user does not accept the GDPR then they will not have registered and there will be no data in the database

I think you are trying to make this more difficult than it needs to be.

Re: [3.2][RC] Privacy Policy

Posted: Tue Mar 20, 2018 10:07 pm
by tojag
David, but now I have a situation like in the first scenario 1-6. That's how it works with Your extension. I do not understand why you put in point 2 from the second scenario. That's how it should work, but it does not work that way. Not for me. What am I doing wrong? I have a standard first registration screen, followed by a data entry form and confirmation of account creation. I do not see information about GDPR from your extension. It is only when the user first logs on a request to accept GDPR appears.
I will test tomorrow.

Re: [3.2][RC] Privacy Policy

Posted: Thu Mar 22, 2018 11:40 am
by swissboy
Thank you very much! A very important extensiom. Without it a lot of phpBB forums had to be closed in the EU.

Is there a link for donations?

Re: [3.2][RC] Privacy Policy

Posted: Thu Mar 22, 2018 2:36 pm
by tojag
swissboy wrote:
Thu Mar 22, 2018 11:40 am
Without it a lot of phpBB forums had to be closed in the EU.
I agree! We as admins should doing according to law.
I know that most people disregard this, but sometimes one dissatisfied user is enough to bring about bankruptcy. I am not FB, MS or G. I can not allow it.
David, You do cool things. Thanks!

Re: [3.2][RC] Privacy Policy

Posted: Thu Mar 22, 2018 2:53 pm
by Bermudez
tojag wrote:
Thu Mar 22, 2018 2:36 pm
swissboy wrote:
Thu Mar 22, 2018 11:40 am
Without it a lot of phpBB forums had to be closed in the EU.
I agree! We as admins should doing according to law.
I know that most people disregard this, but sometimes one dissatisfied user is enough to bring about bankruptcy. I am not FB, MS or G. I can not allow it.
David, You do cool things. Thanks!
I totally agree too. This is a great and useful extension. Image

Re: [3.2][RC] Privacy Policy

Posted: Fri Mar 23, 2018 11:02 am
by tojag
David,
My remarks after next tests.
In the features of the extension you wrote:
1. "Cookie: Prevent login/registration until the Cookie Policy has been accepted."

Please consider whether it would be impossible to treat the date of registration as the date of acceptance of the privacy policy. After all, the user has accepted the policy if enforcement is enabled.
Until the first login, I collected data from the registration form, and I have no registered time of acceptance of the privacy policy by the user. They only accept it at the first login. It would look as if I was collecting data without the user's consent. I write about it because in my forum I have many users who created an account (that is they gave me data) but never activated it or did not log in. Each forum has such users.

2. "Privacy: Will add a privacy agreement to the Registration agreement for new members."

Does this mean that I can add a text with the privacy policy as another one step to accept during registration? Would be good but I do not see this option. How to enable it? If I have previously accepted the privacy policy when browsing the site, then at the time of registration, I do not have this request. Appears at the first login, that is after registration, not before. Additionally if I try to register next account from this browser session or if the browser remember cookies, any request of acceptance privacy policy does not appear durning registration. It is possible that someone else will want to register from the same computer and will not receive the appropriate message until the first login (but it is not known if he will log in at all).

3. And..
Can the data from additional custom profile fields be displayed in privacy details in the UCP? For example, if I add 'gender', 'children', etc. Of course, these fields can be displayed elsewhere but can they be in the UCP privacy details of your extension? You probably would have to add a checkbox in ACP to indicate whether the field is a personal data or not.

Thank you again for your extension and your hard work.

Re: [3.2][RC] Privacy Policy

Posted: Fri Mar 23, 2018 11:13 am
by david63
Point 2 - there is a bug stopping that from happening which will be fixed in the next release.
tojag wrote:
Fri Mar 23, 2018 11:02 am
Can the data from additional custom profile fields be displayed in privacy details in the UCP?
Yes - in one of two ways.

1. If the CPF starts with phpbb then it will be automatically picked up, if the field has been enabled.

2. There are events within the extension that will allow another extension to add data.

Re: [3.2][RC] Privacy Policy

Posted: Fri Mar 23, 2018 12:17 pm
by tojag
Thanks for your reply.
david63 wrote:
Fri Mar 23, 2018 11:13 am
1. If the CPF starts with phpbb then it will be automatically picked up, if the field has been enabled.
It works fine! :)

David, do You need some extra tests?
As I wrote before, there is some problems on Edge and IE.

I think that this extension should be built in the core (as it is in the case of COPPA) or should be patronized by the phpBB team as the official extension for phpBB compliance with the law.

Thanks David!

Re: [3.2][RC] Privacy Policy

Posted: Fri Mar 23, 2018 3:29 pm
by </Solidjeuh>
Dutch translation 2.1.0-rc1:
https://github.com/Solidjeuh/Privacy-policy

=== EDIT ===

I have this ext installed: External Links Open in New Window
https://www.phpbb.com/customise/db/extension/elonw/

Users can click on links, the popup message opens and says you can't use links untill they accept the cookies. BUT after closing the popup, the websites still opens in a new tab.

& in UCP, the "Location" field cannot be translated, I see no language string for that in the files.

Image

Re: [3.2][RC] Privacy Policy

Posted: Fri Mar 23, 2018 11:01 pm
by tojag
Froddelaar wrote:
Fri Mar 23, 2018 3:29 pm
& in UCP, the "Location" field cannot be translated, I see no language string for that in the files.
I confirm it.

Edit:
The names are probably taken from phpbb_profile_lang because when I changed the value of the lang_name field in this table it changed in UCP.

Edit2:
You can create a new CPF field called phpbb_LOCATION where LOCATION in your language. I checked, it works, but... the difficulty will be if you need diacritics.

Re: [3.2][RC] Privacy Policy

Posted: Fri Mar 23, 2018 11:16 pm
by 3Di
Froddelaar wrote:
Fri Mar 23, 2018 3:29 pm
& in UCP, the "Location" field cannot be translated, I see no language string for that in the files.
That's a native string, common.php
'LOCATION' => 'Location',

You may override it I guess, in ACP/users / profilefields / [b]phpbb_location[/b] ...

at the bottom of that page http://prntscr.com/ivjv4n

Re: [3.2][RC] Privacy Policy

Posted: Fri Mar 23, 2018 11:19 pm
by </Solidjeuh>
3Di wrote:
Fri Mar 23, 2018 11:16 pm
Froddelaar wrote:
Fri Mar 23, 2018 3:29 pm
& in UCP, the "Location" field cannot be translated, I see no language string for that in the files.
That's a native string, common.php
'LOCATION' => 'Location',

You may override it I guess, in ACP/users / profilefields / [b]phpbb_location[/b] ...

at the bottom of that page http://prntscr.com/ivjv4n
It's translated in the language/nl/common.php file

Code: Select all

'LOCATION'							=> 'Locatie',
But still in English in this ext

Re: [3.2][RC] Privacy Policy

Posted: Fri Mar 23, 2018 11:22 pm
by 3Di
Froddelaar wrote:
Fri Mar 23, 2018 11:19 pm
3Di wrote:
Fri Mar 23, 2018 11:16 pm
Froddelaar wrote:
Fri Mar 23, 2018 3:29 pm
& in UCP, the "Location" field cannot be translated, I see no language string for that in the files.
That's a native string, common.php
'LOCATION' => 'Location',

You may override it I guess, in ACP/users / profilefields / [b]phpbb_location[/b] ...

at the bottom of that page http://prntscr.com/ivjv4n
It's translated in the language/nl/common.php file

Code: Select all

'LOCATION'							=> 'Locatie',
But still in English in this ext
Look at my screenshot, instead of LOCATION digit Locatie, what happens?

Re: [3.2][RC] Privacy Policy

Posted: Fri Mar 23, 2018 11:24 pm
by </Solidjeuh>
3Di wrote:
Fri Mar 23, 2018 11:22 pm
Froddelaar wrote:
Fri Mar 23, 2018 11:19 pm
3Di wrote:
Fri Mar 23, 2018 11:16 pm
Froddelaar wrote:
Fri Mar 23, 2018 3:29 pm
& in UCP, the "Location" field cannot be translated, I see no language string for that in the files.
That's a native string, common.php
'LOCATION' => 'Location',

You may override it I guess, in ACP/users / profilefields / [b]phpbb_location[/b] ...

at the bottom of that page http://prntscr.com/ivjv4n
It's translated in the language/nl/common.php file

Code: Select all

'LOCATION'							=> 'Locatie',
But still in English in this ext
Look at my screenshot, instead of LOCATION digit Locatie, what happens?
But that will also show "Locatie" to English users .. ?