Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove emails from delegation dropdown #100

Closed
davefrey opened this issue Apr 14, 2021 · 3 comments · Fixed by #101
Closed

Remove emails from delegation dropdown #100

davefrey opened this issue Apr 14, 2021 · 3 comments · Fixed by #101
Assignees
Labels

Comments

@davefrey
Copy link
Member

Currently our dropdown of delegates presents delegate names, with a value of their email -- which is a privacy issue:

<option value="participatory_process_2_admin@example.org">Agripina Spencer</option>

Instead we should use a different value (the user id? or a disposable id?) and translate that into the email for the LV api call.

@oliverbarnes
Copy link
Member

oliverbarnes commented Apr 14, 2021

yeah, I think the user id (within decidim), to be exchanged for the email on the controller, before submitting the delegation?

@davefrey davefrey self-assigned this Apr 15, 2021
@davefrey
Copy link
Member Author

Agreed. I think GDPR considers database keys to warrant some privacy consideration but it really doesn't feel relevant here.

@oliverbarnes
Copy link
Member

Good point, we had some previous discussion on this on the api repo, with some references about how GDPR views uuids:

liquidvotingio/api#218 (comment)

I just searched again, and am getting hits saying if the id is next to another piece of personal data, so that the id can be used later to identify a person, is a GPDR violation.

I think this is work looking into, actually, to figure out a clear strategy on our end. In our case, if the decidim instance is integrating with our hosted API, we're also a third-party, which compounds to the problem.

Maybe the ids can be encrypted? This quick search didn't give me any clear strategies. We should look at how Decidim handles ids, and look into whether Rails addresses this in any way.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants