[META] Track 8: Create "Data privacy / compliance (GDPR, CCPA, cookie consent)" recipe

This is a track we are interested to collaborate on as Dropsolid.

Cross-linking the Github issue where GDPR was being discussed.

I think there are two parts to this:

1. Ensure Starshot is GDPR compliant OOTB
2. Provide a recipe for users who are planning to use cookies/tracking so they can easily remain compliant

Not sure if #2 is in v1? I guess it depends on how complex it would be.

Thanks @pameeela for creating this issue, and it sounds great that Dropsolid can contribute to this @daften.

About module choice, here's @roromedia's (from Austria) opinion about GDPR from the mentioned Github issue:

Currently I am favouring COOKiES → over eu_cookie_compliance, I like the usability of it and it is easily stylable.

@JPustkuchen, from the maintainers Drowl from Germany, later commented:

[...] we were coming from the eu_cookie_compliance module that we used in Drupal 7 but had many issues with that, COOKiES was the successor for us.

I am adding Starshot GDPR issues on Github and related MR in the Issue Summary, and a few related Drupal GDPR issues.

This track is in need of a lead. See Dries' blog post for more info, read about the track lead position → , or just apply now!

I've just applied as a track lead.

Congrats @Jürgen, to be the Tracklead! 🎉🍾
I think this is a big step and a lot to discuss and plan :)
Looking forward to a great recipe to tackle gdpr in starshot!

Thank you @grienauer, this is indeed a big one but with the help of all the experienced people in the community we will get a great standard defined and implemented. As a starting point, there is a great map and legislation overview that I just received from @kgertz: https://www.dlapiperdataprotection.com

Welcome to @pameeela, @daften, @ressa, @phenaproxima, @thejimbirch here too. I'm really looking forward to all the collaboration ahead of us.

jurgenhaas → credited kgertz → .

jurgenhaas → credited mazze → .

Let's kick off the actual work of this track. As I wanted to keep this meta issue in line with all the other track's meta issues, I've created a new planning issue #3467856: Scope and guideline for privacy and compliance → to break down the tasks and provide guidelines that should assist us while discussing and developing our deliverables. It also contains a list of next steps where I'm laying out my proposal on how we should go about all of this.

Of course, that issue is a draft and currently mainly driven by my own perspective and knowledge about the subject. This is open for discussion and improvements, and I'd like to encourage everyone to participate in that issue. Our goal should be to get to a consensus about it by the end of August, so just about 2 weeks from now.

In parallel, we can collect what I coined as the "Super-set feature set for privacy compliance" in #3467855: Super-set feature set for privacy compliance → . The idea is to get the global requirements into one list. That will result in features that will be too many for any single country, but it gives us the layout to do more research with Drupal agencies and target persona of Starshot. More about that strategy in the guideline issue's next steps. The "feature" list should not necessarily go into technical detail, it's more about high-level bullet points. I'm saying this as I believe that we need to raise awareness first before we should break this into technical tasks.

Please get engaged in those 2 issues, and invite others in your network to participate, too. We need as many perspectives as possible here.

There will be 2 recipes in the next couple of days that will provide the required functionality for this track. Their issues are 📌 Build privacy base recipe Active and 📌 Build privacy advanced recipe Active .

Hi all and especially @jurgenhaas! We recently had some basic discussions at COOKiES, which I'd like to inform you about:
COOKiES 2.x Vanilla JS rewrite: 📌 [2.x] Rewrite in Twig templates & Vanilla JS / TS Active
or deprecate COOKiES in favor of Klaro: 📌 Review Klaro module as alternative (and maybe join forces) Active

We're not yet sure, how we'll continue, but we'd love to get some feedback from the community! I think this might be relevant here, especially re #4

Thanks @anybody for youre input. We've decided to go with Klaro for Drupal CMS and here is our ADR that explains the decision process: https://git.drupalcode.org/project/drupal_cms/-/wikis/Architecture-Decis...

The other options have been ruled out for reasons also explained in that ADR. In short:

• Cookies module: the external library is not open source and the maintainer was unwilling to talk to us, despite huge effort to get in touch
• EU Cookie Compliance: big module, most users, but growing out of its scope and would have required a major rewrite of the module, according to the maintainers. Instead, they have been happy to change direction and provide a migration path from EU CC to Klaro for all existing users.

Thank you very very much @jurgenhaas! That underlines our plan to eventually join forces with Klaro! Great! (And sad I never recognized that project before)

That underlines our plan to eventually join forces with Klaro!

This is great news. Imagine we have all privacy experts of the Drupal community behind one global solution, well maintained.

And sad I never recognized that project before

A lot of us can relate to that. Klaro has been a well hidden champion. Looking at the usage statistics for the module, our decision already makes a difference and we should see a great future, not only for the module but also for all its users.