[#22977] - GDPR violation: can edit user profile without providing consent
- Closed
- 9 Nov 2018
- Medium
- Build: staging
- # 22977
Steps to reproduce the issue
- Enable the System - Privacy Consent plugin
- Log in to the frontend of the site as a user who has not yet provided consent
- You are redirected to the profile edit page
- Change any field but do NOT touch the consent (Privacy Policy) - leave it to No
- Click on Save
Expected result
Nothing is saved because I have not provided my consent.
Actual result
Changes are saved, including in third party plugin fields which ask for personally identifiable information such as phone numbers, addresses etc. This is a direct violation of the GDPR. You are storing my personally identifiable information with me having explicitly declined my consent!
System information (as much as possible)
Joomla! 3.9.0. Everything else is absolutely irrelevant.
Additional comments
Obviously you could say that com_users should not save anything unless the Privacy Policy field is submitted and is set to Yes. There are some gotchas, both architectural and UX.
The only reasonable way to fix it is to implement a captive login for consent using its own, special view in com_users which is the only view accessible without providing consent.
joomla-cms-bot
- | Labels |
Added:
?
|
||
| Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2018-11-09 12:13:41 |
| Closed_By | ⇒ | nikosdion |
Oh, nevermind. It's just the weird way you are handling the session. Changes to the fields are stored in the session, not in the database. Still, it's very confusing and it got me.
Also, the first time I saw that page I couldn't understand what I'm supposed to do -- the field is lost in a sea of profile options. I still maintain that a captive login with a special view guiding the user to do one specific action is best but, hey, it's your software and your UX (or lack thereof). I have already a workaround for my site to prevent confusing my users so all is good as far as I'm concerned.