Details

    • Epic Status:
      To Do

      Description

      Motivation

      To comply with the regulations governing cookies under the GDPR and the ePrivacy Directive sites must:

      • Receive users' consent before you use any cookies except strictly necessary cookies.
      • Provide accurate and specific information about the data each cookie tracks and its purpose in plain language before consent is received.
      • Document and store consent received from users.
      • Allow users to access your service even if they refuse to allow the use of certain cookies
      • Make it as easy for users to withdraw their consent as it was for them to give their consent in the first place.

      Liferay DXP uses cookies for several purposes, but it still misses:

      • Documentation of cookies by purpose. Some resources document the cookies, but it is not clear if they are strictly necessary or not. See https://help.liferay.com/hc/en-us/articles/360049373272 
      • Clean-up of unused cookies: some uses such as SCREEN_NAME are added but not used. 
      • Out-of-the-box opt-in solution: site admins should be able to disable non-strictly necessary cookies, and configure an opt-in form that will be displayed when the user browsers the site. This form describes the cookies used by the site (by default only Liferay's, but should be extensible to contain other custom cookies) and only if the user accepts their use, it will be added to the browser.

      Goals

      This epic aims to cover the above described aspects, to facilitate the compliance of Liferay-based sites with data protection regulations.

      Requirements

      • Admin:
        • A virtual instance and/or site option to enable/disable opt-in panel. 
        • An App to admin opt-in options, and support 3rd party extension :
          • Description
          • Purpose (strictly necessary, performance...)
          • Variable (what will be set if checked)
      • User:
        • If the option is enabled, then first time the user accesses the site will be prompted with the opt-in panel
        • The opt-in panel:
          • Has an Accept All option
          • Has a Customize Options
        • Customize options:
          • Contain information about each tracking/collecting mechanism (cookies, etc), both strictly and non-strictly necessary, their purpose and - if not strict - an by default disabled toggle. REMEMBER: DEFAULT IS NO-TRACK/COLLECT FOR EVERYTHING
        • Liferay tracking (cookies, etc) will be disabled for that user unless they have been expressly opted-in. 
      • Developer:
        • Read the variable to disable/enable 3rd party integrations

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              zsigmond.rab Zsigmond Rab
              Reporter:
              eduardo.garcia Eduardo García
              Recent user:
              Eduardo García
              Participants of an Issue:
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:

                  Packages

                  Version Package