Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

userID: GDPR enforcement should be active only when GDPR enforcement has been configured #9766

Closed
dgirardi opened this issue Apr 5, 2023 · 0 comments

Comments

@dgirardi
Copy link
Collaborator

dgirardi commented Apr 5, 2023

Type of issue

Improvement

Description

The userID module, when initializing, checks that either:

  1. the gdprEnforcement module was installed, or
  2. we have purpose 1 consent (if GDPR is in scope).

Relevant logic:

// another consent check, this time each module is checked for consent with its own gvlid
let { userIdModules, hasValidated } = validateGdprEnforcement(submodules, consentData);
if (!hasValidated && !hasPurpose1Consent(consentData)) {
logWarn(`${MODULE_NAME} - gdpr permission not valid for local storage or cookies, exit module`);
return [];
}

This is in contrast to all other GDPR enforcement checks, which only happen if the GDPR module is installed; and does not work well with upcoming activity controls, because they will replace the single gdprEnforcement module with any number of control mechanisms.

The userId module should be updated to not do GDPR enforcement.

@dgirardi dgirardi changed the title GDPR enforcement should be active only when GDPR enforcement has been configured userID: GDPR enforcement should be active only when GDPR enforcement has been configured Apr 5, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Development

No branches or pull requests

2 participants