Privacy: Difference between revisions

From MoodleDocs
(Hiding user fields)
m (clean up, typos fixed: the the → the)
 
(27 intermediate revisions by 5 users not shown)
Line 1: Line 1:
{{stub}}
{{Security}}
==Privacy settings==


Here are some suggestions for increasing privacy in Moodle:  
===Digital age of consent verification===
[[File:age and location verification.png|thumb|Age and location verification]]


A Digital age of consent verification may be enabled in Site administration / Users / Privacy and policies / Privacy settings. The default digital age of consent, and the age in any country where it differs from the default, may be specified. Country codes are as specified in [https://en.wikipedia.org/wiki/ISO_3166-2 ISO 3166-2].


==Site policy settings==
*, 16
In ''Administration > Security > [[Site policies]]'':
AT, 14
ES, 14
US, 13
 
In the above list the default digital age is 16.
[[File:digital minor message.png|thumb|Digital minor message]]
If self-registration AND 'Digital age of consent verification' are both enabled, when a new user clicks the 'Create new account' button, they will be prompted to enter their age and country. If the user's age is lower than the age of consent for their country, they will see a message prompting them to ask their parent/guardian to contact the support contact (as specified in  'Support contact' in the Site administration).
 
If Digital age of consent verification is enabled and a potential user enters an age lower than the age of consent for their country by mistake, they can use a different browser to sign up or wait 30 minutes and use the same browser.
 
==Policy settings==
 
{{MediaPlayer | url = https://youtu.be/KvIMDUq71v8 | desc = Managing policies}}
 
 
* A site policy may be enabled by entering the URL in 'Policy settings'  in the Site administration. The URL can point to any type of file anywhere online that can be accessed without a log in to your Moodle. It is not recommended that a [[page resource]] is used as a site policy, since the site header will be repeated in the iframe (see MDL-30486).
* It is recommended that the site policy is on the same domain as Moodle to avoid the problem of Internet Explorer users seeing a blank screen when the site policy is on a different domain.
* The site policy will be displayed in a frame. You can view it via the URL ''<nowiki>yourmoodlesite.org/user/policy.php</nowiki>''.
* If [[Email-based self-registration]] is enabled on the site, a link to the site policy is displayed on the signup page.
* When a site policy URL is set, all users will be required to agree to it when they next log in before accessing the rest of the site.
* A site policy for guests may also be enabled. Guest users will need to agree to it before accessing a course with [[Guest access]] enabled.
 
(In versions of Moodle prior to 3.4.2, the Site policy URL and Site policy URL for guests settings were located in 'Site policies'.)
 
==Forcing users to log in==
 
In [[Site policies]] in the Site administration:


* Force users to login by checking the ''forcelogin'' checkbox
* Force users to login by checking the ''forcelogin'' checkbox
Line 11: Line 40:


==Enrolment key usage==
==Enrolment key usage==
In the [[Internal enrolment]] settings via ''Administration > Courses > [[Enrolment plugins|Enrolments]]'':


* Enforce enrolment key usage by setting ''enrol_manual_requirekey'' to Yes (in Moodle 1.9.4 onwards)
If [[Self enrolment]] is used, in the Self enrolment settings in the Site administration:
* Disable the [[Enrolment key|enrolment key]] hint by setting ''enrol_manual_showhint'' to No (in Moodle 1.9.3 onwards)
 
* Enforce enrolment key complexity by setting ''enrol_manual_usepasswordpolicy'' to Yes (in Moodle 1.9.4 onwards)
* Enforce enrolment key usage by ticking the 'Require enrolment key' checkbox
* Enforce enrolment key complexity by ticking the 'Use password policy' checkbox
* Disable the [[enrolment key]] hint leaving the 'Show hint' checkbox unticked


==Hiding user fields==
==Hiding user fields==
Line 21: Line 51:
Increase student privacy by hiding user fields which would normally appear on users' profile pages, and in some cases on the course participants page.
Increase student privacy by hiding user fields which would normally appear on users' profile pages, and in some cases on the course participants page.


The ''hiddenuserfields'' setting is in ''Administration > Users > Permissions > [[User policies]]''.
The ''hiddenuserfields'' setting is in [[User policies]] in the Site administration.


User fields which may be hidden are:<br />
User fields which may be hidden are:<br />
Description, city/town, country, web page, ICQ number, Skype ID, Yahoo ID, AIM ID, MSN ID, last access and My courses (in Moodle 1.9.4 onwards).
Description, city/town, country, web page, ICQ number, Skype ID, Yahoo ID, AIM ID, MSN ID, first access, last access, last IP address and my courses.


==See also==
==See also==
* [[Data privacy]]
* [[GDPR]] - GDPR stands for General Data Protection Regulation and refers to the European Union regulation for data protection for all individuals within the European Union
* [https://moodle.org/mod/forum/discuss.php?d=233702 Student Privacy] forum discussion
==Any further questions?==
Please post in the [http://moodle.org/mod/forum/view.php?id=7301 Security and Privacy forum]  on moodle.org.


* Using Moodle [http://moodle.org/mod/forum/view.php?id=7301 Security and Privacy forum]
[[Category:Privacy]]
* MDL-17205 Privacy improvements project for 1.9.x


[[Category:Security]]
[[de:Datenschutz in Moodle]]
[[es:Privacidad]]

Latest revision as of 17:04, 2 March 2023

Privacy settings

Digital age of consent verification

Age and location verification

A Digital age of consent verification may be enabled in Site administration / Users / Privacy and policies / Privacy settings. The default digital age of consent, and the age in any country where it differs from the default, may be specified. Country codes are as specified in ISO 3166-2.

*, 16
AT, 14
ES, 14
US, 13

In the above list the default digital age is 16.

Digital minor message

If self-registration AND 'Digital age of consent verification' are both enabled, when a new user clicks the 'Create new account' button, they will be prompted to enter their age and country. If the user's age is lower than the age of consent for their country, they will see a message prompting them to ask their parent/guardian to contact the support contact (as specified in 'Support contact' in the Site administration).

If Digital age of consent verification is enabled and a potential user enters an age lower than the age of consent for their country by mistake, they can use a different browser to sign up or wait 30 minutes and use the same browser.

Policy settings

Managing policies


  • A site policy may be enabled by entering the URL in 'Policy settings' in the Site administration. The URL can point to any type of file anywhere online that can be accessed without a log in to your Moodle. It is not recommended that a page resource is used as a site policy, since the site header will be repeated in the iframe (see MDL-30486).
  • It is recommended that the site policy is on the same domain as Moodle to avoid the problem of Internet Explorer users seeing a blank screen when the site policy is on a different domain.
  • The site policy will be displayed in a frame. You can view it via the URL yourmoodlesite.org/user/policy.php.
  • If Email-based self-registration is enabled on the site, a link to the site policy is displayed on the signup page.
  • When a site policy URL is set, all users will be required to agree to it when they next log in before accessing the rest of the site.
  • A site policy for guests may also be enabled. Guest users will need to agree to it before accessing a course with Guest access enabled.

(In versions of Moodle prior to 3.4.2, the Site policy URL and Site policy URL for guests settings were located in 'Site policies'.)

Forcing users to log in

In Site policies in the Site administration:

  • Force users to login by checking the forcelogin checkbox
  • Keep "Force users to login for profiles" enabled to keep anonymous visitors and search engines away from user profiles

Enrolment key usage

If Self enrolment is used, in the Self enrolment settings in the Site administration:

  • Enforce enrolment key usage by ticking the 'Require enrolment key' checkbox
  • Enforce enrolment key complexity by ticking the 'Use password policy' checkbox
  • Disable the enrolment key hint leaving the 'Show hint' checkbox unticked

Hiding user fields

Increase student privacy by hiding user fields which would normally appear on users' profile pages, and in some cases on the course participants page.

The hiddenuserfields setting is in User policies in the Site administration.

User fields which may be hidden are:
Description, city/town, country, web page, ICQ number, Skype ID, Yahoo ID, AIM ID, MSN ID, first access, last access, last IP address and my courses.

See also

  • Data privacy
  • GDPR - GDPR stands for General Data Protection Regulation and refers to the European Union regulation for data protection for all individuals within the European Union
  • Student Privacy forum discussion

Any further questions?

Please post in the Security and Privacy forum on moodle.org.