Policies: Difference between revisions

From MoodleDocs
m (Update link to Spanish page)
 
(25 intermediate revisions by 8 users not shown)
Line 1: Line 1:
{{Infobox plugin
{{Privacy}}
|type = Admin tools
The '''policies''' tool provides a new user sign-on process, with ability to define multiple policies (site, privacy, third party), track user consents, and manage updates and versioning of the policies.
|entry = https://moodle.org/plugins/tool_policy
|tracker = https://tracker.moodle.org/issues/?jql=component%20%3D%20Privacy
|discussion = https://moodle.org/mod/forum/view.php?id=7301
|maintainer = Moodle HQ
}}
The Policies plugin provides a new user sign-on process, with ability to define multiple policies (site, privacy, third party), track user consents, and manage updates and versioning of the policies.


The Policies plugin forms part of Moodle’s privacy feature set and will assist sites to become GDPR compliant. It requires Moodle 3.4.2 onwards, and is available from the Moodle plugins directory. The plugin will be integrated in the Moodle 3.5 release in May 2018. Moodle 3.4.2 also includes the option of checking whether a new user is a minor.  
The policies tool forms part of Moodle's privacy feature set assisting sites to become GDPR compliant.


==Site policy handler==


==Enabling the policies plugin==
The Site policy handler in Site administration / Users / Privacy and policy / Policy settings determines how policies and user consents are managed. The default (core) handler enables a site policy URL and a site policy URL for guests to be specified. The policies handler enables site, privacy and other policies to be set. It also enables user consents to be viewed and, if necessary, consent on behalf of minors to be given.


After installing the policies plugin, it may be enabled as follows:
===Default (core) handler===


# Go to 'Policy settings' in the Site administration.
When the site policy handler is set to 'Default (core)', a site policy may be set by entering the URL in 'Policy settings'. The URL can point to any type of file anywhere online that can be accessed without a log in to your Moodle site.
# Set the Site policy handler to 'Policies (tool_policy)'.
 
# Save changes.
* The site policy will be displayed in a frame. You can view it via the URL ''<nowiki>yourmoodlesite.org/user/policy.php</nowiki>''.
* If [[Email-based self-registration]] is enabled on the site, a link to the site policy is displayed on the signup page.
* When a site policy URL is set, all users will be required to agree to it when they next log in before accessing the rest of the site.
* A site policy for guests may also be enabled. Guest users will need to agree to it before accessing a course with [[Guest access]] enabled.
* It is not recommended that a [[Page resource|page resource]] is used as a site policy, since the site header will be repeated in the iframe (see MDL-30486).
* It is recommended that the site policy is on the same domain as Moodle to avoid the problem of Internet Explorer users seeing a blank screen when the site policy is on a different domain.
 
===Policies (tool_policy) handler===


Two new pages will then appear in the Site administration - 'Manage policies' and 'User agreements'.
When the site policy handler is set to  'Policies (tool_policy)', two new pages appear in 'Privacy and policies' - 'Manage policies' and 'User agreements'. The remainder of this page describes the policies tool.


Note that when Policies is set as the site policy handler, the settings 'Site policy' and 'Site policy for guests' are ignored.
Note that when 'Policies (tool_policy)' is set as the site policy handler, the settings 'Site policy' and 'Site policy for guests' are ignored.  


==Adding and managing policies==
==Adding and managing policies==
Line 41: Line 43:


Note that once created, a policy can be edited, or set to inactive, but if users have agreed to it, it can't be deleted.
Note that once created, a policy can be edited, or set to inactive, but if users have agreed to it, it can't be deleted.
The policy type (site / privacy / third parties) is only displayed at the 'Policies' page linked on the footer and the behaviour is the same for all the policy types.


==Giving consent to policies==
==Giving consent to policies==
Line 48: Line 52:
If a new policy is added, all users will be required to give their consent when they next log in. Similarly, if an existing policy is edited and is not marked as a minor change, all users will be required to give their consent when they next log in.
If a new policy is added, all users will be required to give their consent when they next log in. Similarly, if an existing policy is edited and is not marked as a minor change, all users will be required to give their consent when they next log in.


If self-registration is enabled on the site, new users will be required to give their consent to all policies before proceeding to the sign-up form. If digital age of consent verification (a new setting in Moodle 3.4.2 onwards) is enabled in '[[Privacy|Privacy settings]]' in the Site administration, when a new user clicks the 'Create new account' button, they will be prompted to enter their age and country. If the user's age is lower than the age of consent for their country, they will see a message prompting them to ask their parent/guardian to contact the support contact (as specified in 'Support contact' in the Site administration).
If [[Email-based self-registration]] is enabled on the site, new users will be required to give their consent to all policies before proceeding to the sign-up form. If digital age of consent verification is enabled in '[[Privacy|Privacy settings]]' in the Site administration, when a new user clicks the 'Create new account' button, they will be prompted to enter their age and country. If the user's age is lower than the age of consent for their country, they will see a message prompting them to ask their parent/guardian to contact the support contact (as specified in 'Support contact' in the Site administration).


==Policies for guests==
==Policies for guests==
[[File:policies modal window.png|thumb|Policies for guests modal window]]
[[File:policies modal window.png|thumb|Policies for guests modal window]]
If a user logs in as a [[Guest access|guest]], a modal window will be shown at the bottom of the user's browser window with links to all policies defined either for guests or for all users.
If a user browses to the site or logs in as a [[Guest access|guest]], a modal window will be shown at the bottom of the user's browser window with links to all policies defined either for guests or for all users.


==Minors==
==Minors==
Line 101: Line 105:
* Download table data
* Download table data


For example, you can obtain the list of minors by filtering by 'Permission: Can not agree', then give consent to policies on their behalf.
User agreements for a particular policy may also be viewed via the 'Manage policies' page by clicking the link in the Agreements column.
 
==Giving consent on behalf of other users==
 
An admin or any user with the capability [[Capabilities/tool/policy:acceptbehalf|Agree to the policies on someone else's behalf]] can give consent on behalf of minors or when a written consent was obtained offline.
 
===Giving consent on behalf of multiple users===
[[File:Record of consents.png|thumb|Record of consents with remarks]]
Users with capability [[Capabilities/tool/policy:acceptbehalf|Agree to the policies on someone else's behalf]] in the system context, such as managers, can give consent on behalf of multiple users as follows:
 
# Go to 'User agreements' in the Site administration.
# If necessary, filter by 'Permission: Can not agree'.
# To give consent for multiple policies, tick the box next to selected users' names then click the consent button.
# To give consent for a single policy, click the red cross next to the user's name.
 
When giving consent on behalf of other users, there is an opportunity to add some remarks. Clicking on the link in the Overall column gives an overview with details of who gave consent and when, together with any remarks.
 
It's not yet possible to give consent in bulk, however a workaround would be to install and use a browser extension for checking all checkboxes on the page.
 
===Giving consent on behalf of a child===
 
A parent or guardian may be allowed to give consent on behalf of their child by giving them the capability [[Capabilities/tool/policy:acceptbehalf|Agree to the policies on someone else's behalf]] in the user context. See the [[Parent role]] for details of how to create the role and assign a parent to a student. The parent or guardian will then be able to give consent as follows:


User agreements for a particular policy may also be viewed via the 'Manage policies' page by clicking the link in the Agreements column.
# Go to the child's profile page.
# Click the link 'Policies and agreements'.
# Click the red cross next to the policy name.


==Capabilities==
==Capabilities==
Line 109: Line 136:
* [[Capabilities/tool/policy:accept|Agree to policies]] - allowed for authenticated user role
* [[Capabilities/tool/policy:accept|Agree to policies]] - allowed for authenticated user role
* [[Capabilities/tool/policy:managedocs|Manage policies]] - allowed for default role of manager only
* [[Capabilities/tool/policy:managedocs|Manage policies]] - allowed for default role of manager only
* [[Capabilities/tool/policy:manageprivacy|Manage privacy settings]] - allowed for default role of manager only
* [[Capabilities/tool/policy:viewacceptances|View user agreements reports]] - allowed for default role of manager only
* [[Capabilities/tool/policy:viewacceptances|View user agreements reports]] - allowed for default role of manager only
* [[Capabilities/tool/policy:acceptbehalf|Agree to policies on someone else's behalf]] - allowed for default role of manager only
* [[Capabilities/tool/policy:acceptbehalf|Agree to policies on someone else's behalf]] - allowed for default role of manager only
==See also==
* [[GDPR for administrators (Moodle 3.4.2+)]]


[[Category:Privacy]]
[[Category:Privacy]]


[[es:Plugin de políticas]]
[[es:Políticas]]
[[de:Richtlinien]]
[[fr:Plugin Policies]]

Latest revision as of 16:37, 28 May 2023

The policies tool provides a new user sign-on process, with ability to define multiple policies (site, privacy, third party), track user consents, and manage updates and versioning of the policies.

The policies tool forms part of Moodle's privacy feature set assisting sites to become GDPR compliant.

Site policy handler

The Site policy handler in Site administration / Users / Privacy and policy / Policy settings determines how policies and user consents are managed. The default (core) handler enables a site policy URL and a site policy URL for guests to be specified. The policies handler enables site, privacy and other policies to be set. It also enables user consents to be viewed and, if necessary, consent on behalf of minors to be given.

Default (core) handler

When the site policy handler is set to 'Default (core)', a site policy may be set by entering the URL in 'Policy settings'. The URL can point to any type of file anywhere online that can be accessed without a log in to your Moodle site.

  • The site policy will be displayed in a frame. You can view it via the URL yourmoodlesite.org/user/policy.php.
  • If Email-based self-registration is enabled on the site, a link to the site policy is displayed on the signup page.
  • When a site policy URL is set, all users will be required to agree to it when they next log in before accessing the rest of the site.
  • A site policy for guests may also be enabled. Guest users will need to agree to it before accessing a course with Guest access enabled.
  • It is not recommended that a page resource is used as a site policy, since the site header will be repeated in the iframe (see MDL-30486).
  • It is recommended that the site policy is on the same domain as Moodle to avoid the problem of Internet Explorer users seeing a blank screen when the site policy is on a different domain.

Policies (tool_policy) handler

When the site policy handler is set to 'Policies (tool_policy)', two new pages appear in 'Privacy and policies' - 'Manage policies' and 'User agreements'. The remainder of this page describes the policies tool.

Note that when 'Policies (tool_policy)' is set as the site policy handler, the settings 'Site policy' and 'Site policy for guests' are ignored.

Adding and managing policies

Policies and agreements

An admin or any user with the Manage policies capability (by default manager) can access the page 'Manage policies' in the Site administration and:

  • Add a new site / privacy / third parties / other policy for all users, authenticated users or guests
  • Change the active / inactive status of each policy
  • View the number and percentage of users who have agreed to each policy
  • Edit a policy and specify whether it is a minor change (not requiring users to reconfirm their consent) or not
  • View the current version of each policy and also previous versions
  • Change the order in which policies are shown to users

To add a new policy:

  1. Go to 'Manage policies' in the Site administration.
  2. Click the button 'New policy'
  3. Complete the form and save changes.

Note that once created, a policy can be edited, or set to inactive, but if users have agreed to it, it can't be deleted.

The policy type (site / privacy / third parties) is only displayed at the 'Policies' page linked on the footer and the behaviour is the same for all the policy types.

Giving consent to policies

Giving consent to policies

All users (with the exception of admins) will be required to give their consent to all policies defined either for “Authenticated users” or for “All users” before proceeding further on the site.

If a new policy is added, all users will be required to give their consent when they next log in. Similarly, if an existing policy is edited and is not marked as a minor change, all users will be required to give their consent when they next log in.

If Email-based self-registration is enabled on the site, new users will be required to give their consent to all policies before proceeding to the sign-up form. If digital age of consent verification is enabled in 'Privacy settings' in the Site administration, when a new user clicks the 'Create new account' button, they will be prompted to enter their age and country. If the user's age is lower than the age of consent for their country, they will see a message prompting them to ask their parent/guardian to contact the support contact (as specified in 'Support contact' in the Site administration).

Policies for guests

Policies for guests modal window

If a user browses to the site or logs in as a guest, a modal window will be shown at the bottom of the user's browser window with links to all policies defined either for guests or for all users.

Minors

Minor prevented from proceeding further on the site

Users who are younger than the age of digital consent, called 'minors', may be prevented from giving their consent by prohibiting the capability Agree to policies. They will then be prevented from proceeding further on the site until someone can give consent on their behalf.

Sites with minors as the majority of users

To prohibit users from agreeing to policies because they are a minor:

  1. Go to 'Define roles' in the Site administration.
  2. Edit the role of authenticated user and set Agree to policies to prohibit.
  3. Save changes.

To enable teachers and other users who are not minors to agree to policies:

  1. Go to 'Define roles' in the Site administration.
  2. Click the button 'Add a new role'.
  3. Give the role a name such as 'Able to give consent', short name and description.
  4. For context types where this role may be assigned, tick system.
  5. Enter policy in the filter box, then allow the capability Agree to policies.
  6. Click the button 'Create this role'.
  7. Go to 'Assign system roles' in the Site administration.
  8. Choose the 'Able to give consent' role to assign.
  9. Select teachers and other users in the Potential users list, and use the left-facing arrow button to add them to the Existing users list.

Sites with only a few minors

To prohibit users from agreeing to policies because they are a minor:

  1. Go to 'Define roles' in the Site administration.
  2. Click the button 'Add a new role'.
  3. Give the role a name such as 'Digital minor', short name and description.
  4. For context types where this role may be assigned, tick system.
  5. Enter policy in the filter box, then prohibit the capability Agree to policies.
  6. Click the button 'Create this role'.
  7. Go to 'Assign system roles' in the Site administration.
  8. Choose the 'Digital minor' role to assign.
  9. Select minors in the Potential users list, and use the left-facing arrow button to add them to the Existing users list.

User agreements

User agreements filtered to show minors

An admin or any user with the View user agreements reports capability (by default manager) can access the page 'User agreements' in the Site administration and:

  • View user consents
  • Filter by policy, permission, status or role
  • Give consent on behalf of minors
  • Download table data

User agreements for a particular policy may also be viewed via the 'Manage policies' page by clicking the link in the Agreements column.

Giving consent on behalf of other users

An admin or any user with the capability Agree to the policies on someone else's behalf can give consent on behalf of minors or when a written consent was obtained offline.

Giving consent on behalf of multiple users

Record of consents with remarks

Users with capability Agree to the policies on someone else's behalf in the system context, such as managers, can give consent on behalf of multiple users as follows:

  1. Go to 'User agreements' in the Site administration.
  2. If necessary, filter by 'Permission: Can not agree'.
  3. To give consent for multiple policies, tick the box next to selected users' names then click the consent button.
  4. To give consent for a single policy, click the red cross next to the user's name.

When giving consent on behalf of other users, there is an opportunity to add some remarks. Clicking on the link in the Overall column gives an overview with details of who gave consent and when, together with any remarks.

It's not yet possible to give consent in bulk, however a workaround would be to install and use a browser extension for checking all checkboxes on the page.

Giving consent on behalf of a child

A parent or guardian may be allowed to give consent on behalf of their child by giving them the capability Agree to the policies on someone else's behalf in the user context. See the Parent role for details of how to create the role and assign a parent to a student. The parent or guardian will then be able to give consent as follows:

  1. Go to the child's profile page.
  2. Click the link 'Policies and agreements'.
  3. Click the red cross next to the policy name.

Capabilities