OJS registration form: Add checkbox for "declaration of consent" about personal data

This is not exactly a question but our current workaround is not perfect. Thats why i post it in questions.

As we are located in Germany we had to create a so called “register of processing information” for our data protection officer because we store personal data of our users in OJS (especially the email, but also names, country,…). From our point of view there is no legislation that allows us to save the personal data that’s why we need to get the consent of the OJS-users (readers, authors, reviewer, editors,…) to store their personal data upon registration.

Therefore we implemented a mandatory checkbox into the registration form which links to a PDF-version of a “declaration of consent”. The user has to accept it before he can register.

You have to add the checkbox to the template in /lib/pkp/templates/frontend/pages/userRegister.tpl e.g. behind the recaptcha

<div class="datapolicy">
<label>
<input type="checkbox" name="einwilligung" id="einwilligung" required>{translate key="user.einwilligung"}
<span class="required"><font color="#FF4040">*</font></span>
<span class="pkp_screen_reader">{translate key="common.required"}</span>
</label>
</div>

You can name the defined translate key in the appropriate translation files including an URL to the PDF-file with the consent text.

In \lib\pkp\classes\user\form\RegistrationForm.inc.php you have to read the new element called “einwilligung” in our case

function readInputData() {
parent::readInputData();
$this->readUserVars(array(
...
'einwilligung',

And you have to check it (also in RegistrationForm.inc.php):

//Validation checks for this form
...
$this->addCheck(new FormValidator($this, 'einwilligung', 'required', 'user.profile.form.einwilligungRequired'));

The solution works fine for us. The mentioned files are for the default OJS theme. If you apply different themes it is possible that the button doesn’t show up. Then check the tpl-files of the theme.

I assume that this topic is only relevant for OJS service provider in the EU. Nonetheless it would be great to improve the workaround perhaps as optional parameter like the recaptcha that can be enabled if needed. And it also would be fine to store the consent in the database (which is required by legislation and/or EU-DSGVO, if i am not mistaken).

This is most likely part of this: Is OJS GDPR compliant?
As it is mentioned there, I am planning to make a general GDPR plugin that adds, among other things, the functionality you described. I am planning to do this without editing any core files, so it should work with any theme. But at the moment I am waiting for PKPs response and see what their results are and what they are maybe going to do with OJS to meet the requirements.

Hello @ajnyga,

OJS 3.0.2

Where can we look in git for those functionalities about GDPR? I know this subject is dense or confusing, but I’ve been looking throught the forum and git, and although we have the manual provided by pkp, I still find some issues or data very vague or misleading.

Thank you for your time,
Best regards

Hello,

Are these only for ojs 3.1?

Thank you again,
Best regards

With our site I basically wrote a site wide privacy policy document. The journals together with us (the maintainer of the OJS installation) are “joint controllers” as it is defined in GDPR.

With the registration and the login form I just added a new checkbox to the form and marked it as required.

These forms:

This code:
<input type="checkbox" name="consent" required> Yes, I agree to have my data collected and stored according to the <a href="privacy-policy.pdf" target="_blank">Policy Statement</a>.

In our case while we have multilingual journals I added a new translation string and use that, but with one locale you can of course just hard code.

These are changes I did just until 3.1.1.1 is released.