Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Solution needed for GDPR Compliance #3699

Open
camikazegreen opened this issue Sep 11, 2024 · 0 comments
Open

Solution needed for GDPR Compliance #3699

camikazegreen opened this issue Sep 11, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@camikazegreen
Copy link
Contributor

Motivation

Arizona International has suspended all paid advertising in the European market until we (as a university) have a solution in place for GDPR Compliance.

Proposed Resolution

Describe the solution you'd like

I would like a solution in place that:

  • meets the compliance requirements of the GDPR
  • has the approval of the Privacy Office
  • has the approval of the Office of the General Council (OGC)
  • ideally is non-disruptive outside of the markets where it is required (example: not causing annoying pop-ups or consent banners in the US)
  • works correctly with our GTM consent mode implementation

Describe alternatives you've considered

  1. The Privacy Office has worked with Meredith Aaronson to explore a fully comprehensive solution using onetrust. This would have been a more enterprise wide data privacy solution that included provisions for the right to be forgotten (and more) and would have been implemented across all of the university's data systems (Trellis, UAccess Student, etc.). Onetrust also has a Drupal module available that would connect into this greater solution, but doesn't seem to function without that larger contract. The implementation of this broader solution seems to be off the table for now.

  2. There are open source solutions available like the Cookies Consent Manager Module that are designed more specifically as a solution to providing consent for tracking cookies for anonymous users to our websites. This solution integrates with Google Tag Manager's consent mode, but does not assume any liability for compliance with GDPR. If this solution is selected, the liability for compliance will need to be assumed by the privacy office and OGC.

Roles and Permissions considerations

A clear and concise description of how each of the following roles would be impacted by this change:

  • Anonymous user
    Should be offered consent options in relevant markets
  • Authenticated user
    Likely doesn't need to be offered consent options, but this is probably worth discussion since there are use cases for authenticated users that don't have any other roles on the site.
  • Content editor
    No change
  • Content administrator
    Should be able to administer Cookie management
  • Administrator
    Should be able to enable/disable any relevant modules

Additional context

Ryan Dool in Marketing & Brand Development and Cameron Green in Campus Web Services will work with the Privacy office to gain the necessary approvals for our solution.
@joeparsons joeparsons added the enhancement New feature or request label Sep 11, 2024
joeparsons added a commit that referenced this issue Sep 11, 2024
@joeparsons
#3699: Add COOKiES module for testing/evaluation
14f5f1e
joeparsons added a commit that referenced this issue Sep 11, 2024
@joeparsons
#3699: Add EU Cookie Compliance module (+ Smart IP module) for testin…
a6b0258 
…g/evaluation.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@joeparsons @camikazegreen