Digital age of consent verification
In Moodle 3.4.2 onwards, a 'Digital age of consent verification' may be enabled in 'Privacy settings' in the Site administration. The default digital age of consent, and the age in any country where it differs from the default, may be specified. Country codes are as specified in ISO 3166-2.
*, 16 AT, 14 ES, 14 US, 13
In the above list the default digital age is 16.
If self-registration AND 'Digital age of consent verification' are both enabled, when a new user clicks the 'Create new account' button, they will be prompted to enter their age and country. If the user's age is lower than the age of consent for their country, they will see a message prompting them to ask their parent/guardian to contact the support contact (as specified in 'Support contact' in the Site administration).
If Digital age of consent verification is enabled and a potential user enters an age lower than the age of consent for their country by mistake, they can use a different browser to sign up or wait 30 minutes and use the same browser.
- A site policy may be enabled by entering the URL in 'Policy settings' in the Site administration. The URL can point to any type of file anywhere online that can be accessed without a log in to your Moodle. It is not recommended that a page resource is used as a site policy, since the site header will be repeated in the iframe (see MDL-30486).
- It is recommended that the site policy is on the same domain as Moodle to avoid the problem of Internet Explorer users seeing a blank screen when the site policy is on a different domain.
- The site policy will be displayed in a frame. You can view it via the URL yourmoodlesite.org/user/policy.php.
- If Email-based self-registration is enabled on the site, a link to the site policy is displayed on the signup page.
- When a site policy URL is set, all users will be required to agree to it when they next log in before accessing the rest of the site.
- A site policy for guests may also be enabled. Guest users will need to agree to it before accessing a course with Guest access enabled.
(In versions of Moodle prior to 3.4.2, the the Site policy URL and Site policy URL for guests settings were located in 'Site policies'.)
Forcing users to log in
In Site policies in the Site administration:
- Force users to login by checking the forcelogin checkbox
- Keep "Force users to login for profiles" enabled to keep anonymous visitors and search engines away from user profiles
Enrolment key usage
If Self enrolment is used, in the Self enrolment settings in the Site administration:
- Enforce enrolment key usage by ticking the 'Require enrolment key' checkbox
- Enforce enrolment key complexity by ticking the 'Use password policy' checkbox
- Disable the enrolment key hint leaving the 'Show hint' checkbox unticked
Hiding user fields
Increase student privacy by hiding user fields which would normally appear on users' profile pages, and in some cases on the course participants page.
The hiddenuserfields setting is in User policies in the Site administration.
User fields which may be hidden are:
Description, city/town, country, web page, ICQ number, Skype ID, Yahoo ID, AIM ID, MSN ID, first access, last access, last IP address and my courses.
- Data privacy plugin The Data Privacy plugin forms part of Moodle’s privacy feature set and will assist sites to become GDPR compliant. It requires Moodle 3.4.2 or later.
- GDPR - GDPR stands for General Data Protection Regulation and refers to the European Union regulation for data protection for all individuals within the European Union
- Student Privacy forum discussion
Any further questions?
Please post in the Security and Privacy forum on moodle.org.