-
-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Question - GDPR compliance #2639
Comments
Thanks for asking. I will try to explain the process to the best of my ability. Basically upon login Authelia sets a single session matching cookie. This cookie has a randomly generated string which is unique per login. This cookie is used to match a user against a stored session which contains the users private details. The cookie is not used to track users activity, just to ascertain which restricted areas of a site they are permitted to visit. As the cookie is used to access secure areas of a site and not for any auxiliary tracking purpose, the cookie is classified under the GDPR in the Strictly necessary cookies section, which makes it exempt from the consent rules. Potentially we could add something regardless, however it would be a lower priority since the way in which we use cookies complies with the GDPR already I believe. |
So there is probably no need for additional banner/popup with GDPR consent information. |
As long as my understanding of the GDPR is correct then yes (and I'm 99.9999% certain it is for consent, there may be some stipulation about disclosure which I'll check). I'll leave this open since it wouldn't be a bad idea to add something to the effect of a privacy statement anyway. Also in the event I'm mistaken about the GDPR it would be good to make very specific citations for future queries anyway. Also as a side note - my understanding of the GDPR should not be understood as legal advice naturally. |
Yes there is let me look into it exactly so I don't tell you wrong way |
Here is the official GDPR guidelines: https://gdpr.eu/cookies/ Looks like we should have clear information that we use cookies and what they do:
|
#4624 adds documentation here; https://www.authelia.com/privacy/#application #4625 will hopefully allow users affected by GDPR to add their own link to their own relevant GDPR required privacy policy (which we cannot provide as we do not know what they do with the information collected). |
@mdiyoda see https://63ba026f55bef70008339907--authelia-staging.netlify.app/configuration/miscellaneous/privacy-policy/ You can check it out with #4625 which uses the tag |
This allows users to customize a privacy policy URL at the bottom of the login view. Closes #2639
I was wondering if authelia comply with GDPR rules.
For example if I use authelia to hide my personal stuff, like grafana, prometheus etc. and use basic setup with 2FA authentication.
I can see that when i land on the authelia login page, thre are no cookies before login. Is there some other tracking i am not aware of ?
If yes, is it possible to add GDPR consent banner to the login page ?
Thanks in andvance for an answer :)
The text was updated successfully, but these errors were encountered: