GDPR Cookie Consent

[ddfridley]

When the user first visits our website, we need them to agree to cookies.

• There is branch enciv-home/cookie-consent that has vanilla-cookieconsent installed and poping up. But that code needs to be moved to civil-server and the rest of the changes made.

• From the above, the loading of css doesn't work in storybook, but does in npm run dev.

• app/server/routes/react-server-render will need to be modified so that the things that require cookies are not run, but that code is incorporated into cookie-consent

• Create a new model using mongo-collections for consent. Use that to store consent.

• think about, but not required, how a new module could add additional things that require consent, without having to edit an existing module.

• You will have to go to the developers console - Applications to clear your cookies during testing.

[justin-b-yee]

Hi @ddfridley:

I just wanted to make sure I understand the specs correctly.

Is the new mongo-collections model just to store/manage a list of consent options that are displayed in the popup, and the consent options themselves are stored client-side via the package? And then in server-react-render the options are passed in the request and accessed through req.cookies?.OPTION to determine what to enable/disable?

[ddfridley]

See this the-ultimate-checklist-for-gdpr-compliant-websites for background info. This task has some figuring out to do.

The collection is for recording the date, what was consented to, and any information we have (like IP address) on who consented, but also userId if we have it. What we do with that information in the future isn't clear or well defined. Maybe we just have to have it around as proof. But we can create issues for what to do with the info as we figure it out.