<!-- 
RSS generated by JIRA (9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b) at Mon Feb 12 10:30:54 CET 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>Magnolia - Issue tracker</title>
    <link>https://jira.magnolia-cms.com</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-uk</language>    <build-info>
        <version>9.4.2</version>
        <build-number>940002</build-number>
        <build-date>19-01-2023</build-date>
    </build-info>


<item>
            <title>[MGNLPRIV-23] Disallow specifying email on the consent confirmation page</title>
                <link>https://jira.magnolia-cms.com/browse/MGNLPRIV-23</link>
                <project id="14980" key="MGNLPRIV">Privacy</project>
                    <description>&lt;p&gt;On this page&lt;/p&gt;

&lt;p&gt;&lt;tt&gt;/travel/contact/confirmation&lt;/tt&gt;&lt;/p&gt;

&lt;p&gt;we should disallow specifying the email address to which the GDPR report will be sent.&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;The Report should be sent only to the user who is authorized to create, send and read the report, hence probably the one whose email is already registered in the system under one of the personalFields.&lt;/li&gt;
	&lt;li&gt;Cause if the user made a typo while entering &quot;his/her&quot; email, the report with all the personal data could potentially end up in somebody else&apos;s hands which is a big GDPR no no.&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;The page in the end should probably look only just like this:&lt;/p&gt;

&lt;p&gt;&lt;span class=&quot;image-wrap&quot; style=&quot;&quot;&gt;&lt;img src=&quot;https://jira.magnolia-cms.com/secure/attachment/44984/44984_image-2018-06-01-10-56-40-189.png&quot; height=&quot;234&quot; width=&quot;451&quot; style=&quot;border: 0px solid black&quot; /&gt;&lt;/span&gt;&lt;/p&gt;

&lt;p&gt;&lt;b&gt;A second sub-issue:&lt;/b&gt;&lt;/p&gt;

&lt;p&gt;The email which delivers the report could have &lt;tt&gt;&lt;b&gt;GDPR Report&lt;/b&gt;&lt;/tt&gt;&#160;in the subject line and the following text in the body:&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;
&lt;div class=&quot;preformatted panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;preformattedContent panelContent&quot;&gt;
&lt;pre&gt;Hello

Please find in the attachment a zipped GDPR report containing files with references to all your personal data used by the site.

Thank you
&lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;</description>
                <environment></environment>
        <key id="66740">MGNLPRIV-23</key>
            <summary>Disallow specifying email on the consent confirmation page</summary>
                <type id="5" iconUrl="https://jira.magnolia-cms.com/secure/viewavatar?size=xsmall&amp;avatarId=10896&amp;avatarType=issuetype">Sub-task</type>
                            <parent id="66690">MGNLPRIV-20</parent>
                                    <priority id="6" iconUrl="https://jira.magnolia-cms.com/images/icons/priorities/neutral.gif">Neutral</priority>
                        <status id="6" iconUrl="https://jira.magnolia-cms.com/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Obsolete</resolution>
                                        <assignee username="-1">Unassigned</assignee>
                                    <reporter username="mdrapela">Martin Dr&#225;pela</reporter>
                        <labels>
                    </labels>
                <created>Fri, 1 Jun 2018 11:03:19 +0200</created>
                <updated>Fri, 15 Jun 2018 10:27:36 +0200</updated>
                            <resolved>Fri, 15 Jun 2018 10:27:36 +0200</resolved>
                                                                        <due></due>
                            <votes>0</votes>
                                    <watches>1</watches>
                                                                                                                <comments>
                            <comment id="161544" author="rkovarik" created="Fri, 1 Jun 2018 14:07:54 +0200"  >&lt;blockquote&gt;&lt;p&gt;The Report should be sent only to the user who is authorized to create, send and read the report&lt;/p&gt;&lt;/blockquote&gt;
&lt;p&gt;The report is send only to the visitor clicking the button. You would need to know the visitor ID (which is stored in visitor browser or email, so you&apos;d need an access to his computer), to get his data.&lt;/p&gt;
&lt;blockquote&gt;&lt;p&gt;Cause if the user made a typo while entering &quot;his/her&quot; email.&lt;/p&gt;&lt;/blockquote&gt;
&lt;p&gt;Visitor can always expose his own data in different ways, but that&apos;s not a problem of the data processor.&lt;br/&gt;
 Moreover there is no &quot;proper&quot; way to get the visitor email, visitor can have multiple records with different emails or no email at all.&lt;/p&gt;

&lt;p&gt;In reality, you can execute multiple confirmation levels (phone/email/post office &lt;img class=&quot;emoticon&quot; src=&quot;https://jira.magnolia-cms.com/images/icons/emoticons/biggrin.png&quot; height=&quot;16&quot; width=&quot;16&quot; align=&quot;absmiddle&quot; alt=&quot;&quot; border=&quot;0&quot;/&gt;) before providing the data, but that would be hard to demo.&lt;/p&gt;</comment>
                            <comment id="161555" author="mdrapela" created="Fri, 1 Jun 2018 15:03:41 +0200"  >&lt;p&gt;If we leave the mail address input field, could we attach to it a processor that would make sure that the report is sent only when the email entered in the field is found in the database and the visitorID is the same for both (in simple terms):&lt;/p&gt;

&lt;p&gt;createdReport(visitorID)&lt;br/&gt;
 email(visitorID)&lt;/p&gt;

&lt;p&gt;?&lt;/p&gt;

&lt;p&gt;If somebody enters a wrong email, no send action will occur.&lt;/p&gt;

&lt;p&gt;(just a suggestion ... but this is what actually happens underneath when the form is being created and sent)&lt;/p&gt;</comment>
                            <comment id="162613" author="rkovarik" created="Fri, 15 Jun 2018 10:27:36 +0200"  >&lt;p&gt;Closing as obsolete, the email is now the visitor ID itself.&lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                            <attachment id="44984" name="image-2018-06-01-10-56-40-189.png" size="52230" author="mdrapela" created="Fri, 1 Jun 2018 10:56:52 +0200"/>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10111" key="com.atlassian.jira.toolkit:reporterdomain">
                        <customfieldname>Company</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>magnolia-cms.com</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10031" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Fri, 1 Jun 2018 14:07:54 +0200</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_12730" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_14151" key="com.atlassian.jira.toolkit:message">
                        <customfieldname>Docu info</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10061" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comm is not jira-dev</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>false</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10071" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last participant</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>ajones</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_13136" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            5 years, 35 weeks, 3 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10020" key="com.atlassian.jira.toolkit:attachments">
                        <customfieldname>Number of attachments</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10150" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname>Number of comments</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>3.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10011" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>mdrapela</customfieldvalue>
            <customfieldvalue>rkovarik</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10833" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|y00540:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10244" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10245" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="742">Kromeriz 151</customfieldvalue>
    <customfieldvalue id="752">Kromeriz 152</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14145" key="com.intenso.jira.issue-templates:issue-templates-customfield">
                        <customfieldname>Template</customfieldname>
                        <customfieldvalues>
                            


                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_15131" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Time in Discovery</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10032" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>