Django Privacy Policy & Cookie Policy GDPR Compliance With Versioning and User Acceptance Logging [closed]

佐手、 提交于 2020-01-25 06:40:31

问题


I want to create something similar to this -> https://github.com/cyface/django-termsandconditions

Where instead of handling the terms and conditions, it handles versioning and editing of the privacy policy / cookie policy in the database and stores the user's acceptance to the policy and their IP address and username when they accept the policy. Each page on the site cannot be accessed until the user accepts the policy when they are logged in. When an existing policy is updated, users will need to accept the new one. The database will log all policy version acceptances by the user.

I need the acceptance of the policy to be GDPR compliant. It would be ideal to have the terms and conditions, privacy policy, and cookie policy all separate from each other and agreed to separately. If not, hopefully combining the privacy policy and cookie policy and into one acceptance should be acceptable for GDPR. Maybe creating a banner at the bottom of the page where users get to accept both the privacy policy / cookie policy would be the way to go.

I tried to see if anything else existed out there for this type of thing and I found these:

1) https://pypi.org/project/django-privacy-mgmt/ (Could not get this to work - Here is what I tried doing but got stuck: https://dpaste.org/QDOp I got the HTML code for it to show but the output of that HTML physically does not show on the page).

2) https://pypi.org/project/django-cookie-consent/ (Could not get this to work - got an error File "./../cookie_consent/cache.py", line 4, in from django.core.cache import get_cache ImportError: cannot import name 'get_cache')

3) https://pypi.org/project/django-cookie-law/ (No module named 'django.core.context_processors'. Got the cookie message to display but the JavaScript I added inline to base.html does not do anything when the user clicks accept)

4) https://pypi.org/project/django-cookie-law-nl/ (Could not get this to work - ModuleNotFoundError: No module named 'django.conf.urls.defaults')

5) https://pypi.org/project/django-simple-cookie-consent/ (This works but it does not store the user's agreement to the database with their username, IP address, date, and version accepted. When deleting the database entry, it does not reset the user's cookie unless they clear their browser cookies).

6) https://pypi.org/project/leonardo-cookie-law/ (Could not get this to work - no idea what to do)

7) https://pypi.org/project/emencia-cookie-law/ (Could not get this to work - ImportError: cannot import name 'CookieUser' from 'cookie_law.models')

8) https://pypi.org/project/django-uecookie9/ (Could not get this to work - no idea what to do)

9) https://pypi.org/project/fluentcms-cookielaw/ (Could not get this to work - no idea what to do)

10) https://pypi.org/project/django-cookie-message/ (Could not get this to work - TypeError: CookieMessageMiddleware() takes no arguments)

11) https://github.com/samwuTW/ponddy-cookie-agreement (This works but when deleting an accepted record from the database, the cookie is not forgotten from the browser. The only way for the cookie to be forgotten is if the user clears / deletes their cookies from their browser settings. If there is an update to the Privacy Policy / Cookie Policy, there is no way for the user to accept new policy version. There needs to be some way for users to accept the new version of the policy by perhaps issuing a new cookie or deleting the old cookie and adding the new policy user's acceptance to the database).

Out of all of these, only #5 and #11 worked well for me and was easy to figure out. Is there a way to combine both of them somehow? If not, I would stick with #11 and build on top of that. I like the front end part of #5 but the backend part of #11 was nice since it included the IP address of the user and their username. If the user is not logged in for #11 and accepts the policy, it accepts the policy and stores their IP address and date but the username is left blank so there is no way to prove if a certain user accepted the agreement or not. Is #11 or #5 good enough for GDPR? Or should it be more like the terms and conditions github project?

Can someone help me accomplish this and make the solution as close to the terms and conditions github link? Or maybe get one of these other pypi / github examples to work but make it more robust? Or something else entirely custom with your own code that you kindly share below?

来源:https://stackoverflow.com/questions/59779415/django-privacy-policy-cookie-policy-gdpr-compliance-with-versioning-and-user-a

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!