Admin tools: Data privacy

Maintained by Picture of Moodle HQ Moodle HQ, Picture of Jun Pataleta Jun Pataleta, Picture of David Monllaó David Monllaó
Provides the workflow for users to submit subject access requests and for site administrators and privacy officers to process these requests.
73 sites
7 fans
The plugin makes use of API available only in Moodle 3.3.5, 3.4.2 and higher.

The Data Privacy plugin forms part of Moodle’s privacy feature set and will assist sites to become GDPR compliant. It is a first iteration of this feature and will continue to be updated and refined over the next few weeks.

This plugin provides the workflow for users to submit subject access requests and for site administrators and privacy officers to process these requests. The subject access request process currently retrieves the user information from the following core plugins:

  • Choice Activity Module
  • HTML Block
  • User Tours

Support for retrieving user information from the remaining core plugins will be added over the next few weeks. The plugin will also be further extended to include functionality for data erasure requests and the data registry to define a purpose and retention period for data stored in a Moodle site.

This plugin requires the latest minor release of Moodle (3.4.2, 3.3.5). It will be integrated in the Moodle 3.5 release in May 2018.


This plugin is part of set GDPR.


Screenshot #0
Screenshot #1


Please login to view contributors details and/or to contact them

Comments RSS

Show comments
  • Picture of Justin Hunt
    Wed, 11 Apr 2018, 1:53 PM
    I am testing my plugins against this nice tool, and it seems like some things are missing. Perhaps its just early days .. but in addition to /export/delete I would expect a 'view' option, to be able to see what the data we had on a user. Also in the list of submitted requests, shouldn't there be a "user name" column?
  • Picture of Jake Dallimore
    Wed, 11 Apr 2018, 2:17 PM
    Hi Justin,

    The requirements for the plugin are largely centred around the rights of users; their right of access to their personal data, and their right to be forgotten. Whilst there is a requirement that organisations operating under GDPR must be able to produce registers, describing all personal data they capture, we didn't identify any such requirement allowing Data Protection Officers or Privacy Officers to view the actual personal data for a given user. This would most probably be considered a nice to have, but unfortunately given time constraints, we haven't planned to include this yet.
  • KuwaitBus
    Wed, 11 Apr 2018, 11:03 PM
    Ziyad I am also trying to assign a Data Protection officer with this plugin. By the looks of things, when a user requests to contact the Data Protection officer, the Site admin email account is put in by default.

    Following Jun's instructions sets up the Data Protection officer to receive a message whenever a user clicks "Contact Data Protection officer" in their profile and replaces the admin.

    However, this only works for the general enquiries at the moment. When a user submits a Delete or Export request, the Data Protection Officers don't receive any message. Hope this is added soon.
  • Picture of Nick Varney
    Mon, 16 Apr 2018, 3:57 PM
    Apologies in repeating my question but I need to know if I've configured the plugin correctly. Does this solely output .json files when exporting the data?
  • Picture of Wendy Hesta
    Tue, 17 Apr 2018, 2:06 AM
    Hi there, I have installed the plugin and followed the 13 steps above. Just I don't see any option to ask for a data request as a user. What am I doing wrong or missing?
  • Picture of Zig Tan
    Tue, 17 Apr 2018, 9:59 AM
    Hi Nick,

    Yes, when exporting user data the output data will be in JSON format and this is handled by the privacy\classes\local\request\moodle_content_writer.php class.

    The name of the exported data JSON file depends on the particular plugin's logic implemented in the export_user_data() function, but by default most plugin's export data will have the name 'data.json'.

    The data export of associated physical files is also supported in the same class.

    For this upcoming release, the exported user data and physical files will be organized in a logical folder structure that reflects the Moodle context hierarchy so it is intuitive for users to navigate and access their data.

    But we are also looking to add way to present the exported data with a easy-to-use user interface as well, for example, in a web browser.
  • Picture of Helen Foster
    Tue, 17 Apr 2018, 9:16 PM
    Hi Wendy,

    Users should be able to request data via a 'Data requests' link on their profile page. Please see the documentation for more details.

    You can also try things out on the Moodle GDPR sandbox demo site
  • Picture of Dinis Medeiros
    Wed, 18 Apr 2018, 3:53 AM
    String {dataprivacysettings/tool_dataprivacy} can't be translated. It isn't in lang file.
    Can you insert it? TIA
    I'm a PT translator
  • Picture of David Monllaó
    Tue, 24 Apr 2018, 4:41 PM
    Hi Dinis,

    Thanks for commenting, that language string does not exist any more so no need to translate it.
  • Picture of Dinis Medeiros
    Tue, 24 Apr 2018, 10:53 PM
    When i try to access "Plugin privacy registry" i got this:
    Fatal error: Interface 'core_privacy\metadata\null_provider' not found in /public_html/moodle/blocks/filtered_course_list/classes/privacy/provider.php on line 36
    Any help? TIA
  • Picture of David Monllaó
    Tue, 24 Apr 2018, 11:09 PM
    Hi Dinis,

    What moodle version are you using? Note that this plugin works with Moodle 3.4.2 and Moodle 3.3.5 (onwards).
  • Picture of David Monllaó
    Tue, 24 Apr 2018, 11:10 PM
    Another possible explanation is that is not pointing to the correct null_provider class location.
  • Picture of Dinis Medeiros
    Wed, 25 Apr 2018, 2:40 AM
    I'm using version 3.4.2 (20180319)
    I uninstalled the block_filtered_course_list and i got this:

    Exception - Call to undefined method core_component::get_component_list()

    Debug info:
    Error code: generalexceptionmessage
    Stack trace:

    line 125 of /admin/tool/dataprivacy/classes/metadata_registry.php: Error thrown
    line 46 of /admin/tool/dataprivacy/classes/metadata_registry.php: call to tool_dataprivacy\metadata_registry->get_full_component_list()
    line 41 of /admin/tool/dataprivacy/pluginregistry.php: call to tool_dataprivacy\metadata_registry->get_registry_metadata()
  • Picture of David Monllaó
    Wed, 25 Apr 2018, 2:55 PM
    Thanks for the report Dinis. We are fixing this issue right now. We will release new versions of the tool in a few hours.
  • Picture of David Monllaó
    Wed, 25 Apr 2018, 3:44 PM
    Hi Dinis,

    We released 2 new versions for each major branch (Moodle 3.3 and Moodle 3.4) the first one hides the plugins registry link as it requires a function that is not available until 12 April Moodle core versions. The second commit adds the plugins registry back, requiring 12 April moodle core versions.
1 2
Please login to post comments