Content

The Joomla Privacy Tool Suite consists of the following parts:

• Administrator Component Manages User information Privacy requests.
• Module - Privacy Dashboard Places a Privacy panel on the Home Dashboard.
• Module - Privacy Requests Places a Privacy Requests panel on the Privacy Dashboard.
• Module - Privacy Status Places a Privacy Status panel on the Privacy Dashboard.
• Menu Item - Create Request Shows a form to display an Information Request. To be created.
• Plugin - System - Privacy Consent Adds consent fields to personal information forms such as Registration. To be enabled.
• Plugin - User - Terms and Condition Requests user's consent to the site's terms and conditions. To be enabled.
• Plugin - Content - Confirm Consent Adds a required checkbox to a form, for example the core contact form. To be enabled.
• Plugin - Privacy - Various More plugins, enabled by default, without significant parameters to set.

On installation the Privacy Tool Suite is ready for Administrator use without enabling plugins or creating a menu item.

Workflow

This is a typical sequence of events:

• An information request arrives. It must include a valid email address for a data Subject. The Subject does not have to be a registered user. For example, the Subject may be a contact added by an Administrator.
• If the message is not submitted by the Subject via a site Personal Information form:
  • The Administrator goes to Users → Privacy → Requests → New to create a new information request. A message is sent to the email address provided inviting the Subject to confirm this is a genuine request.
• If the message is submitted via a site Personal Information form the Subject is sent a confirmation request message automatically.
• The Subject selects the link in the email message to open the confirmation form. On submission the Subject sees a confirmation message.
• The Administrator sees that Private Messages in the Title Bar has pending messages. There will also be a system email message.
• The Administrator goes to Users → Privacy → Requests and sees that the request status has changed to Confirmed.
• For a data Export request there are adjacent Export and Email buttons.
  • The Administrator selects the Export button to have a look at the data to be exported. This is in XML format but displays sensibly in Firefox.
  • The Administrator selects the Email button to send the exported data to the Subject.
• For a data Remove request there is an adjacent Delete button.
  • The Administrator selects the delete button to anonymise the data for the user. The user is no longer able to login.
• Select the email address of the data Subject to open the Review Information Request form.
• Select the Complete button in the Toolbar.
• The Information Requests list shows the Status as Complete and the Action buttons have vanished.

Note that this suite does not display a Cookie permissions form.

Privacy Component

The Privacy Component is used to manage privacy information, to gather requests for information or requests to have information deleted. It is based on email addresses so most obviously applies to registered users who must supply an email address during registration. It also applies to data on unregistered users whose email addresses were supplied via the Contacts component. It does not implement the permission to use cookies or tracking required by GDPR.

When personal identifiable information is collected you should ensure:

• The user is informed why you are requesting this information in plain and easy to understand language.
• The user knows what data you collect about them.
• The user knows what you will be using the data for.
• The user has actively consented to your usage of the data.

Typically, this information is described in a Privacy Policy article.

Privacy Dashboard

The privacy dashboard provides a summary of the site Privacy Requests and Privacy Status. To access:

• Select Users → Privacy from the Administrator menu.

There are two modules displayed by default in the Privacy Dashboard:

Privacy Requests

This module provides a summary of the current information requests.

Privacy Status

This module shows the status of options that site owners should attend to:

• Published Privacy Policy set a Privacy Policy article in the System - Privacy Consent plugin.
• Published Request Form Menu Item set a menu item to allow authenticated users to submit requests.
• Outstanding Urgent Requests check for confirmed requests older than the age specified in the component parameters (default 14 days) and alert the site owner of any requests requiring urgent attention.
• Mail Sending Enabled the site must be able to send email to process information requests.
• Database Encryption this is relevant where a remote database is used.

Plugin: System - Privacy Consent

If this plugin is disabled, the Dashboard Privacy Status panel will show that the Privacy Policy is Not Available and provide a link to the plugin edit form. When enabled, the plugin requests any new user registering on your site to consent to the Privacy Policy. All existing users will be redirected to their User Profile so that they can consent.

To set up consents:

• Select Home Dashboard → Plugins from the Administrator menu.
• Find the System - Privacy Consent plugin (not to be confused with the Privacy - Consents plugin).
• Select to open the plugin data entry form.

• Set the Status to Enabled.
• Optional: Select or Create an article to link to from the Registration form. Or set the Privacy Type to Menu Item and Select or Create a menu item.
• Select the Expiration tab and Toggle Inline Help for an explanation of each field. Enable and adjust the parameters if you wish consents to expire after a selected number of days.

Privacy Consent Notes for Multilingual sites:

Short Privacy Policy and Redirect Message If you use the default text then it will be displayed in the user's language. It is not possible to translate the custom text. If you wish to customise the text and display it in multiple languages then you should leave this field blank and use the Joomla language override facility to customise the PLG_SYSTEM_PRIVACYCONSENT_NOTE_FIELD_DEFAULT and the PLG_SYSTEM_PRIVACYCONSENT_REDIRECT_MESSAGE_DEFAULT language strings for each language installed.

Privacy Article and Privacy Menu Item If you associate this article or menu item with alternatives in other languages then the privacy policy will be displayed in the correct language for the user.

Plugin: User - Terms and Conditions

When enabled, this plugin requests any new user registering on your site to consent to the Terms and Conditions for using your site. All existing users will be redirected to their User Profile so that they can consent.

This plugin is not enabled by default. To enable:

• Select Home Dashboard → Plugins from the Administrator menu.
• Find the User - Terms and Conditions plugin.
• Select to open the plugin data entry form.
• Set the Status to Enabled.
• Optional: Select or Create an article to link to from the Registration form.

User - Terms and Conditions Notes for Multilingual sites

Short Terms and Conditions If you use the default text then it will be displayed in the user's language. It is not possible to translate the custom text. If you wish to customise the text and display it in multiple languages then you should leave this field blank and use the Joomla language override facility to customise the PLG_USER_TERMS_NOTE_FIELD_DEFAULT language strings for each language installed.

Terms & Conditions Article If you associate this article with alternatives in other languages then the privacy policy will be displayed in the correct language for the user.

User Registration Consent View

Together, the two plugins appear on the User Registration form as in the following screenshot:

Menu Item: Privacy Information Request

Registered uses can request an information summary or removal via a menu item. Setup as follows:

• Select Menus → Bottom Menu from the Administrator menu (use whichever menu is most convenient).
• Enter a suitable Title, example: Privacy Information Request.
• Use the Select button to open the Menu Item Type popup dialog.
• In the Privacy section select the Create Request item.
• Set the Access field to Registered.
• Save & Close.

Go to your site view and check that the menu item is not displayed when you not logged in abd that it is displayed after login. Use the link and try out the Export option. You can try out the Remove option later using a dummy account. If there is a request pending you will see an error message:

“Your information request could not be created. There is already an active information request for this email address and request type. Please contact the site owner for updates on this request.”

Menu Item: Privacy Confirm Request

For SEF purposes, you can create a hidden menu item for the user to confirm the request. This will be in the link sent by email.

• Select Menus → Hidden Menu from the Administrator menu (create a Hidden menu with no assigned module position, or see below).
• Enter a suitable Title, example: Confirm Privacy Request.
• Use the Select button to open the Menu Item Type popup dialog.
• In the Privacy section select the Confirm Request item.
• If you don't have a Hidden Menu then use your main menu and in the Link Type tab set Display in Menu to No.
• Save & Close.

Administrator Menu Items

Have a look at the other Privacy Component menu items.

Administrator Privacy Requests

This screen is the central location for processing and managing user information requests. Please sea the related article on Privacy Workflow for guidance on processing requests.

Extension Capabilities

This screen collects and displays information about the privacy related capabilities reported by individual extensions. It is intended to assist in the preparation of documentation such as a privacy policy article or a terms of service article.

The page contents come from language strings in the core, in the privacy component and in plugins that implement the onPrivacyCollectAdminCapabilities event. That includes:

• Authentication
• Captcha
• Installer
• Privacy
• System
• User

The information will be displayed in the language selected for Administrator login.

Consents

This screen displays a list of consents, most recent first. It will be in the language in use in the consent form, typically during registration. You can search by name for a specific user. Note that consent to agree to the site Terms and Conditions is not recorded here. That is only in the User Actions Log.

Creating a Request

Processing requests for personal information is the main purpose of the privacy component. Users may ask for a summary of their personal data or for all of their personal data to be removed. A request can be created either by an authenticated user through the request form or by a super user.

In this context, a user means any individual or organization who has made a request, regardless of whether there is a registered user account. For example, requests may come to the site administrator from individuals or organisations who have been added to the site as contacts.

Personal data is based on email addresses and automated processing is limited to extensions that report privacy capabilities.

IMPORTANT To create and process information requests, your website MUST be able to send emails due to the requirement for the information owner to confirm the request.

Authenticated User Request

Registered users may submit an information request via a Privacy Information Request menu link available only after login. A good place for such a link is in the same menu where there is a link to the site Privacy Policy. A Bottom Menu in the site footer is often a favoured location. When submitting an information request, the user must provide:

• The request type: Export or Remove selected from the drop-down list.

On submission a message will indicate either that the request has been accepted and a verification email is on its way:

or that Your information request could not be created. There is already an active information request for this email address and request type. Please contact the site owner for updates on this request.

Super User Creation

Through the Privacy: Information Requests page, any super user may create a new information request. This is the only way to create information requests for users who do NOT have accounts on the website. To create a request:

• Select Users → Privacy → Requests from the Administrator menu.
• Select the New button from the Toolbar.
• In the Email field enter the user email address.
• In the Request Type field select Export or Remove from the drop-down list.
• Save & Close.

Once created the request cannot be edited. It can only be Invalidated or Processed.

Confirming a Request

Once a request has been created, regardless of how it is created, the user will receive an email containing a link to a confirmation form.

The user must enter the token provided in the email and submit the form. The token is valid for 24 hours. If a request is not confirmed in that time-frame, the request will be marked as Invalid in the Privacy Requests list and a new request must be submitted.

Once the user confirms the request, an email will be sent to Super Users to indicate that action is required.

• Select Users → Privacy → Requests from the Administrator menu.
• Requests requiring action will be marked as Confirmed.

Processing an Export Request

Once an export request has been confirmed, there are two actions available to super users.

• Export Data: This will collect all data for the information request's subject and create an XML file that will be downloaded to your computer. This is useful to enable site owners to review the data export prior to sending it to the user.
• Email Data Export: This will collect all data for the information request's subject, create an XML file (the same as generated by the Export Data action), and send an email to the user with the exported data file attached.

Important: The export action can only collect data from extensions that have privacy support. Therefore, the super user who is acting on the request should review the export and if necessary include data contained in extensions that store personal data but do not have privacy support.

Processing a Removal Request

Once a remove request has been confirmed, there is only one action available to super users.

• Delete Data: This process will anonymize and/or remove data related to the information subject. For requests where the information owner also has a registered user account, this process will anonymize the account's name, username, and email address, as well as block the account from being logged into and log the user out of the site if they are logged in at the time the request is processed.

Important: The delete action can only collect data from extensions that have privacy support. Therefore, the super user who is acting on the request should review the export and if necessary manually anonymize or remove data contained in extensions that store personal data but do not have privacy support.

On selection of the Delete Data button there is a Data Removed confirmation message but the Privacy: Information Requests list is otherwise unchanged. The user data is removed or anonymised but not the data in the #__action_logs, #__messages and #__privacy_requests tables (see below).

Completing a Request

After the request has been processed it should be marked as completed. This will indicate that the request has been fulfilled and there is no further action to be taken.

• In the Privacy: Information Requests list select the email address of request being processed.
• In the Privacy: Review Information Request form:
  • Review the data.
  • Select the appropriate Export, Email or Delete button from the Toolbar if not already done from the list view.
• Select the Complete button from the Toolbar (or the Invalidate button if this judged an invalid request),

Finally

To remove User Actions Log data:

• Select Users → User Actions Log from the Administrator menu.
• Search for the username or email address of the deleted user.
• Select the Check All Items checkbox.
• Select the Delete button in the Toolbar.

To remove Private Message data and Privacy Request data:

• There is no easy way to batch remove either of these types of data from within Joomla. The quickest method is to search for the Username (email address) in the database with phpMyAdmin and delete the records there. Here is an example screenshot:

Additional Resources

• Developer's Guide for the Privacy Tool Suite