[pmwiki-users] GDPR

Criss Ittermann crisses at kinhost.org
Wed Sep 5 04:52:58 PDT 2018

Hi, All,

California has adopted GDPR standards, making this no longer just an issue for people only dealing with the EU. And more municipalities will do this as time goes on.  Because everyone wants a piece of Facebook & Google's hugely profitable pie.  And the fines are steep enough to put any of us out of business or out of a house.

I believe PmWiki sets cookies for visitors, not just people who log in to the site to author.  I'm not sure how to circumvent the cookie setting, and make it contingent on consent.  "Using this site means you're OK with cookies" is not sufficient. Someone VISITING your site is not consent to put cookies on their machine, and sites doing that will probably eventually get sued.  Active consent is required.

So here's what I need help with:

A way to disable cookie setting until the website user clicks OK that the site will set cookies, and a persistent-until-clicked-OK banner to that effect with the button.  If they don't click OK, no cookies are set.  Former cookies (before a date set by the person setting it up) should be UN-set I would think, if they have previously used the site.  

And then we also need to TRACK their consent.  A SiteAdmin/GDPRCookieTracking page that logs the IP, timestamp, and author name if they have one that they consented might suffice. Yes it might get long.  But better a long log than no log at all.

This is EASIER if visitors don't have cookies set, then the login form &/or edit form need a GDPR checkbox that is UNchecked by default — it can disappear after the first time a cookie is set for that machine/author name, and we don't have to worry about all site visitors needing to click OK.

I can put up documentation on adding a GDPR compliance box to email submission forms on the PmForm site since I've worked on that before and doing so is fairly straightforward (for me anyway).  I will probably have to do the same for comments on some of my recipes. Yay.  So logging in to author, leaving comments (which contain potential personal identifying info like name, email, IP, and the comment content itself), and sending emails via PmWiki.....

Anyone else have particular GDPR-related needs? Can anyone think of other places user information is potentially collected (even IP address, etc.) and cookies set?

"The shipping labels of one U.S. electronics company may best capture just how global the marketplace has become: 'Made in one or more of the following countries: Korea, Hong Kong, Malaysia, Singapore, Taiwan, Mauritius, Thailand, Indonesia, the Philippines.  The exact country of origin is unknown.'"
 -- p. 47, Organizational Behavior 9th Edition, Luthans, 2002.

More information about the pmwiki-users mailing list