= User Opt-in Consent = The [https://en.wikipedia.org/wiki/General_Data_Protection_Regulation European GDPR law] requires users to opt-in to a terms of service. "Users who want to sign-up to a (BOINC) project need to give their informed explicit consent to how the project processes their data, before any personally identifiable information about that new user gets processed/stored by the project. This opt-in statement of consent then needs to tracked by the project as proof." Additionally, existing users will need to opt-in to the same terms of service, with their consent date saved. == User Experience == When using the main BOINC manager to join a project (Add Project), the user is shown a Terms of Use / Porject policy text. S/he must accept the terms of use before the account is created. As part of the account creation process, the date-time of this consent is recorded in the project's database. For account managers... (to be written) For Web registration, the login page can provide a terms of service display. == Existing code == As of April 2018, BOINC already contains a [wiki:TermsOfUse 'terms of use' mechanism] for the BOINC client when creating a new account. If the file 'terms_of_use.txt' (filename is hardcod-ed) is in the root of the project directory, the contents of the file will be presented to the user when s/he creates an account. However, there is no persistent 'storing' of the datetime the user consented to the terms of use. The BOINC Web code does not have the ability to sign up directly (this statement has not yet been confirmed). If not, it would have to also use this terms-of-use mechanism. Additionally, it is not known whether account managers, such as BAM!, use this terms-of-use mechanism. == Technical Implementation == === Database === Two new tables: `consent` and `consent_type` * `consent` * `id` - the user id * `consent_id` - consent id * `consent_time` - `datetime` type attribute : unixtime of when user `id` gave consent to `consent_id`. If zero, user has not consented (yet). * `consent_flag` - the boolean which explicitly stats that this user id has given consent to this consent id. If this is 0 (FALSE), the following boolean should be 1 (TRUE). * `consent_not_required` - a special boolean that indicates whether or not consent is not required. This feature may be used by certain special ... * `source` - text field containing the technology actor which the user gave consent. Example: if a user gives consent by registering for an account using the BOINC GUI client (BOINC manager), this would be set to 'client'. If the account is created on a Web site registration page, this would be set to 'web'. Other sources may be 'AM' (account manager), 'boinccmd' (command-line client), and 'RPC' (the Web RPC). * `consent_type` * `consent_id` - consent id * `description` - text field describing the consent that user gives (or has given). It is likely at first there will be one record in `consent_type`: the main terms-of-use a user consents to when joining the project. The `consent` table uses `id` and `consent_id` as the primary key, so a single user may consent to multiple items. This allows for flexibility - a project may decide to present a user with multiple items to consent to. Each can be recorded in the `consent` table with a different `consent_id`, whose description is stored in the `consent_type` table. === Project config === A new project option will be included in `config.xml` for projects, a `enable_record_optin_consent` tag. This flag would toggle whether or not the project records the consent of users: basically it would toggle using this new feature. === RPC === Two RPCs will need to change * `create_account.php` * `am_set_info.php` The main RPC that needs to be changed is `create_account.php`, which needs to insert a record into the `consent` table when the user creates his/her account- assuming s/he consents to a site's terms of use. Additional parameters for RPC are * optin=0 | 1 - * source='string' * examples: 'client', 'AM', 'web', this would fill the `source` field in the `consent` table. `am_set_info.php` needs to be modified in order to contain a consent parameter, which also modifies the `consent` table in the database. === Web site === (to be written)