[META] Track 8: Create "Data privacy / compliance (GDPR, CCPA, cookie consent)" recipe

This is a track we are interested to collaborate on as Dropsolid.

Cross-linking the Github issue where GDPR was being discussed.

I think there are two parts to this:

1. Ensure Starshot is GDPR compliant OOTB
2. Provide a recipe for users who are planning to use cookies/tracking so they can easily remain compliant

Not sure if #2 is in v1? I guess it depends on how complex it would be.

Thanks @pameeela for creating this issue, and it sounds great that Dropsolid can contribute to this @daften.

About module choice, here's @roromedia's (from Austria) opinion about GDPR from the mentioned Github issue:

Currently I am favouring COOKiES → over eu_cookie_compliance, I like the usability of it and it is easily stylable.

@JPustkuchen, from the maintainers Drowl from Germany, later commented:

[...] we were coming from the eu_cookie_compliance module that we used in Drupal 7 but had many issues with that, COOKiES was the successor for us.

I am adding Starshot GDPR issues on Github and related MR in the Issue Summary, and a few related Drupal GDPR issues.

This track is in need of a lead. See Dries' blog post for more info, read about the track lead position → , or just apply now!

I've just applied as a track lead.

Congrats @Jürgen, to be the Tracklead! 🎉🍾
I think this is a big step and a lot to discuss and plan :)
Looking forward to a great recipe to tackle gdpr in starshot!

Thank you @grienauer, this is indeed a big one but with the help of all the experienced people in the community we will get a great standard defined and implemented. As a starting point, there is a great map and legislation overview that I just received from @kgertz: https://www.dlapiperdataprotection.com

Welcome to @pameeela, @daften, @ressa, @phenaproxima, @thejimbirch here too. I'm really looking forward to all the collaboration ahead of us.

jurgenhaas → credited kgertz → .

jurgenhaas → credited mazze → .

Let's kick off the actual work of this track. As I wanted to keep this meta issue in line with all the other track's meta issues, I've created a new planning issue #3467856: Scope and guideline for privacy and compliance → to break down the tasks and provide guidelines that should assist us while discussing and developing our deliverables. It also contains a list of next steps where I'm laying out my proposal on how we should go about all of this.

Of course, that issue is a draft and currently mainly driven by my own perspective and knowledge about the subject. This is open for discussion and improvements, and I'd like to encourage everyone to participate in that issue. Our goal should be to get to a consensus about it by the end of August, so just about 2 weeks from now.

In parallel, we can collect what I coined as the "Super-set feature set for privacy compliance" in #3467855: Super-set feature set for privacy compliance → . The idea is to get the global requirements into one list. That will result in features that will be too many for any single country, but it gives us the layout to do more research with Drupal agencies and target persona of Starshot. More about that strategy in the guideline issue's next steps. The "feature" list should not necessarily go into technical detail, it's more about high-level bullet points. I'm saying this as I believe that we need to raise awareness first before we should break this into technical tasks.

Please get engaged in those 2 issues, and invite others in your network to participate, too. We need as many perspectives as possible here.