Introducing GDPR compliance checks and policy #10064
Conversation
|
Typical dialogs have this flow:
They hide the details. In the settings, there are details:
(Source: https://www.nokia.com/) Oh, and "Accept all" is really the term used there. Mercedes-Benz has following popup:
Settings scroll down:
Source: https://www.mercedes-benz.com/en/ Out of these two, I like the Nokia way the most. Why not designing the dialog like the second one of Nokia?
|
|
As this is not a cookiebanner, I don't think that the examples really apply regarding the UX of a desktop application, but rather the already used design principles we use for dialogs in jabref. Meaning: checkbox on the left, buttons on the right. Expandable checkboxes are nice, but imply that the dialog must be either very large to provide space for the items to expand and with a lot of empty space, if no item is expanded, or to grow and shrink the dialog with the items. You don't do that. |
|
If consistency to the existing dialogs (designed more than 8 years ago) is imporant (which I agree, because we won't redesign the whole app), following wishlist items remain:
We could think about reducing the white space
Maybe with aligning the buttons in the middle (and moving the check boxes a bit to the right) - or put the buttons to the left, too. |
|
I would rename "Web search for references" to "Web search for references and full texts". Alternatively, a second checkbox "Web search for full texts". Side note: Maybe accept that PDF is the main file format and update the UI to use "Web search for PDFs". And replace in all other places "full text" by "PDFs". |
|
Do we really have to show this dialog to every user? I don't know of any other software where one needs to explicitly accept version update checks or other accesses of web services. In particular for our own services (Update check and PDF grobid) I feel this is unnecessary, and for "web search" it is clear from the context that this accesses external services. I would prefer to have the content of this dialog moved to the preference window, so that users interested in their privacy can easily disable these services. |
|
This dialog should only be shown on the first run. And yes, according to the law, even before we send an IP address to the internet, we need to ask for opt in. This includes sadly also the version check. |
|
If its only about the legal requirements, then we can put something like the following (from https://code.visualstudio.com/license)
in our eula that users agree upon when installing jabref. This seems to be the standard way to handle this. |
|
I agree, that could be a solution. It's definitely an opt in solution. Yet, we don't have an eula, just the mit license when installing. |
|
Should be easy to add via |
|
The technical solution is not the problem. It's the content of the eula, since we have no idea what to put in it. Any examples? |
|
I did a bit of research but couldn't find a single open source software that requires a special-opt in for webservices. The most explicit is Firefox which link to their privacy policy under the download button (https://www.mozilla.org/en-US/firefox/channel/desktop/) and have a privacy policy link in their "About" dialog. Other examples such as owncloud don't show anything related to privacy in their installation or on-boarding process. It seems to be consensus that eula are not necessary for open source projects since the main license already specifies all necessary rights and has a warranty/liability clause. So without being an expert on the legal side, it seems that there is no need for an explicit opt-in. Just add to our privacy policy that the desktop application access certain web services to provide additional features (similar to what I've cited above from the vscode eula) and link this privacy policy from a few places inside the software. |
DevCall discussionWe agree that we want to avoid popups whenever possible. Introducing an eula seems to be a good idea. Drafting one and introducing it to the installer should be investigated. |
calixtus
changed the title
Co-authored-by: Oliver Kopp <kopp.dev@gmail.com>
Quote of privacy policy of Zotero: We log requests made to our servers by Zotero or third-party software, including IP address and client information, in order to prevent abuse, diagnose technical issues, and assess usage. We retain these logs for up to 90 days. You can opt out of all requests to our servers.
Co-authored-by: Christoph <siedlerkiller@gmail.com>
Co-authored-by: Tobias Diez <tobiasdiez@gmx.de>
Co-authored-by: Tobias Diez <tobiasdiez@gmx.de>
Co-authored-by: Tobias Diez <tobiasdiez@gmx.de>
calixtus
added
the
status: ready-for-review
* upstream/main: Bump com.puppycrawl.tools:checkstyle from 10.12.2 to 10.12.3 Bump org.libreoffice:unoloader from 7.5.3 to 7.6.0 Bump com.dlsc.gemsfx:gemsfx from 1.74.0 to 1.77.0
* upstream/gdpr_checks: Update build.gradle Rename LICENSE_With_Privacy.md to LICENSE_with_Privacy.md
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
|
Your code currently does not meet JabRef's code guidelines. The tool reviewdog already placed comments on GitHub to indicate the places. See the tab "Files" in you PR. Please carefully follow the setup guide for the codestyle. Afterwards, please run checkstyle locally and fix the issues. More information on code quality in JabRef is available at https://devdocs.jabref.org/getting-into-the-code/development-strategy.html. |
|
The build for this PR is no longer available. Please visit https://builds.jabref.org/main/ for the latest build. |
Fixes #9742
These prefs were already there:
new:
Mandatory checks
CHANGELOG.mddescribed in a way that is understandable for the average user (if applicable)