Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
GDPR Compliance #227
The General Data Protection Regulation (GDPR) came into effect on 25 May 2018, affecting all busineses handling europeans data (even if based outside EU).
I've noticed Mibew seems to be lacking some basic features for GDPR:
Well... I'm neither a lawyer, nor an EU-citizen, so I can be wrong. But I don't believe that this is really a big deal.
Mibew Messenger doesn't store any 'personal data' by default. It can ask a visitor to enter email at the pre-chat stage, but it's an option. So, one could just inform a visitor that by clicking on button 'start chat' he confirms the submission of his email for further usage. And, btw, there are no validation of the email.
Bulk erasement and export of logs by visitor's name is indeed missed. But that name is optional and non-unique. And that matters, because it is impossible to identify a person with it. Multiple visitors could make use of the same name. Maybe one could identify a person with a combination of email, ip and a name, but it's hard to tell.
Moreover, it is possible to make use of the appropriate plugin to not store logs at all (erase it immediately). As a kind of a temporary solution for people who scared of this initiative of the EU.
Maybe someday I'll create a plugin of two that will implement export / erasement of logs, but at the moment it's definitely not a primary goal for me. Though, one could send a pull request. ;)
But at the moment there is no need to edit the code to inform a visitor. One just have to alter the localization constant "
And if one want to change the look and feel of the pre-chat survey (i.e. use a link there), it can be done by creation of a custom theme. Without any code changes too.
Don't get me wrong, I realize a potential legal risk related to possible misinterpretation of GDPR. But I believe that Mibew Messenger is just a tool for a site, not a stand alone product. So it should not have its own policy that is somehow different from the policy of the site which a visitor of the site should explicitly accept...