Note: You are currently viewing documentation for Moodle 3.8. Up-to-date documentation for the latest stable version of Moodle may be available here: Manage privacy settings.

Manage privacy settings

From MoodleDocs

One of the core features in the new privacy settings is the ability to handle the digital age of consent for data subjects. The digital age of consent is the age at which a data subject can legally accept data privacy agreements and policies. The digital age of consent varies in different countries throughout the EU, typically ranging from 13 to 16 years of age. The digital age of consent in the USA is 13.

Digital age of consent enable /disable

You can enable or disable the digital age of consent verification. By default it is disabled.

Turning this on enables verification of the digital age of consent by users before displaying the sign-up page for self-registration users. If self-registration AND 'Digital age of consent verification' are both enabled, when a new user clicks the 'Create new account' button, they will be prompted to enter their age and country. A user will need to select their country and then confirm they are above the age of consent for that country. If they don't, they cannot continue the signup process.

If the user's age is lower than the age of consent for their country (see below), they will see a message prompting them to ask their parent/guardian to contact the support contact (as specified in 'Support contact' in the Site administration).

Digital age of consent settings

Age and location settings
Age and location verification (user view)

A 'Digital age of consent verification' may be enabled in 'Privacy settings' in the Site administration.

The default digital age of consent, and the age in any country where it differs from the default, may be specified here. If the countries policy and law on digital age of consent changes you should update this. You can also add a new country where such laws are enacted on a new line with format: country code, age (separated by a comma). The default age is indicated by * in place of the country code. Country codes are as specified in ISO 3166-2.

*, 16
AT, 14
ES, 14
US, 13

In the above list the default digital age is 16.

Digital minor message

If Digital age of consent verification is enabled and a potential user enters an age lower than the age of consent for their country by mistake, they can use a different browser to sign up or wait 30 minutes and use the same browser.

The support contact details are provided to those who identify themselves as below the age of consent, so they can get in contact to arrange access and parental consent. Hence, the support contact details are required to be configured. These are found under -> admin/settings.php?section=supportcontact

Contact the Privacy Officer link enable/disable

Enabling this feature will also provide a link for users to contact the site's Privacy officer through this site.

This link will be shown on their profile page, and on the site's privacy policy page, as well. The link leads to a form in which the user can make a data request to the Privacy Officer. These requests / messages end up in the standard Data Requests “inbox” of the Privacy Office with a type of Other.

Privacy officer role mapping

Enable Data Privacy Officer and map role

The admin can select one or more roles that map to the privacy officer function with the Moodle site. This will enable users with those roles to handle data requests. A custom Privacy officer role can be created to allow the Privacy officer to respond to requests without granting full administrative capabilities. It is also possible to map an existing role to enable data privacy officer capabilities. This role mapping is configured on the Privacy Settings page. At least one role with the capability tool/dataprivacy:managedatarequests must exist for the role mapping subform to display. (If there is nobody on the site with the role of Data Protection Officer i.e. nobody with the capability to manage data requests, then a site admin can respond to data requests and manage the data registry.)