Themes

Essential V3.4.1.1 - beta with Privacy API - released.

 
Gareth J Barnard
Essential V3.4.1.1 - beta with Privacy API - released.
Core developersParticularly helpful MoodlersPlugin developers

Hello,

Firstly.... do not install this update unless you are running Moodle 3.4.2 and above.  Secondly, if you use the analytics settings then also think carefully before upgrading and read in full what I have to say here.

V3.4.1.1(beta) for M3.4.2: https://moodle.org/plugins/pluginversion.php?id=16438

Ok....

Because of the new EU GDPR regulation that comes into force on the 25th May 2018 there is now a new Privacy API in Moodle (https://docs.moodle.org/dev/Privacy_API) - this is only available in Moodle inter-version versions of 3.3+.  In the case of 3.4 that is 3.4.2.  All plugins will need to either state why they are not affected or describe the user data they do along with other methods to export that data.

To learn more about this area, then please consider looking at:

https://moodle.org/mod/forum/discuss.php?d=352538

https://moodle.org/mod/forum/discuss.php?d=365857

Also as the plugin area of Moodle.org does not support specifying specific versions for this I've raised MDLSITE-5390.

From an Essential theme point of view I have examined the settings and apart from the analytics could not find any storage of 'user related' data - at least not on purpose by the theme.  But, I am not a lawyer and welcome any input in this area pertaining to Essential if you consider there is a gap in the code for coping with GDPR. I have done some testing with the data privacy tool - https://moodle.org/plugins/tool_dataprivacy - but that is under development too and does not seem to show the 'privacy' statement within the theme but it looks as if it will.

Essential's privacy statement is as follows: "The Essential theme stores lots of settings that pertain to its configuration.  None of the settings are related to a specific user.  It is your responsibility to ensure that no user data is entered in any of the free text fields.  Setting a setting will result in that action being logged within the core Moodle logging system against the user whom changed it, this is outside of the themes control, please see the core logging system for privacy compliance for this.  The analytics settings and associated data in the database have been removed until this area is more understood from a legal perspective, as it was possible to request that userid's were recorded.  Please examine the code carefully to be sure that it complies with your interpretation of your privacy laws.  I am not a lawyer and my analysis is based on my interpretation.  If you have any doubt then remove the theme forthwith."

With the analytics there was the option to request that the user id was passed to the external analytics software.  This seemed to me at the current time to be a grey area.  Therefore this version - 3.4.1.1 - removes the analytics settings and their values in the database.  Therefore if you don't have a backup of those setting values then do make a note of them before upgrading.  If you require analytics and do not need to comply with GDPR then for the moment, I suggest you don't upgrade.

It is my intent to implement the privacy API for all my current plugins for all the major Moodle versions it is implemented in.  This may or may not be before 25th May 2018.

Comments / thoughts appreciated.

Gareth


 
Average of ratings: Useful (2)